@pulumi/azuredevops

import * as pulumi from "@pulumi/pulumi"; /** * Manages permissions for Work Item Queries. * * > **Note** Permissions can be assigned to group principals and not to single user principals. * * ## Permission levels * * Permission for Work Item Queries within Azure DevOps can be applied on two different levels. * Those levels are reflected by specifying (or omitting) values for the arguments `projectId` and `path`. * * ### Project level * * Permissions for all Work Item Queries inside a project (existing or newly created ones) are specified, if only the argument `projectId` has a value. * * #### Example usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuredevops from "@pulumi/azuredevops"; * * const example = new azuredevops.Project("example", { * name: "Example Project", * workItemTemplate: "Agile", * versionControl: "Git", * visibility: "private", * description: "Managed by Pulumi", * }); * const example_readers = azuredevops.getGroupOutput({ * projectId: example.id, * name: "Readers", * }); * const project_wiq_root_permissions = new azuredevops.WorkItemQueryPermissions("project-wiq-root-permissions", { * projectId: example.id, * principal: example_readers.apply(example_readers => example_readers.id), * permissions: { * CreateRepository: "Deny", * DeleteRepository: "Deny", * RenameRepository: "NotSet", * }, * }); * ``` * * ### Shared Queries folder level * * Permissions for a specific folder inside Shared Queries are specified if the arguments `projectId` and `path` are set. * * > **Note** To set permissions for the Shared Queries folder itself use `/` as path value * * #### Example usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuredevops from "@pulumi/azuredevops"; * * const example = new azuredevops.Project("example", { * name: "Example Project", * workItemTemplate: "Agile", * versionControl: "Git", * visibility: "private", * description: "Managed by Pulumi", * }); * const example_readers = azuredevops.getGroupOutput({ * projectId: example.id, * name: "Readers", * }); * const example_permissions = new azuredevops.WorkItemQueryPermissions("example-permissions", { * projectId: example.id, * path: "/Team", * principal: example_readers.apply(example_readers => example_readers.id), * permissions: { * Contribute: "Allow", * Delete: "Deny", * Read: "NotSet", * }, * }); * ``` * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azuredevops from "@pulumi/azuredevops"; * * const example = new azuredevops.Project("example", { * name: "Example Project", * workItemTemplate: "Agile", * versionControl: "Git", * visibility: "private", * description: "Managed by Pulumi", * }); * const example_readers = azuredevops.getGroupOutput({ * projectId: example.id, * name: "Readers", * }); * const example_contributors = azuredevops.getGroupOutput({ * projectId: example.id, * name: "Contributors", * }); * const example_project_permissions = new azuredevops.WorkItemQueryPermissions("example-project-permissions", { * projectId: example.id, * principal: example_readers.apply(example_readers => example_readers.id), * permissions: { * Read: "Allow", * Delete: "Deny", * Contribute: "Deny", * ManagePermissions: "Deny", * }, * }); * const example_sharedqueries_permissions = new azuredevops.WorkItemQueryPermissions("example-sharedqueries-permissions", { * projectId: example.id, * path: "/", * principal: example_contributors.apply(example_contributors => example_contributors.id), * permissions: { * Read: "Allow", * Delete: "Deny", * }, * }); * ``` * * ## Relevant Links * * * [Azure DevOps Service REST API 7.0 - Security](https://docs.microsoft.com/en-us/rest/api/azure/devops/security/?view=azure-devops-rest-7.0) * * ## PAT Permissions Required * * - **Project & Team**: vso.security_manage - Grants the ability to read, write, and manage security permissions. * * ## Import * * The resource does not support import. */ export declare class WorkItemQueryPermissions extends pulumi.CustomResource { /** * Get an existing WorkItemQueryPermissions resource's state with the given name, ID, and optional extra * properties used to qualify the lookup. * * @param name The _unique_ name of the resulting resource. * @param id The _unique_ provider ID of the resource to lookup. * @param state Any extra arguments used during the lookup. * @param opts Optional settings to control the behavior of the CustomResource. */ static get(name: string, id: pulumi.Input<pulumi.ID>, state?: WorkItemQueryPermissionsState, opts?: pulumi.CustomResourceOptions): WorkItemQueryPermissions; /** * Returns true if the given object is an instance of WorkItemQueryPermissions. This is designed to work even * when multiple copies of the Pulumi SDK have been loaded into the same process. */ static isInstance(obj: any): obj is WorkItemQueryPermissions; /** * Path to a query or folder beneath `Shared Queries` */ readonly path: pulumi.Output<string | undefined>; /** * the permissions to assign. The following permissions are available * * | Permissions | Description | * |--------------------------|------------------------------------| * | Read | Read | * | Contribute | Contribute | * | Delete | Delete | * | ManagePermissions | Manage Permissions | */ readonly permissions: pulumi.Output<{ [key: string]: string; }>; /** * The **group** principal to assign the permissions. */ readonly principal: pulumi.Output<string>; /** * The ID of the project to assign the permissions. */ readonly projectId: pulumi.Output<string>; /** * Replace (`true`) or merge (`false`) the permissions. Defaults to `true` */ readonly replace: pulumi.Output<boolean | undefined>; /** * Create a WorkItemQueryPermissions resource with the given unique name, arguments, and options. * * @param name The _unique_ name of the resource. * @param args The arguments to use to populate this resource's properties. * @param opts A bag of options that control this resource's behavior. */ constructor(name: string, args: WorkItemQueryPermissionsArgs, opts?: pulumi.CustomResourceOptions); } /** * Input properties used for looking up and filtering WorkItemQueryPermissions resources. */ export interface WorkItemQueryPermissionsState { /** * Path to a query or folder beneath `Shared Queries` */ path?: pulumi.Input<string>; /** * the permissions to assign. The following permissions are available * * | Permissions | Description | * |--------------------------|------------------------------------| * | Read | Read | * | Contribute | Contribute | * | Delete | Delete | * | ManagePermissions | Manage Permissions | */ permissions?: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The **group** principal to assign the permissions. */ principal?: pulumi.Input<string>; /** * The ID of the project to assign the permissions. */ projectId?: pulumi.Input<string>; /** * Replace (`true`) or merge (`false`) the permissions. Defaults to `true` */ replace?: pulumi.Input<boolean>; } /** * The set of arguments for constructing a WorkItemQueryPermissions resource. */ export interface WorkItemQueryPermissionsArgs { /** * Path to a query or folder beneath `Shared Queries` */ path?: pulumi.Input<string>; /** * the permissions to assign. The following permissions are available * * | Permissions | Description | * |--------------------------|------------------------------------| * | Read | Read | * | Contribute | Contribute | * | Delete | Delete | * | ManagePermissions | Manage Permissions | */ permissions: pulumi.Input<{ [key: string]: pulumi.Input<string>; }>; /** * The **group** principal to assign the permissions. */ principal: pulumi.Input<string>; /** * The ID of the project to assign the permissions. */ projectId: pulumi.Input<string>; /** * Replace (`true`) or merge (`false`) the permissions. Defaults to `true` */ replace?: pulumi.Input<boolean>; }