fix(ado): prefer project id over name to prevent weird tf config drifts
This commit is contained in:
Julie Ng
Родитель
6ca40c7e57
Коммит
de4a824d9a
3
main.tf
3
main.tf
|
|
@ -139,7 +139,7 @@ resource "azuredevops_project" "collaboration" {
|
|||
module "ado_team_permissions" {
|
||||
for_each = var.projects
|
||||
source = "./modules/azure-devops-permissions"
|
||||
ado_project_id = azuredevops_project.team_projects["proj_${each.value.team}"].id
|
||||
ado_project_id = azuredevops_project.team_projects["${each.value.team}"].id
|
||||
team_aad_id = azuread_group.groups["${each.value.team}_devs"].id # Receives 'Contributor' Permissions
|
||||
admin_aad_id = azuread_group.groups["${each.value.team}_admins"].id # Receives 'Project Administrator' Permissions
|
||||
|
||||
|
|
@ -212,6 +212,7 @@ module "service_connections" {
|
|||
service_principal_id = module.service_principals[each.key].principal_id
|
||||
service_principal_secret = module.service_principals[each.key].client_secret
|
||||
resource_group_name = "${replace(each.key, "_", "-")}-${local.suffix}-rg"
|
||||
project_id = azuredevops_project.team_projects[replace(each.key, "/(_dev)|(_prod)|(_shared)/", "")].id
|
||||
|
||||
depends_on = [
|
||||
azuread_group.groups,
|
||||
|
|
|
|||
|
|
@ -6,12 +6,8 @@
|
|||
# - veggies-prod-*-rg => project-veggies
|
||||
# - infra-shared-*-rg => central-it
|
||||
|
||||
locals {
|
||||
project_name = split("-", var.resource_group_name)[0] == "infra" ? "central-it" : "project-${split("-", var.resource_group_name)[0]}"
|
||||
}
|
||||
|
||||
data "azuredevops_project" "team" {
|
||||
name = local.project_name
|
||||
project_id = var.project_id
|
||||
}
|
||||
|
||||
# ------------------
|
||||
|
|
|
|||
|
|
@ -3,6 +3,11 @@ variable "resource_group_name" {
|
|||
description = "Name of resource group of this workspace the service principal is scoped to."
|
||||
}
|
||||
|
||||
variable "project_id" {
|
||||
type = string
|
||||
description = "Azure DevOps Project Id"
|
||||
}
|
||||
|
||||
variable "service_principal_id" {
|
||||
type = string
|
||||
description = "Client ID for Service Principal"
|
||||
|
|
|
|||
|
|
@ -22,19 +22,19 @@ groups = {
|
|||
# =======================
|
||||
|
||||
projects = {
|
||||
proj_fruits = {
|
||||
fruits = {
|
||||
name = "project-fruits"
|
||||
description = "Demo using AAD groups"
|
||||
team = "fruits"
|
||||
}
|
||||
|
||||
proj_veggies = {
|
||||
veggies = {
|
||||
name = "project-veggies"
|
||||
description = "Demo using AAD groups"
|
||||
team = "veggies"
|
||||
}
|
||||
|
||||
proj_infra = {
|
||||
infra = {
|
||||
name = "central-it"
|
||||
description = "Central IT managed stuff"
|
||||
team = "infra"
|
||||
|
|
|
|||
Загрузка…
Ссылка в новой задаче