azuredevops_securityrole_assignment is getting timedout on the first terraform apply but successful on second run

[sravya09011995]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

• azuredevops_securityrole_assignment

Terraform Configuration Files

resource "azuredevops_securityrole_assignment" "library" {
  count       = var.new_project ? 1 : 0
  scope       = "distributedtask.library"
  resource_id = format("%s$0", azuredevops_project.main[0].id)
  identity_id = data.azuredevops_team.main.id
  role_name   = "Administrator"
}

Debug Output

##[error]Terraform command 'apply' failed with exit code '1'.
##[error]╷
│ Error: timeout while waiting for state to become 'succeed, failed' (last state: 'syncing', timeout: 10m0s)
│
│ with module.azure-devops.azuredevops_securityrole_assignment.library[0],
│ on modules/adoproject/main.tf line 117, in resource "azuredevops_securityrole_assignment" "library":
│ 117: resource "azuredevops_securityrole_assignment" "library" {

Currently its getting timeout after 1.6 release on the first terraform apply. On the Second run of terraform apply , its getting created.

Panic Output

Expected Behavior

terraform apply should be successful on the first run

Actual Behavior

Steps to Reproduce

1. terraform apply

Important Factoids

References

#1236
#1255

• #0000

[sravya09011995]

Introducing a delay to ensure the project is fully created before assigning library permissions.
azuredevops_library_permissions does not reflect changes on the first run. Changes are visible after the second Terraform apply.
Adding a 1-minute delay after project creation resolves the issue and ensures the library permissions are applied correctly.

resource "time_sleep" "wait_1_minute" {
  count           = var.new_project ? 1 : 0
  depends_on      = [azuredevops_project.main]
  create_duration = "1m"
}

/*
  Assign security role assignments at the library level.
*/
resource "azuredevops_library_permissions" "main" {
  depends_on = [time_sleep.wait_1_minute]
  project_id = azuredevops_project.main[0].id
  principal  = data.azuredevops_team.main.descriptor
  permissions = {
    "View"       : "allow",
    "Administer" : "allow",
    "Use"        : "allow",
  }
}

[xuzhang3]

@sravya09011995 Does this timeout happen 100% or does it happen randomly?

[sravya09011995]

@xuzhang3 even after introducing timeout its not working, i.e on first run it fails to reflect the changes. On second terraform apply changes are getting applied.

[xuzhang3]

@sravya09011995 I'm cannot reproduce and do not encounter this issue in our test cases. So one potential reason that comes to my mind is that the request keeps hitting the cache causing the timeout and the second time the request misses the cache so it works :(

[xuzhang3]

Cannot reproduce. The timeout issue I experience recently is when I running multiple tests at the same time and some tests will timeout. If I reduce concurrency or run them serially, all tests pass as expected, it seems that the service queues the requests and processes them sequentially. API throttle 🤔?

[xuzhang3]

@sravya09011995 Update from service side, they do add the API throttle recently which will queue the requests. Therefore, you should reduce the module concurrency or customize timeout to wait more time.