azuredevops_variable_group_permissions

Manages permissions for a Variable Group

Example Usage

resource "azuredevops_project" "project" {
  name               = "Testing"
  description        = "Testing-description"
  visibility         = "private"
  version_control    = "Git"
  work_item_template = "Agile"
}

resource "azuredevops_variable_group" "example" {
  project_id   = azuredevops_project.project.id
  name         = "test"
  description  = "Test Description"
  allow_access = true

  variable {
    name  = "key1"
    value = "val1"
  }
}

data "azuredevops_group" "tf-project-readers" {
  project_id = azuredevops_project.project.id
  name       = "Readers"
}

resource "azuredevops_variable_group_permissions" "permissions" {
  project_id        = azuredevops_project.project.id
  variable_group_id = azuredevops_variable_group.example.id
  principal         = data.azuredevops_group.tf-project-readers.id
  permissions = {
    "View" : "allow",
    "Administer" : "allow",
    "Use" : "allow",
  }
}

Roles

The Azure DevOps UI uses roles to assign permissions for variable groups.

Role Allow Permissions
Reader View
User View, Use
Administrator View, Use, Administer

Argument Reference

The following arguments are supported:

Permission Description
View View library item
Administer Administer library item
Create Create library item
ViewSecrets View library item secrets
Use Use library item
Owner Owner library item

Import

The resource does not support import.

PAT Permissions Required