Data source for groups

[roryprimrose]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

There is a data source for referencing existing users but not existing groups. The only data source is for referencing a single group which throws an exception if the group is not found.

I am using json data to refer to users and groups from which I want to configure things like permissions. This currently is difficult because there is no clean way to find matches between json data and groups.

New or Affected Resource(s)

New: data azuredevops_groups

Potential Terraform Configuration

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key.

References

• #0000

[roryprimrose]

My current workaround is to use a local that is built by json configuration (members) that do not appear to be a user (no @ character found). I then use that local data set to load each group using data azuredevops_group. The difference between this and data azuredevops_users is that this throws an exception resulting in a hard fail if a group isn't found. By comparison if users are not found then they are just skipped over.

resource "azuredevops_group" "groups" {
  for_each     = { for group in local.groups : group.key => group }
  display_name = each.value.name
  description  = each.value.description
}

locals {
  groupMembers = flatten(
    [
      for group in local.groups :
      [
        for member in group.members :
        {
          group  = group
          member = member
        }
        if(length(regexall("@", member)) == 0)
      ]
  ])
}

data "azuredevops_group" "group_members" {
  for_each = { for item in local.groupMembers : format("%s|%s", item.group.key, item.member) => item.member }
  name     = each.value
}

resource "azuredevops_group_membership" "membership" {
  for_each = { for item in local.groups : item.key => item }
  group    = azuredevops_group.groups[each.key].descriptor
  mode     = "overwrite"
  members = flatten(
    concat(
      [
        for user in data.azuredevops_users.all_users.users :
        [
          for member in each.value.members : user.descriptor if lower(user.principal_name) == lower(member)
        ]
      ],
      [
        for group in data.azuredevops_group.group_members :
        [
          for member in each.value.members : group.descriptor if lower(group.name) == lower(member)
        ]
    ])
  )
}

[tmeckel]

@xuzhang3 this is a low hanging fruit and a feature what I wanted to implement for a long time. I've some code prepared already for this. I'll file a pull request for this till the end of the week.