Skip to content

Commit

Permalink
Merge pull request #973 from josh-barker/fix/pipeline-authorizaton-on…
Browse files Browse the repository at this point in the history
…-external-project-repo

fix: allow pipeline authorization across projects
  • Loading branch information
xuzhang3 authored Mar 19, 2024
2 parents 13f9a0f + 458bd22 commit 17a6c86
Show file tree
Hide file tree
Showing 3 changed files with 97 additions and 6 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,26 @@ func TestAccPipelineAuthorization_pipeline_repository(t *testing.T) {
})
}

func TestAccPipelineAuthorization_pipeline_cross_project_repository(t *testing.T) {
node := "azuredevops_pipeline_authorization.test"
resource.ParallelTest(t, resource.TestCase{
PreCheck: func() {
testutils.PreCheck(t, nil)
},
Providers: testutils.GetProviders(),
Steps: []resource.TestStep{
{
Config: hclPipelineAuthCrossProjectRepository(testutils.GenerateResourceName()),
Check: resource.ComposeTestCheckFunc(
resource.TestCheckResourceAttrSet(node, "project_id"),
resource.TestCheckResourceAttrSet(node, "pipeline_project_id"),
resource.TestCheckResourceAttrSet(node, "resource_id"),
),
},
},
})
}

func hclAllPipelineAuthQueue(name string) string {
return fmt.Sprintf(`
resource "azuredevops_project" "test" {
Expand Down Expand Up @@ -696,3 +716,53 @@ resource "azuredevops_pipeline_authorization" "test" {
}
`, name)
}

func hclPipelineAuthCrossProjectRepository(name string) string {
return fmt.Sprintf(`
resource "azuredevops_project" "test" {
name = "%[1]s"
visibility = "private"
version_control = "Git"
work_item_template = "Agile"
description = "Managed by Terraform"
}
resource "azuredevops_project" "remote_repo" {
name = "%[1]s2"
visibility = "private"
version_control = "Git"
work_item_template = "Agile"
description = "Managed by Terraform"
}
data "azuredevops_git_repository" "remote_repo" {
project_id = azuredevops_project.remote_repo.id
name = azuredevops_project.remote_repo.name
}
data "azuredevops_git_repository" "test" {
project_id = azuredevops_project.test.id
name = "%[1]s"
}
resource "azuredevops_build_definition" "test" {
project_id = azuredevops_project.test.id
name = "%[1]s"
repository {
repo_type = "TfsGit"
repo_id = data.azuredevops_git_repository.test.id
yml_path = "azure-pipelines.yml"
}
}
resource "azuredevops_pipeline_authorization" "test" {
project_id = azuredevops_project.remote_repo.id
resource_id = data.azuredevops_git_repository.remote_repo.id
type = "repository"
pipeline_id = azuredevops_build_definition.test.id
pipeline_project_id = azuredevops_project.test.id
}
`, name)
}
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,11 @@ func ResourcePipelineAuthorization() *schema.Resource {
Required: true,
ForceNew: true,
},
"pipeline_project_id": {
Type: schema.TypeString,
Optional: true,
ForceNew: true,
},
"resource_id": {
Type: schema.TypeString,
Required: true,
Expand All @@ -55,6 +60,11 @@ func ResourcePipelineAuthorization() *schema.Resource {
func resourcePipelineAuthorizationCreateUpdate(d *schema.ResourceData, m interface{}) error {
clients := m.(*client.AggregatedClient)
projectId := d.Get("project_id").(string)
pipelineProjectId := projectId
if d.Get("pipeline_project_id").(string) != "" {
pipelineProjectId = d.Get("pipeline_project_id").(string)
}

resType := d.Get("type").(string)
resId := d.Get("resource_id").(string)

Expand All @@ -63,7 +73,7 @@ func resourcePipelineAuthorizationCreateUpdate(d *schema.ResourceData, m interfa
}

pipePermissionParams := pipelinepermissions.UpdatePipelinePermisionsForResourceArgs{
Project: &projectId,
Project: &pipelineProjectId,
ResourceType: &resType,
ResourceId: &resId,
}
Expand Down Expand Up @@ -113,6 +123,11 @@ func resourcePipelineAuthorizationCreateUpdate(d *schema.ResourceData, m interfa
func resourcePipelineAuthorizationRead(d *schema.ResourceData, m interface{}) error {
clients := m.(*client.AggregatedClient)
projectId := d.Get("project_id").(string)
pipelineProjectId := projectId
if d.Get("pipeline_project_id").(string) != "" {
pipelineProjectId = d.Get("pipeline_project_id").(string)
}

resType := d.Get("type").(string)
resId := d.Get("resource_id").(string)

Expand All @@ -122,7 +137,7 @@ func resourcePipelineAuthorizationRead(d *schema.ResourceData, m interface{}) er

resp, err := clients.PipelinePermissionsClient.GetPipelinePermissionsForResource(clients.Ctx,
pipelinepermissions.GetPipelinePermissionsForResourceArgs{
Project: &projectId,
Project: &pipelineProjectId,
ResourceType: &resType,
ResourceId: &resId,
},
Expand Down Expand Up @@ -162,6 +177,11 @@ func resourcePipelineAuthorizationRead(d *schema.ResourceData, m interface{}) er
func resourcePipelineAuthorizationDelete(d *schema.ResourceData, m interface{}) error {
clients := m.(*client.AggregatedClient)
projectId := d.Get("project_id").(string)
pipelineProjectId := projectId
if d.Get("pipeline_project_id").(string) != "" {
pipelineProjectId = d.Get("pipeline_project_id").(string)
}

resType := d.Get("type").(string)
resId := d.Get("resource_id").(string)

Expand All @@ -170,7 +190,7 @@ func resourcePipelineAuthorizationDelete(d *schema.ResourceData, m interface{})
}

pipePermissionParams := pipelinepermissions.UpdatePipelinePermisionsForResourceArgs{
Project: &projectId,
Project: &pipelineProjectId,
ResourceType: &resType,
ResourceId: &resId,
}
Expand Down
7 changes: 4 additions & 3 deletions website/docs/r/pipeline_authorization.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -14,7 +14,7 @@ Manage pipeline access permissions to resources.
~> **Note** If both "All Pipeline Authorization" and "Custom Pipeline Authorization" are configured, "All Pipeline Authorization" has higher priority.


## Example Usage
## Example Usage

### Authorization for all pipelines

Expand Down Expand Up @@ -95,7 +95,7 @@ resource "azuredevops_pipeline_authorization" "example" {

The following arguments are supported:

- `project_id` - (Required) The ID of the project. Changing this forces a new resource to be created
- `project_id` - (Required) The ID of the project. Changing this forces a new resource to be created
- `resource_id` - (Required) The ID of the resource to authorize. Changing this forces a new resource to be created
- `type` - (Required) The type of the resource to authorize. Valid values: `endpoint`, `queue`, `variablegroup`, `environment`, `repository`. Changing this forces a new resource to be created

Expand All @@ -105,8 +105,9 @@ The following arguments are supported:
**Pipeline <-----> Service Connection(`endpoint`) <-----> GitHub Repository**

---
- `pipeline_id` - (Optional) The ID of the pipeline. If not configured, all pipelines will be authorized. Changing this forces a new resource to be created.

- `pipeline_id` - (Optional) The ID of the pipeline. If not configured, all pipelines will be authorized. Changing this forces a new resource to be created.
- `pipeline_project_id` - (Optional) The ID of the project where the pipeline exists. Defaults to `project_id` if not specified. Changing this forces a new resource to be created

## Attributes Reference

Expand Down

0 comments on commit 17a6c86

Please sign in to comment.