microsoft / terraform-provider-azuredevops

Terraform Azure DevOps provider
https://www.terraform.io/docs/providers/azuredevops/
MIT License
385 stars 275 forks source link

Pipeline >> Environments >> Security >> User Permissions #803

Open garddolau opened 1 year ago

garddolau commented 1 year ago

Community Note

Description

Please can you expose a way create and update User Permissions for Environments.

New or Affected Resource(s)

Pipeline >> Environments >> Security >> User Permissions

Potential Terraform Configuration

resource "azuredevops_environment_permissions" "example_permissions" {
  project_id     = azuredevops_project.example.id
  environment_id = azuredevops_environment.example.id
  user_id        = data.azuredevops_group.project_administrators.origin_id
  role_name      = "Administrator"
}

Current restapi_object workaround

resource "restapi_object" "example" {
  path          = "/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/${data.azuredevops_project.data_project.id}_${azuredevops_environment.example.id}/${data.azuredevops_group.project_administrators.origin_id}"
  object_id     = azuredevops_environment.example.id
  create_method = "PUT"

  data = jsonencode({
    roleName = "Administrator"
    userId   = data.azuredevops_group.project_administrators.origin_id
  })
}

References

alexanderlinne commented 1 month ago

Would be great if a potential azuredevops_environment_permissions Resource would not use the role name, but be implemented similar to azuredevops_library_permissions, i.e. be able to set the actual access control entries. I think setting the Role is now already supported through azuredevops_securityrole_assignment.