Introduction
Azure DevOps can be used as a VCS connection in Terraform Enterprise. We have steps for building this integration which are available in the additional information section of this document. However, it is possible to encounter errors with this integration beyond what is outlined in the integration documentation. This is one example where Azure settings are interefering with Terraform’s ability to use the VCS connection.
Problem
After the Azure DevOps integration has been implemented, it is failing to create workspaces as expected. The error message on screen is: Failed to create webhook on repository: 400 Bad Request. This error can also be found when searching through the support bundle logs:
[DEBUG] Vcs::Connection::PermissionDenied: 400 Bad Request (code: 400, body: {"$id":"1","innerException":null,"message":"The user '[USER_ID/EMAIL]' does not have permission to edit a subscription.","typeName":"System.ArgumentException, mscorlib","typeKey":"ArgumentException","errorCode":0,"eventId":0})
Cause
This is a permissions error for the Azure user that is configured in your VCS integration.
Solution
If the User ID listed in the log error message is not an Owner in Azure, their permissions need to be upgraded to Administrator to allow for the integration to function.
Additional Information
Azure DevOps details: https://www.terraform.io/docs/cloud/vcs/azure-devops-services.html