From ffb7031f3dadd9f7632619984ad435dc83e56253 Mon Sep 17 00:00:00 2001
From: yhkim <yhkim@meshcloud.io>
Date: Thu, 22 Aug 2024 16:00:10 +0200
Subject: [PATCH 1/5] added: azure devops user assignmnet via user list from
 meshStack

---
 azure/terraform/azure-devops/project/main.tf  | 64 +++++++++++++++++++
 .../azure-devops/project/variables.tf         | 13 ++++
 2 files changed, 77 insertions(+)

diff --git a/azure/terraform/azure-devops/project/main.tf b/azure/terraform/azure-devops/project/main.tf
index 10de66a..1ee2598 100644
--- a/azure/terraform/azure-devops/project/main.tf
+++ b/azure/terraform/azure-devops/project/main.tf
@@ -28,4 +28,68 @@ resource "azuredevops_serviceendpoint_github" "serviceendpoint_github" {
   }
 }
 
+# create limted ADO Project admin group
+resource "azuredevops_group" "admin_group" {
+  scope        = azuredevops_project.devops_project.id
+  display_name = "Admin Group"
+  description  = "DevOps Project Administrator Group"
+}
+
+resource "azuredevops_project_permissions" "admin_group_permission" {
+  project_id = azuredevops_project.devops_project.id
+  principal  = azuredevops_group.admin_group.id
+  permissions = {
+    DELETE = "Deny"
+    RENAME = "Deny"
+  }
+}
+
+# Get the default reader group for the project
+data "azuredevops_group" "reader_group" {
+  project_id = azuredevops_project.devops_project.id
+  name       = "Readers"
+}
+
+# Get the default user group for the project
+data "azuredevops_group" "user_group" {
+  project_id = azuredevops_project.devops_project.id
+  name       = "Contributors"
+}
+
+# iterate through the list of users and redue to a map of user with only their euid
+locals {
+  all_users    = { for user in var.users : user.euid => user }
+  reader_users = { for user in var.users : user.euid => user if contains(user.roles, "reader") }
+  admin_users  = { for user in var.users : user.euid => user if contains(user.roles, "admin") }
+  user_users   = { for user in var.users : user.euid => user if contains(user.roles, "user") }
+}
+# Assign Users to the specific Azure DevOps Groups
+resource "azuredevops_group_membership" "admin_user_group_assignmnet" {
+    depends_on = [azuredevops_group.admin_group]
+
+  for_each = data.azuredevops_users.admin
+  group = azuredevops_group.admin_group.id
+  members = [
+    tolist(each.value.users)[0].descriptor
+  ]
+}
+
+resource "azuredevops_group_membership" "user_user_group_assignmnet" {
+    depends_on = [data.azuredevops_group.user_group]
+
+  for_each = data.azuredevops_users.user
+  group = data.azuredevops_group.user_group.id
+  members = [
+    tolist(each.value.users)[0].descriptor
+  ]
+}
+
+resource "azuredevops_group_membership" "reader_user_group_assignmnet" {
+    depends_on = [data.azuredevops_group.reader_group]
 
+  for_each = data.azuredevops_users.reader
+  group = data.azuredevops_group.reader_group.id
+  members = [
+    tolist(each.value.users)[0].descriptor
+  ]
+}
\ No newline at end of file
diff --git a/azure/terraform/azure-devops/project/variables.tf b/azure/terraform/azure-devops/project/variables.tf
index b1f2d1c..fdb238f 100644
--- a/azure/terraform/azure-devops/project/variables.tf
+++ b/azure/terraform/azure-devops/project/variables.tf
@@ -28,3 +28,16 @@ variable "work_item_template" {
   description = "Specifies the work item template. Valid values: Agile, Basic, CMMI, Scrum or a custom, pre-existing one. Defaults to Agile."
   default     = "Agile"
 }
+
+# User Assignments
+variable "users" {
+  type = list(object({
+    meshIdentifier = string
+    username       = string
+    firstName      = string
+    lastName       = string
+    email          = string
+    euid           = string
+    roles          = list(string)
+  }))
+}
\ No newline at end of file

From 309e6286966dbbd1f2e1adade6502ec4fd863dd1 Mon Sep 17 00:00:00 2001
From: Felix Zieger <fzieger@meshcloud.io>
Date: Sat, 24 Aug 2024 18:32:13 +0200
Subject: [PATCH 2/5] fix: user management uses different project name

---
 .../project/import-github-repo.tf             | 12 ------------
 azure/terraform/azure-devops/project/main.tf  | 19 ++++++++++---------
 .../terraform/azure-devops/project/outputs.tf |  4 ++--
 3 files changed, 12 insertions(+), 23 deletions(-)
 delete mode 100644 azure/terraform/azure-devops/project/import-github-repo.tf

diff --git a/azure/terraform/azure-devops/project/import-github-repo.tf b/azure/terraform/azure-devops/project/import-github-repo.tf
deleted file mode 100644
index 1f2f7f7..0000000
--- a/azure/terraform/azure-devops/project/import-github-repo.tf
+++ /dev/null
@@ -1,12 +0,0 @@
-# Note that this example should import the GitHub Repo for this code into Azure DevOps. However, it appears as though this is still not fully supported.
-# Also at this time only public repos are supported for import.
-#
-#resource "azuredevops_git_repository" "imported_repo" {
-#  project_id = azuredevops_project.terraform_ado_project.id
-#  name       = "Imported Repo"
-#  initialization {
-#    init_type = "Import"
-#    source_type = "Git"
-#    source_url = "xxxxxxxxxxxxxxxxxxxx
-#  }
-#}
\ No newline at end of file
diff --git a/azure/terraform/azure-devops/project/main.tf b/azure/terraform/azure-devops/project/main.tf
index 1ee2598..cb2b012 100644
--- a/azure/terraform/azure-devops/project/main.tf
+++ b/azure/terraform/azure-devops/project/main.tf
@@ -2,7 +2,7 @@ resource "random_pet" "suffix" {
   length = 1
 }
 
-resource "azuredevops_project" "terraform_ado_project" {
+resource "azuredevops_project" "devops_project" {
   name               = "${var.project_name}-${random_pet.suffix.id}"
   description        = var.description
   visibility         = var.visibility
@@ -19,7 +19,7 @@ resource "azuredevops_project" "terraform_ado_project" {
 }
 
 resource "azuredevops_serviceendpoint_github" "serviceendpoint_github" {
-  project_id            = azuredevops_project.terraform_ado_project.id
+  project_id            = azuredevops_project.devops_project.id
   service_endpoint_name = "Sample GithHub Personal Access Token"
 
   auth_personal {
@@ -65,31 +65,32 @@ locals {
 }
 # Assign Users to the specific Azure DevOps Groups
 resource "azuredevops_group_membership" "admin_user_group_assignmnet" {
-    depends_on = [azuredevops_group.admin_group]
+  depends_on = [azuredevops_group.admin_group]
 
   for_each = data.azuredevops_users.admin
-  group = azuredevops_group.admin_group.id
+  group    = azuredevops_group.admin_group.id
   members = [
     tolist(each.value.users)[0].descriptor
   ]
 }
 
 resource "azuredevops_group_membership" "user_user_group_assignmnet" {
-    depends_on = [data.azuredevops_group.user_group]
+  depends_on = [data.azuredevops_group.user_group]
 
   for_each = data.azuredevops_users.user
-  group = data.azuredevops_group.user_group.id
+  group    = data.azuredevops_group.user_group.id
   members = [
     tolist(each.value.users)[0].descriptor
   ]
 }
 
 resource "azuredevops_group_membership" "reader_user_group_assignmnet" {
-    depends_on = [data.azuredevops_group.reader_group]
+  depends_on = [data.azuredevops_group.reader_group]
 
   for_each = data.azuredevops_users.reader
-  group = data.azuredevops_group.reader_group.id
+  group    = data.azuredevops_group.reader_group.id
   members = [
     tolist(each.value.users)[0].descriptor
   ]
-}
\ No newline at end of file
+}
+
diff --git a/azure/terraform/azure-devops/project/outputs.tf b/azure/terraform/azure-devops/project/outputs.tf
index 74239b6..a49ef78 100644
--- a/azure/terraform/azure-devops/project/outputs.tf
+++ b/azure/terraform/azure-devops/project/outputs.tf
@@ -1,7 +1,7 @@
 output "Project_ID" {
-  value = azuredevops_project.terraform_ado_project.id
+  value = azuredevops_project.devops_project.id
 }
 
 output "process_template_id" {
-  value = azuredevops_project.terraform_ado_project.process_template_id
+  value = azuredevops_project.devops_project.process_template_id
 }

From f8c969571588dfe5d43117871b8fa80f2ef95934 Mon Sep 17 00:00:00 2001
From: yhkim <yhkim@meshcloud.io>
Date: Mon, 26 Aug 2024 08:56:22 +0200
Subject: [PATCH 3/5] feat: added missing ado user data point

---
 azure/terraform/azure-devops/project/main.tf | 29 ++++++++++++++++++++
 1 file changed, 29 insertions(+)

diff --git a/azure/terraform/azure-devops/project/main.tf b/azure/terraform/azure-devops/project/main.tf
index cb2b012..66eccfd 100644
--- a/azure/terraform/azure-devops/project/main.tf
+++ b/azure/terraform/azure-devops/project/main.tf
@@ -63,6 +63,35 @@ locals {
   admin_users  = { for user in var.users : user.euid => user if contains(user.roles, "admin") }
   user_users   = { for user in var.users : user.euid => user if contains(user.roles, "user") }
 }
+
+# Get now all users according to their permissions in ADO
+data "azuredevops_users" "reader" {
+  depends_on = [
+    null_resource.create_users 
+  ]
+  for_each = local.reader_users
+
+  principal_name = each.value.euid
+}
+
+data "azuredevops_users" "admin" {
+  depends_on = [
+    null_resource.create_users 
+  ]
+  for_each = local.admin_users
+
+  principal_name = each.value.euid
+}
+
+data "azuredevops_users" "user" {
+  depends_on = [
+    null_resource.create_users 
+  ]
+  for_each = local.user_users
+
+  principal_name = each.value.euid
+}
+
 # Assign Users to the specific Azure DevOps Groups
 resource "azuredevops_group_membership" "admin_user_group_assignmnet" {
   depends_on = [azuredevops_group.admin_group]

From c4f1ad34db9ec0b22f4ad79b7958c9c7c00cb338 Mon Sep 17 00:00:00 2001
From: yhkim <yhkim@meshcloud.io>
Date: Mon, 26 Aug 2024 09:32:09 +0200
Subject: [PATCH 4/5] feat: removed null_ressource which creates users in ADO

---
 azure/terraform/azure-devops/project/main.tf | 9 ---------
 1 file changed, 9 deletions(-)

diff --git a/azure/terraform/azure-devops/project/main.tf b/azure/terraform/azure-devops/project/main.tf
index 66eccfd..ba7e930 100644
--- a/azure/terraform/azure-devops/project/main.tf
+++ b/azure/terraform/azure-devops/project/main.tf
@@ -66,27 +66,18 @@ locals {
 
 # Get now all users according to their permissions in ADO
 data "azuredevops_users" "reader" {
-  depends_on = [
-    null_resource.create_users 
-  ]
   for_each = local.reader_users
 
   principal_name = each.value.euid
 }
 
 data "azuredevops_users" "admin" {
-  depends_on = [
-    null_resource.create_users 
-  ]
   for_each = local.admin_users
 
   principal_name = each.value.euid
 }
 
 data "azuredevops_users" "user" {
-  depends_on = [
-    null_resource.create_users 
-  ]
   for_each = local.user_users
 
   principal_name = each.value.euid

From 7172139e2a45eae62d5f440b4db29751570fb05f Mon Sep 17 00:00:00 2001
From: Felix Zieger <67903933+felixzieger@users.noreply.github.com>
Date: Mon, 26 Aug 2024 09:35:15 +0200
Subject: [PATCH 5/5] Update provider.tf

---
 azure/terraform/azure-devops/project/provider.tf | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/azure/terraform/azure-devops/project/provider.tf b/azure/terraform/azure-devops/project/provider.tf
index 1518cf5..20eb733 100644
--- a/azure/terraform/azure-devops/project/provider.tf
+++ b/azure/terraform/azure-devops/project/provider.tf
@@ -13,8 +13,6 @@ terraform {
 }
 
 provider "azuredevops" {
-  # Remember to specify the org service url and personal access token details below
-  org_service_url = "XXXXXXXXXXXXXXXXXXX"
-  # personal_access_token = "XXXXXXXXXXXXXXXXXXX"
+  # Remember to specify the org service url and personal access token
 }