Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tagging permissions #510

Merged
merged 4 commits into from
Jan 4, 2022
Merged

Add tagging permissions #510

merged 4 commits into from
Jan 4, 2022

Conversation

martenvd
Copy link
Contributor

@martenvd martenvd commented Jan 3, 2022
edited
Loading

All Submissions:

  • Have you added an explanation of what your changes do and why you'd like us to include them?
  • I have updated the documentation accordingly.
  • I have added tests to cover my changes.
  • All new and existing tests passed.
  • My code follows the code style of this project.
  • I ran lint checks locally prior to submission.
  • Have you checked to ensure there aren't other open PRs for the same update/change?

Explanation of the changes

My team is currently working on getting all our Azure DevOps permissions in code. This is one of the last permissions that we still only implement with Powershell rather than Terraform. I would love to have all our permissions in Terraform.

What about the current behavior has changed?

Implementing the security permissions for the tagging feature in Azure DevOps.

Does this introduce a change to go.mod, go.sum or vendor/?

  • Yes
  • No

Does this introduce a breaking change?

  • Yes
  • No

@martenvd martenvd changed the title Tag management permissions Tagging permissions Jan 3, 2022
tmeckel
tmeckel suggested changes Jan 3, 2022
View reviewed changes
azuredevops/internal/service/permissions/resource_tagging_permissions.go Outdated
"project_id": {
Type: schema.TypeString,
ValidateFunc: validation.IsUUID,
Required: true,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be optional to set global (organization wide) permissions for Tagging

azuredevops/internal/service/permissions/resource_tagging_permissions.go Outdated
func createTaggingToken(d *schema.ResourceData, clients *client.AggregatedClient) (string, error) {
projectID, ok := d.GetOk("project_id")
if !ok {
return "ProjectID", nil
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If project_id is not specified return an empty string "" as token.

website/docs/r/tagging_permissions.html.markdown Outdated

The following arguments are supported:

* `project_id` - (Required) The ID of the project to assign the permissions.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

optional: if not set, organization wide permissions for tagging are managed.

website/docs/r/tagging_permissions.html.markdown Outdated

## Permission levels

Permissions for tagging within Azure DevOps can be applied only on Project level.
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can be applied on a specific project and globally on the organization

@martenvd
Copy link
Contributor Author

martenvd commented Jan 3, 2022

@tmeckel Thank you for the comments, I have resolved them 😃

@martenvd martenvd changed the title Tagging permissions Add tagging permissions Jan 3, 2022
xuzhang3
xuzhang3 requested changes Jan 4, 2022
View reviewed changes
azuredevops/internal/acceptancetests/resource_tagging_permissions_test.go Outdated
Comment on lines 60 to 63
resource.TestCheckResourceAttr(tfNodeRoot, "permissions.ViewSubscriptions", "deny"),
resource.TestCheckResourceAttr(tfNodeRoot, "permissions.EditSubscriptions", "notset"),
resource.TestCheckResourceAttr(tfNodeRoot, "permissions.DeleteSubscriptions", "deny"),
resource.TestCheckResourceAttr(tfNodeRoot, "permissions.PublishEvents", "deny"),
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Test check does not map the HCl configures above.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@xuzhang3 thank you for reviewing, forgot this copy paste error, but resolved it now.

@xuzhang3
Copy link
Collaborator

xuzhang3 commented Jan 4, 2022 

=== RUN   TestAccTaggingPermissions_SetPermissions
=== PAUSE TestAccTaggingPermissions_SetPermissions
=== RUN   TestAccTaggingPermissions_UpdatePermissions
=== PAUSE TestAccTaggingPermissions_UpdatePermissions
=== CONT  TestAccTaggingPermissions_SetPermissions
=== CONT  TestAccTaggingPermissions_UpdatePermissions
--- PASS: TestAccTaggingPermissions_UpdatePermissions (108.03s)
--- PASS: TestAccTaggingPermissions_SetPermissions (127.20s)
PASS

@xuzhang3
Copy link
Collaborator

xuzhang3 commented Jan 4, 2022

LGTM

@xuzhang3 xuzhang3 merged commit 43b4b3f into microsoft:main Jan 4, 2022
@martenvd martenvd deleted the tag-management-permissions branch January 4, 2022 08:23
@RodrigoGroener
Copy link

RodrigoGroener commented Jan 17, 2022
edited
Loading

I've been waiting for the tagging permissions. Thank you for your contribution! When will be the next release of the provider including this feature?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tmeckel tmeckel tmeckel requested changes

@xuzhang3 xuzhang3 xuzhang3 requested changes

Assignees
No one assigned
Labels
new-resource
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@martenvd @xuzhang3 @RodrigoGroener @tmeckel