microsoft / terraform-provider-azuredevops

Terraform Azure DevOps provider
https://www.terraform.io/docs/providers/azuredevops/
MIT License
386 stars 276 forks source link

Permission resources can assign to single user principals. #1135

Open Jaroslav24 opened 2 months ago

Jaroslav24 commented 2 months ago

Community Note

Terraform (and Azure DevOps Provider) Version

Affected Resource(s)

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp

Expected Behavior

Providers docs specify that "Permissions can be assigned to group principals and not to single user principals."

Actual Behavior

But in my testing it is possible to assign permissions to single user principals using their descriptor. I assigned some permissions to git repositories and build definitions to the Project Build Service account. After I run Terraform the permission changes are reflected in the AZ DevOps portal GUI.

I tried only the two mentioned permission resources and have not yet tested whether the permissions only visually appear to be set in the portal GUI or are really assign to the Project Build Service account and the account can use them when running pipelines. (I will update the post when I do test this)

I conclusion I would like to know whether the docs are incorrect/possibly obsolete and we can use this feature to assign permissions to single user principals or if this only seems to be working but there is some unwanted behavior when assigning to single user principals.

xuzhang3 commented 2 months ago

@Jaroslav24 As code and new features are continually added to these resources, this documentation may become out-of-date. Will check the features and documents