Refreshing a context variable errors if the context is removed

[RomainBillot]

Hi 👋 ,

I had a context test, which had one variable password. This context AND the variable were created from terraform.

Later on, I wanted to create the context outside of terraform. It ends up the state looking for a non-existant context_id (even if the name were the same).
In fact, I switched from a resource to a data because the context is finally created outside from terraform.

I had a weird error You don't have permission to list environment variables in this context, but the real underlying error was like if the context_id didn't exist anymore.

Can we make the state refreshing only rely on context name and not on somewhat id?

Workaround: I had to make a terraform state rm circleci_context_environment_variable.password because this variable state refresh failed before.

[bendrucker]

Your suggestion breaks with provider guidelines, IDs should be used wherever available over ambiguous identifiers like names. Terraform resources should not have implicit name matching behavior. Existing resources should be import-ed by ID as needed.

However, it does seem like there's a behavioral change needed here. If the parent context is gone, a variable should be removed from state entirely.

[bendrucker]

Couple of small issues were present leading to this bug, see #67.

As for the fact that the returned error is "you don't have permission" rather than "context not found," that's because Circle has mis-implemented this. Applications should generally return 404 when the user doesn't have access to a resource to avoid disclosing its existence. Instead Circle returns a 403, always. #67 adds that to the HTTP client so that 403 is treated as an expected error.