azuredevops_pipeline_authorization - Add retry for pipeline authorization

azuredevops/internal/service/build/resource_pipeline_authorization.go

@@ -3,7 +3,9 @@ package build
 import (
 	"fmt"
 	"strings"
+	"time"
 
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
 	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/validation"
 	"github.com/microsoft/azure-devops-go-api/azuredevops/v7/pipelinepermissions"
@@ -16,7 +18,12 @@ func ResourcePipelineAuthorization() *schema.Resource {
 		Create: resourcePipelineAuthorizationCreateUpdate,
 		Read:   resourcePipelineAuthorizationRead,
 		Delete: resourcePipelineAuthorizationDelete,
-
+		Timeouts: &schema.ResourceTimeout{
+			Create: schema.DefaultTimeout(2 * time.Minute),
+			Read:   schema.DefaultTimeout(1 * time.Minute),
+			Update: schema.DefaultTimeout(2 * time.Minute),
+			Delete: schema.DefaultTimeout(2 * time.Minute),
+		},
 		Schema: map[string]*schema.Schema{
 			"project_id": {
 				Type:     schema.TypeString,
@@ -82,6 +89,22 @@ func resourcePipelineAuthorizationCreateUpdate(d *schema.ResourceData, m interfa
 	if err != nil {
 		return fmt.Errorf(" creating authorized resource: %+v", err)
 	}
+
+	// ensure authorization is complete
+	stateConf := &resource.StateChangeConf{
+		ContinuousTargetOccurence: 1,
+		Delay:                     5 * time.Second,
+		MinTimeout:                10 * time.Second,
+		Pending:                   []string{"waiting"},
+		Target:                    []string{"succeed", "failed"},
+		Refresh:                   checkPipelineAuthorization(clients, d, pipePermissionParams),
+		Timeout:                   d.Timeout(schema.TimeoutCreate),
+	}
+
+	if _, err := stateConf.WaitForStateContext(clients.Ctx); err != nil {
+		return fmt.Errorf(" waiting for pipeline authorization ready. %v ", err)
+	}
+
 	d.SetId(*response.Resource.Id)
 
 	return resourcePipelineAuthorizationRead(d, m)
@@ -175,3 +198,56 @@ func resourcePipelineAuthorizationDelete(d *schema.ResourceData, m interface{})
 
 	return nil
 }
+
+func checkPipelineAuthorization(clients *client.AggregatedClient, d *schema.ResourceData, params pipelinepermissions.UpdatePipelinePermisionsForResourceArgs) resource.StateRefreshFunc {
+	return func() (interface{}, string, error) {
+		projectId := d.Get("project_id").(string)
+		resourceType := d.Get("type").(string)
+		resourceId := d.Get("resource_id").(string)
+
+		if strings.EqualFold(resourceType, "repository") {
+			resourceId = projectId + "." + resourceId
+		}
+
+		resp, err := clients.PipelinePermissionsClient.GetPipelinePermissionsForResource(clients.Ctx,
+			pipelinepermissions.GetPipelinePermissionsForResourceArgs{
+				Project:      &projectId,
+				ResourceType: &resourceType,
+				ResourceId:   &resourceId,
+			},
+		)
+		if err != nil {
+			return nil, "failed", err
+		}
+
+		// check pipeline authorization if pipeline_id exist
+		if pipeId, ok := d.GetOk("pipeline_id"); ok {
+			if resp.Pipelines != nil && len(*resp.Pipelines) > 0 {
+				for _, pipe := range *resp.Pipelines {
+					if *pipe.Id == pipeId.(int) {
+						return resp, "succeed", err
+					}
+				}
+				// reapply for authorization
+				resp, err = clients.PipelinePermissionsClient.UpdatePipelinePermisionsForResource(
+					clients.Ctx,
+					params,
+				)
+				return nil, "waiting", err
+			}
+		} else {
+			// check all pipeline authorization
+			if resp.AllPipelines != nil && resp.AllPipelines.Authorized != nil && *resp.AllPipelines.Authorized {
+				return resp, "succeed", err
+			}
+			// reapply for authorization
+			resp, err = clients.PipelinePermissionsClient.UpdatePipelinePermisionsForResource(
+				clients.Ctx,
+				params,
+			)
+			return nil, "waiting", err
+		}
+
+		return resp, "succeed", nil
+	}
+}