Pipeline >> Environments >> Security >> User Permissions

[garddolau]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

Please can you expose a way create and update User Permissions for Environments.

New or Affected Resource(s)

Pipeline >> Environments >> Security >> User Permissions

• azuredevops_environment_permissions

Potential Terraform Configuration

resource "azuredevops_environment_permissions" "example_permissions" {
  project_id     = azuredevops_project.example.id
  environment_id = azuredevops_environment.example.id
  user_id        = data.azuredevops_group.project_administrators.origin_id
  role_name      = "Administrator"
}

Current restapi_object workaround

resource "restapi_object" "example" {
  path          = "/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/${data.azuredevops_project.data_project.id}_${azuredevops_environment.example.id}/${data.azuredevops_group.project_administrators.origin_id}"
  object_id     = azuredevops_environment.example.id
  create_method = "PUT"

  data = jsonencode({
    roleName = "Administrator"
    userId   = data.azuredevops_group.project_administrators.origin_id
  })
}

References

• 0000

[alexanderlinne]

Would be great if a potential azuredevops_environment_permissions Resource would not use the role name, but be implemented similar to azuredevops_library_permissions, i.e. be able to set the actual access control entries. I think setting the Role is now already supported through azuredevops_securityrole_assignment.