Closed Bjego closed 3 days ago
@Bjego does azuredevops_securityrole_assignment cover your requirements.
@xuzhang3 yes, I figured it out. Here is the solution:
resource "azuredevops_securityrole_assignment" "serviceconnection-user" {
scope = "distributedtask.serviceendpointrole"
resource_id = azuredevops_project.project.id
identity_id = data.azuredevops_group.contributors.origin_id
role_name = "User"
}
Community Note
Description
Hey, we are creating and sharing several serviceconnections across the organisation. This works pretty well with the terraform provider. But unfortunally we can't change the Endpoint Readers via Terraform
New or Affected Resource(s)
A permission block in all the serviceconnection objects, where we can manipulate the rights of every serviceconnection, or an service connection permission object which links one or more azure devops group entitlements to a service connection by id.
Potential Terraform Configuration
References
I think the webapi can handle this, as Create and Update have the parameter "readersGroup"
https://learn.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/update-service-endpoint?view=azure-devops-rest-7.0&tabs=HTTP
https://learn.microsoft.com/en-us/rest/api/azure/devops/serviceendpoint/endpoints/create?view=azure-devops-rest-7.0&tabs=HTTP
0000