Manages permissions for Work Item Queries.
Permission for Work Item Queries within Azure DevOps can be applied on two different levels.
Those levels are reflected by specifying (or omitting) values for the arguments project_id
and path
.
Permissions for all Work Item Queries inside a project (existing or newly created ones) are specified, if only the argument project_id
has a value.
resource "azuredevops_project" "example" {
name = "Example Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
data "azuredevops_group" "example-readers" {
project_id = azuredevops_project.example.id
name = "Readers"
}
resource "azuredevops_workitemquery_permissions" "project-wiq-root-permissions" {
project_id = azuredevops_project.example.id
principal = data.azuredevops_group.example-readers.id
permissions = {
CreateRepository = "Deny"
DeleteRepository = "Deny"
RenameRepository = "NotSet"
}
}
Permissions for a specific folder inside Shared Queries are specified if the arguments project_id
and path
are set.
resource "azuredevops_project" "example" {
name = "Example Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
data "azuredevops_group" "example-readers" {
project_id = azuredevops_project.example.id
name = "Readers"
}
resource "azuredevops_workitemquery_permissions" "example-permissions" {
project_id = azuredevops_project.example.id
path = "/Team"
principal = data.azuredevops_group.example-readers.id
permissions = {
Contribute = "Allow"
Delete = "Deny"
Read = "NotSet"
}
}
resource "azuredevops_project" "example" {
name = "Example Project"
work_item_template = "Agile"
version_control = "Git"
visibility = "private"
description = "Managed by Terraform"
}
data "azuredevops_group" "example-readers" {
project_id = azuredevops_project.example.id
name = "Readers"
}
data "azuredevops_group" "example-contributors" {
project_id = azuredevops_project.example.id
name = "Contributors"
}
resource "azuredevops_workitemquery_permissions" "example-project-permissions" {
project_id = azuredevops_project.example.id
principal = data.azuredevops_group.example-readers.id
permissions = {
Read = "Allow"
Delete = "Deny"
Contribute = "Deny"
ManagePermissions = "Deny"
}
}
resource "azuredevops_workitemquery_permissions" "example-sharedqueries-permissions" {
project_id = azuredevops_project.example.id
path = "/"
principal = data.azuredevops_group.example-contributors.id
permissions = {
Read = "Allow"
Delete = "Deny"
}
}
The following arguments are supported:
project_id
- (Required) The ID of the project to assign the permissions.path
- (Optional) Path to a query or folder beneath Shared Queries
principal
- (Required) The group principal to assign the permissions.replace
- (Optional) Replace (true
) or merge (false
) the permissions. Default: true
permissions
- (Required) the permissions to assign. The following permissions are availablePermissions | Description |
---|---|
Read | Read |
Contribute | Contribute |
Delete | Delete |
ManagePermissions | Manage Permissions |
The resource does not support import.