Implemented a new resource ResourceServiceEndpointProjectPermissions #1031

azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_permissions.go

@@ -0,0 +1,66 @@
+// Implementation for the azuredevops_serviceendpoint_project_permissions resource
+package serviceendpoint
+
+import (
+	"fmt"
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/schema"
+	"github.com/microsoft/azure-devops-go-api/azuredevops/v7/serviceendpoint"
+	"github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/client"
+	"github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/utils/converter"
+)
+
+func ResourceServiceEndpointProjectPermissions() *schema.Resource {
+	return &schema.Resource{
+		Create: resourceServiceEndpointProjectPermissionsCreate,
+		Read:   resourceServiceEndpointProjectPermissionsRead,
+		Update: resourceServiceEndpointProjectPermissionsUpdate,
+		Delete: resourceServiceEndpointProjectPermissionsDelete,
+
+		Schema: map[string]*schema.Schema{
+			"serviceendpoint_id": {
+				Type:     schema.TypeString,
+				Required: true,
+			},
+			"project_reference": {
+				Type:     schema.TypeList,
+				Required: true,
+				Elem: &schema.Resource{
+					Schema: map[string]*schema.Schema{
+						"project_id": {
+							Type:     schema.TypeString,
+							Required: true,
+						},
+						"service_endpoint_name": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+						"description": {
+							Type:     schema.TypeString,
+							Optional: true,
+						},
+					},
+				},
+			},
+		},
+	}
+}
+
+func resourceServiceEndpointProjectPermissionsCreate(d *schema.ResourceData, m interface{}) error {
+	// Implementation logic for creating the resource
+	return fmt.Errorf("Not implemented yet")
+}
+
+func resourceServiceEndpointProjectPermissionsRead(d *schema.ResourceData, m interface{}) error {
+	// Implementation logic for reading the resource
+	return fmt.Errorf("Not implemented yet")
+}
+
+func resourceServiceEndpointProjectPermissionsUpdate(d *schema.ResourceData, m interface{}) error {
+	// Implementation logic for updating the resource
+	return fmt.Errorf("Not implemented yet")
+}
+
+func resourceServiceEndpointProjectPermissionsDelete(d *schema.ResourceData, m interface{}) error {
+	// Implementation logic for deleting the resource
+	return fmt.Errorf("Not implemented yet")
+}

azuredevops/internal/service/serviceendpoint/resource_serviceendpoint_permissions_test.go

@@ -0,0 +1,77 @@
+package serviceendpoint
+
+import (
+	"testing"
+
+	"github.com/hashicorp/terraform-plugin-sdk/v2/helper/resource"
+	"github.com/microsoft/terraform-provider-azuredevops/azuredevops/internal/acceptancetests/testutils"
+)
+
+// Verifies that the following sequence of operations can be performed without error:
+//	1. Creating a service endpoint with project permissions
+//	2. Updating the service endpoint with different project permissions
+func TestAccServiceEndpointProjectPermissions_CRUD(t *testing.T) {
+	projectName := testutils.GenerateResourceName()
+	serviceEndpointName := testutils.GenerateResourceName()
+	config := hclServiceEndpointProjectPermissionsResource(projectName, serviceEndpointName)
+
+	resource.Test(t, resource.TestCase{
+		PreCheck:     func() { testutils.PreCheck(t, nil) },
+		Providers:    testutils.GetProviders(),
+		CheckDestroy: testutils.CheckProjectDestroyed,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					resource.TestCheckResourceAttrSet("azuredevops_serviceendpoint_project_permissions.p", "project_id"),
+					resource.TestCheckResourceAttrSet("azuredevops_serviceendpoint_project_permissions.p", "serviceendpoint_id"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.#", "2"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.0.project_id", "project-id-1"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.0.service_endpoint_name", "service-connection-shared"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.0.description", "Shared service connection"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.1.project_id", "project-id-2"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.1.service_endpoint_name", "service-connection-shared"),
+					resource.TestCheckResourceAttr("azuredevops_serviceendpoint_project_permissions.p", "project_reference.1.description", "Shared service connection"),
+				),
+			},
+		},
+	})
+}
+
+func hclServiceEndpointProjectPermissionsResource(projectName string, serviceEndpointName string) string {
+	return fmt.Sprintf(`
+resource "azuredevops_project" "project" {
+  name               = "%s"
+  work_item_template = "Agile"
+  version_control    = "Git"
+  visibility         = "private"
+  description        = "Managed by Terraform"
+}
+
+resource "azuredevops_serviceendpoint_azurerm" "example" {
+  project_id            = azuredevops_project.project.id
+  service_endpoint_name = "%s"
+  credentials {
+    serviceprincipalid  = "spn-id"
+    serviceprincipalkey = "spn-key"
+  }
+  azurerm_spn_tenantid      = "tenant-id"
+  azurerm_subscription_id   = "subscription-id"
+  azurerm_subscription_name = "subscription-name"
+}
+
+resource "azuredevops_serviceendpoint_project_permissions" "p" {
+  serviceendpoint_id = azuredevops_serviceendpoint_azurerm.example.id
+  project_reference {
+    project_id            = "project-id-1"
+    service_endpoint_name = "service-connection-shared"
+    description           = "Shared service connection"
+  }
+  project_reference {
+    project_id            = "project-id-2"
+    service_endpoint_name = "service-connection-shared"
+    description           = "Shared service connection"
+  }
+}
+`, projectName, serviceEndpointName)
+}

website/docs/r/serviceendpoint_permissions.html.markdown

@@ -1,13 +1,13 @@
 ---
 layout: "azuredevops"
-page_title: "AzureDevops: azuredevops_serviceendpoint_permissions"
+page_title: "AzureDevops: azuredevops_serviceendpoint_project_permissions"
 description: |-
-  Manages permissions for a AzureDevOps Service Endpoint
+  Manages project permissions for a AzureDevOps Service Endpoint
 ---
 
-# azuredevops_serviceendpoint_permissions
+# azuredevops_serviceendpoint_project_permissions
 
-Manages permissions for a Service Endpoint
+Manages project permissions for a Service Endpoint, allowing sharing a service connection with multiple projects including optional service_endpoint_name and description.
 
 ~> **Note** Permissions can be assigned to group principals and not to single user principals.
 
@@ -19,50 +19,19 @@ Those levels are reflected by specifying (or omitting) values for the arguments
 ## Example Usage
 
 ```hcl
-resource "azuredevops_project" "example" {
-  name               = "Example Project"
-  work_item_template = "Agile"
-  version_control    = "Git"
-  visibility         = "private"
-  description        = "Managed by Terraform"
-}
-
-data "azuredevops_group" "example-readers" {
-  project_id = azuredevops_project.example.id
-  name       = "Readers"
-}
+resource "azuredevops_serviceendpoint_project_permissions" "example-share" {
+  serviceendpoint_id = azuredevops_serviceendpoint_azurerm.example.id
 
-resource "azuredevops_serviceendpoint_permissions" "example-root-permissions" {
-  project_id = azuredevops_project.example.id
-  principal  = data.azuredevops_group.example-readers.id
-  permissions = {
-    Use               = "allow"
-    Administer        = "allow"
-    Create            = "allow"
-    ViewAuthorization = "allow"
-    ViewEndpoint      = "allow"
+  project_reference {
+    project_id            = azuredevops_project.example_one.id
+    service_endpoint_name = "service-connection-shared"
+    description           = "Service Connection Shared by Terraform - Cluster One"
   }
-}
 
-resource "azuredevops_serviceendpoint_dockerregistry" "example" {
-  project_id            = azuredevops_project.example.id
-  service_endpoint_name = "Example Docker Hub"
-  docker_username       = "username"
-  docker_email          = "email@example.com"
-  docker_password       = "password"
-  registry_type         = "DockerHub"
-}
-
-resource "azuredevops_serviceendpoint_permissions" "example-permissions" {
-  project_id         = azuredevops_project.example.id
-  principal          = data.azuredevops_group.example-readers.id
-  serviceendpoint_id = azuredevops_serviceendpoint_dockerregistry.example.id
-  permissions = {
-    Use               = "allow"
-    Administer        = "deny"
-    Create            = "deny"
-    ViewAuthorization = "allow"
-    ViewEndpoint      = "allow"
+  project_reference {
+    project_id            = azuredevops_project.example_two.id
+    service_endpoint_name = "service-connection-shared"
+    description           = "Service Connection Shared by Terraform - Cluster Two"
   }
 }
 ```
@@ -71,19 +40,14 @@ resource "azuredevops_serviceendpoint_permissions" "example-permissions" {
 
 The following arguments are supported:
 
-* `project_id` - (Required) The ID of the project.
-* `principal` - (Required) The **group** principal to assign the permissions.
-* `permissions` - (Required) the permissions to assign. The following permissions are available.
-* `serviceendpoint_id` - (Optional) The id of the service endpoint to assign the permissions.
-* `replace` - (Optional) Replace (`true`) or merge (`false`) the permissions. Default: `true`
-
-| Permission        | Description                         |
-| ----------------- | ----------------------------------- |
-| Use               | Use service endpoint                |
-| Administer        | Full control over service endpoints |
-| Create            | Create service endpoints            |
-| ViewAuthorization | View authorizations                 |
-| ViewEndpoint      | View service endpoint properties    |
+* `serviceendpoint_id` - (Required) The ID of the service endpoint to share.
+* `project_reference` - (Required) A list of `project_reference` block as defined below. Objects describing which projects the service connection will be shared.
+
+An `project_reference` block supports the following:
+
+* `project_id` - (Required) Project id which service endpoint will be shared.
+* `service_endpoint_name` - (Optional) Name for service connection in the shared project. Default keep the same name.
+* `description` - (Optional) Description for service connection in the shared project. Default keep the same description.
 
 ## Relevant Links