azuredevops - Error for creating 'azuredevops_serviceendpoint_azurerm'

Terraform
1

Terraform (and Azure DevOps Provider) Version

terraform 1.9.0
azuredevops 1.3.0

Affected Resource(s)

azuredevops_serviceendpoint_azurerm

Terraform Configuration Files

------------------------MODULE----------------------------
resource “azuredevops_serviceendpoint_azurerm” “this” {
for_each = var.service_connection_params
project_id = each.value.project_id
service_endpoint_name = each.value.service_endpoint_name
azurerm_spn_tenantid = each.value.tenant_id
azurerm_subscription_id = each.value.subscription_id
azurerm_subscription_name = each.value.subscription_name
resource_group = each.value.resource_group
}

resource “azuredevops_resource_authorization” “this” {
for_each = var.service_connection_params
project_id = each.value.project_id
resource_id = azuredevops_serviceendpoint_azurerm.this[each.key].id
authorized = true
}

------------------------VARIABLES FILE--------------------
variable “service_connection_params” {
type = map(object({
project_id = string
service_endpoint_name = string
tenant_id = string
subscription_id = string
subscription_name = string
resource_group = string
}))
}

------------------------MODULE CALL-----------------------
module “service_connection” {
source = “…/”

service_connection_params = {
ado_service_connnection = {
project_id = data.azuredevops_project.teamproject.project_id
service_endpoint_name = “TEST_SC” #data.azurerm_resource_group.rg-devops-arm-poc.name
tenant_id = “88155c28-f750-4013-91d3”
subscription_id = “d4549b4e-03a6-4b02-a194”
subscription_name = “APPS_EU_POC”
resource_group = data.azurerm_resource_group.rg-devops-arm-poc.name
}
}
}

Debug Output

file attached
trace_logs.txt

Panic Output

n/a

Expected Behavior

Successfully create service connection

Actual Behavior

Error:

│ Error: waiting for service endpoint ready. Looking up service endpoint given ID (bffcc32d-d0a8-4915-abed-e146a7d81124) and project ID (4ff74780-9ca2-4de5-8711-086114d194bb): map[errorCode:1 severity: state:Failed statusMessage:Failed to create an app in Microsoft Entra. Error: Insufficient privileges to complete the operation in Microsoft Graph Ensure that the user has permissions to create a Microsoft Entra Application.]

error_ps
error_ps2552×264 18.3 KB

Steps to Reproduce

terraform apply the above code provided

  1. terraform apply

Important Factoids

n/a

References

n/a

  • #0000

Mentions:

The error is saying “Insufficient privileges to complete the operation in Microsoft Graph” - but the service principal used HAS the privileges to create service connections - this was separately tested in powershell for Microsoft Graph API.

Looking forward for any feedback, thanks!