b-per
commented
2 months ago Thanks for raising this issue!
This is not the first time I hear similar feedback 😄 (this is quite similar to https://github.com/dbt-labs/terraform-provider-dbtcloud/issues/208 for example)
It is overall related to some of the dbt Cloud APIs being project scoped (connections, envs, credentials, repositories etc...), and some being account scoped (notifications, groups, license types, webhooks)
When people have different Terraform projects, managing the same account-scoped config is not possible.
I have been thinking of solving it creating some new "partial" config resources (e.g. dbtcloud_partial_group_permission etc...) where different resources could be used to add/remove permissions to the same group (based on its name for example) ; but this will require some more complex logic in the provider (i.e. more development time and potential bugs not seen yet) rather than calling directly our APIS like for the other resources.
Is your feature request related to a problem? Please describe.
I find the current approach for assigning project permission sets to user groups very limiting. In my organization, we maintain several dbt Cloud project infrastructure for various teams and will continue to create new projects as business needs evolve.
Describe the solution you'd like
We would love to be able to assign a new project to a pre-existing group without having to worry about all the other pre-existing permission sets configured for that group. This makes evolution easier, as we don't need to be aware of pre-existing permission sets when we create more and more projects.
Describe alternatives you've considered
Maintain some complexity in our Terraform code where we keep track of teams at the outset and their various projects.
Additional context
N/A