1. Packages
  2. AzureDevOps
  3. API Docs
  4. GitPermissions
Azure DevOps v3.1.1 published on Monday, May 20, 2024 by Pulumi

azuredevops.GitPermissions

Explore with Pulumi AI

azuredevops logo
Azure DevOps v3.1.1 published on Monday, May 20, 2024 by Pulumi

    Manages permissions for Git repositories.

    Note Permissions can be assigned to group principals and not to single user principals.

    Permission levels

    Permission for Git Repositories within Azure DevOps can be applied on three different levels. Those levels are reflected by specifying (or omitting) values for the arguments project_id, repository_id and branch_name.

    Project level

    Permissions for all Git Repositories inside a project (existing or newly created ones) are specified, if only the argument project_id has a value.

    Example usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuredevops from "@pulumi/azuredevops";
    
    const example = new azuredevops.Project("example", {
        name: "Example Project",
        workItemTemplate: "Agile",
        versionControl: "Git",
        visibility: "private",
        description: "Managed by Terraform",
    });
    const example-readers = azuredevops.getGroupOutput({
        projectId: example.id,
        name: "Readers",
    });
    const example_permissions = new azuredevops.GitPermissions("example-permissions", {
        projectId: example.id,
        principal: example_readers.apply(example_readers => example_readers.id),
        permissions: {
            CreateRepository: "Deny",
            DeleteRepository: "Deny",
            RenameRepository: "NotSet",
        },
    });
    
    import pulumi
    import pulumi_azuredevops as azuredevops
    
    example = azuredevops.Project("example",
        name="Example Project",
        work_item_template="Agile",
        version_control="Git",
        visibility="private",
        description="Managed by Terraform")
    example_readers = azuredevops.get_group_output(project_id=example.id,
        name="Readers")
    example_permissions = azuredevops.GitPermissions("example-permissions",
        project_id=example.id,
        principal=example_readers.id,
        permissions={
            "CreateRepository": "Deny",
            "DeleteRepository": "Deny",
            "RenameRepository": "NotSet",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
    			Name:             pulumi.String("Example Project"),
    			WorkItemTemplate: pulumi.String("Agile"),
    			VersionControl:   pulumi.String("Git"),
    			Visibility:       pulumi.String("private"),
    			Description:      pulumi.String("Managed by Terraform"),
    		})
    		if err != nil {
    			return err
    		}
    		example_readers := azuredevops.LookupGroupOutput(ctx, azuredevops.GetGroupOutputArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Readers"),
    		}, nil)
    		_, err = azuredevops.NewGitPermissions(ctx, "example-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId: example.ID(),
    			Principal: example_readers.ApplyT(func(example_readers azuredevops.GetGroupResult) (*string, error) {
    				return &example_readers.Id, nil
    			}).(pulumi.StringPtrOutput),
    			Permissions: pulumi.StringMap{
    				"CreateRepository": pulumi.String("Deny"),
    				"DeleteRepository": pulumi.String("Deny"),
    				"RenameRepository": pulumi.String("NotSet"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureDevOps = Pulumi.AzureDevOps;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureDevOps.Project("example", new()
        {
            Name = "Example Project",
            WorkItemTemplate = "Agile",
            VersionControl = "Git",
            Visibility = "private",
            Description = "Managed by Terraform",
        });
    
        var example_readers = AzureDevOps.GetGroup.Invoke(new()
        {
            ProjectId = example.Id,
            Name = "Readers",
        });
    
        var example_permissions = new AzureDevOps.GitPermissions("example-permissions", new()
        {
            ProjectId = example.Id,
            Principal = example_readers.Apply(example_readers => example_readers.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "CreateRepository", "Deny" },
                { "DeleteRepository", "Deny" },
                { "RenameRepository", "NotSet" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuredevops.Project;
    import com.pulumi.azuredevops.ProjectArgs;
    import com.pulumi.azuredevops.AzuredevopsFunctions;
    import com.pulumi.azuredevops.inputs.GetGroupArgs;
    import com.pulumi.azuredevops.GitPermissions;
    import com.pulumi.azuredevops.GitPermissionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Project("example", ProjectArgs.builder()        
                .name("Example Project")
                .workItemTemplate("Agile")
                .versionControl("Git")
                .visibility("private")
                .description("Managed by Terraform")
                .build());
    
            final var example-readers = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .projectId(example.id())
                .name("Readers")
                .build());
    
            var example_permissions = new GitPermissions("example-permissions", GitPermissionsArgs.builder()        
                .projectId(example.id())
                .principal(example_readers.applyValue(example_readers -> example_readers.id()))
                .permissions(Map.ofEntries(
                    Map.entry("CreateRepository", "Deny"),
                    Map.entry("DeleteRepository", "Deny"),
                    Map.entry("RenameRepository", "NotSet")
                ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuredevops:Project
        properties:
          name: Example Project
          workItemTemplate: Agile
          versionControl: Git
          visibility: private
          description: Managed by Terraform
      example-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${example.id}
          principal: ${["example-readers"].id}
          permissions:
            CreateRepository: Deny
            DeleteRepository: Deny
            RenameRepository: NotSet
    variables:
      example-readers:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            projectId: ${example.id}
            name: Readers
    

    Repository level

    Permissions for a specific Git Repository and all existing or newly created branches are specified if the arguments project_id and repository_id are set.

    Example usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuredevops from "@pulumi/azuredevops";
    
    const example = new azuredevops.Project("example", {
        name: "Example Project",
        workItemTemplate: "Agile",
        versionControl: "Git",
        visibility: "private",
        description: "Managed by Terraform",
    });
    const example-group = azuredevops.getGroup({
        name: "Project Collection Administrators",
    });
    const exampleGit = new azuredevops.Git("example", {
        projectId: example.id,
        name: "Example Empty Git Repository",
        initialization: {
            initType: "Clean",
        },
    });
    const example_permissions = new azuredevops.GitPermissions("example-permissions", {
        projectId: exampleGit.projectId,
        repositoryId: exampleGit.id,
        principal: example_group.then(example_group => example_group.id),
        permissions: {
            RemoveOthersLocks: "Allow",
            ManagePermissions: "Deny",
            CreateTag: "Deny",
            CreateBranch: "NotSet",
        },
    });
    
    import pulumi
    import pulumi_azuredevops as azuredevops
    
    example = azuredevops.Project("example",
        name="Example Project",
        work_item_template="Agile",
        version_control="Git",
        visibility="private",
        description="Managed by Terraform")
    example_group = azuredevops.get_group(name="Project Collection Administrators")
    example_git = azuredevops.Git("example",
        project_id=example.id,
        name="Example Empty Git Repository",
        initialization=azuredevops.GitInitializationArgs(
            init_type="Clean",
        ))
    example_permissions = azuredevops.GitPermissions("example-permissions",
        project_id=example_git.project_id,
        repository_id=example_git.id,
        principal=example_group.id,
        permissions={
            "RemoveOthersLocks": "Allow",
            "ManagePermissions": "Deny",
            "CreateTag": "Deny",
            "CreateBranch": "NotSet",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
    			Name:             pulumi.String("Example Project"),
    			WorkItemTemplate: pulumi.String("Agile"),
    			VersionControl:   pulumi.String("Git"),
    			Visibility:       pulumi.String("private"),
    			Description:      pulumi.String("Managed by Terraform"),
    		})
    		if err != nil {
    			return err
    		}
    		example_group, err := azuredevops.LookupGroup(ctx, &azuredevops.LookupGroupArgs{
    			Name: "Project Collection Administrators",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		exampleGit, err := azuredevops.NewGit(ctx, "example", &azuredevops.GitArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Example Empty Git Repository"),
    			Initialization: &azuredevops.GitInitializationArgs{
    				InitType: pulumi.String("Clean"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuredevops.NewGitPermissions(ctx, "example-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId:    exampleGit.ProjectId,
    			RepositoryId: exampleGit.ID(),
    			Principal:    pulumi.String(example_group.Id),
    			Permissions: pulumi.StringMap{
    				"RemoveOthersLocks": pulumi.String("Allow"),
    				"ManagePermissions": pulumi.String("Deny"),
    				"CreateTag":         pulumi.String("Deny"),
    				"CreateBranch":      pulumi.String("NotSet"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureDevOps = Pulumi.AzureDevOps;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureDevOps.Project("example", new()
        {
            Name = "Example Project",
            WorkItemTemplate = "Agile",
            VersionControl = "Git",
            Visibility = "private",
            Description = "Managed by Terraform",
        });
    
        var example_group = AzureDevOps.GetGroup.Invoke(new()
        {
            Name = "Project Collection Administrators",
        });
    
        var exampleGit = new AzureDevOps.Git("example", new()
        {
            ProjectId = example.Id,
            Name = "Example Empty Git Repository",
            Initialization = new AzureDevOps.Inputs.GitInitializationArgs
            {
                InitType = "Clean",
            },
        });
    
        var example_permissions = new AzureDevOps.GitPermissions("example-permissions", new()
        {
            ProjectId = exampleGit.ProjectId,
            RepositoryId = exampleGit.Id,
            Principal = example_group.Apply(example_group => example_group.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "RemoveOthersLocks", "Allow" },
                { "ManagePermissions", "Deny" },
                { "CreateTag", "Deny" },
                { "CreateBranch", "NotSet" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuredevops.Project;
    import com.pulumi.azuredevops.ProjectArgs;
    import com.pulumi.azuredevops.AzuredevopsFunctions;
    import com.pulumi.azuredevops.inputs.GetGroupArgs;
    import com.pulumi.azuredevops.Git;
    import com.pulumi.azuredevops.GitArgs;
    import com.pulumi.azuredevops.inputs.GitInitializationArgs;
    import com.pulumi.azuredevops.GitPermissions;
    import com.pulumi.azuredevops.GitPermissionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Project("example", ProjectArgs.builder()        
                .name("Example Project")
                .workItemTemplate("Agile")
                .versionControl("Git")
                .visibility("private")
                .description("Managed by Terraform")
                .build());
    
            final var example-group = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .name("Project Collection Administrators")
                .build());
    
            var exampleGit = new Git("exampleGit", GitArgs.builder()        
                .projectId(example.id())
                .name("Example Empty Git Repository")
                .initialization(GitInitializationArgs.builder()
                    .initType("Clean")
                    .build())
                .build());
    
            var example_permissions = new GitPermissions("example-permissions", GitPermissionsArgs.builder()        
                .projectId(exampleGit.projectId())
                .repositoryId(exampleGit.id())
                .principal(example_group.id())
                .permissions(Map.ofEntries(
                    Map.entry("RemoveOthersLocks", "Allow"),
                    Map.entry("ManagePermissions", "Deny"),
                    Map.entry("CreateTag", "Deny"),
                    Map.entry("CreateBranch", "NotSet")
                ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuredevops:Project
        properties:
          name: Example Project
          workItemTemplate: Agile
          versionControl: Git
          visibility: private
          description: Managed by Terraform
      exampleGit:
        type: azuredevops:Git
        name: example
        properties:
          projectId: ${example.id}
          name: Example Empty Git Repository
          initialization:
            initType: Clean
      example-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${exampleGit.projectId}
          repositoryId: ${exampleGit.id}
          principal: ${["example-group"].id}
          permissions:
            RemoveOthersLocks: Allow
            ManagePermissions: Deny
            CreateTag: Deny
            CreateBranch: NotSet
    variables:
      example-group:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            name: Project Collection Administrators
    

    Branch level

    Permissions for a specific branch inside a Git Repository are specified if all above mentioned the arguments are set.

    Example usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuredevops from "@pulumi/azuredevops";
    
    const example = new azuredevops.Project("example", {
        name: "Example Project",
        workItemTemplate: "Agile",
        versionControl: "Git",
        visibility: "private",
        description: "Managed by Terraform",
    });
    const exampleGit = new azuredevops.Git("example", {
        projectId: example.id,
        name: "Example Empty Git Repository",
        initialization: {
            initType: "Clean",
        },
    });
    const example-group = azuredevops.getGroup({
        name: "Project Collection Administrators",
    });
    const example_permissions = new azuredevops.GitPermissions("example-permissions", {
        projectId: exampleGit.projectId,
        repositoryId: exampleGit.id,
        branchName: "refs/heads/master",
        principal: example_group.then(example_group => example_group.id),
        permissions: {
            RemoveOthersLocks: "Allow",
            ForcePush: "Deny",
        },
    });
    
    import pulumi
    import pulumi_azuredevops as azuredevops
    
    example = azuredevops.Project("example",
        name="Example Project",
        work_item_template="Agile",
        version_control="Git",
        visibility="private",
        description="Managed by Terraform")
    example_git = azuredevops.Git("example",
        project_id=example.id,
        name="Example Empty Git Repository",
        initialization=azuredevops.GitInitializationArgs(
            init_type="Clean",
        ))
    example_group = azuredevops.get_group(name="Project Collection Administrators")
    example_permissions = azuredevops.GitPermissions("example-permissions",
        project_id=example_git.project_id,
        repository_id=example_git.id,
        branch_name="refs/heads/master",
        principal=example_group.id,
        permissions={
            "RemoveOthersLocks": "Allow",
            "ForcePush": "Deny",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
    			Name:             pulumi.String("Example Project"),
    			WorkItemTemplate: pulumi.String("Agile"),
    			VersionControl:   pulumi.String("Git"),
    			Visibility:       pulumi.String("private"),
    			Description:      pulumi.String("Managed by Terraform"),
    		})
    		if err != nil {
    			return err
    		}
    		exampleGit, err := azuredevops.NewGit(ctx, "example", &azuredevops.GitArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Example Empty Git Repository"),
    			Initialization: &azuredevops.GitInitializationArgs{
    				InitType: pulumi.String("Clean"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		example_group, err := azuredevops.LookupGroup(ctx, &azuredevops.LookupGroupArgs{
    			Name: "Project Collection Administrators",
    		}, nil)
    		if err != nil {
    			return err
    		}
    		_, err = azuredevops.NewGitPermissions(ctx, "example-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId:    exampleGit.ProjectId,
    			RepositoryId: exampleGit.ID(),
    			BranchName:   pulumi.String("refs/heads/master"),
    			Principal:    pulumi.String(example_group.Id),
    			Permissions: pulumi.StringMap{
    				"RemoveOthersLocks": pulumi.String("Allow"),
    				"ForcePush":         pulumi.String("Deny"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureDevOps = Pulumi.AzureDevOps;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureDevOps.Project("example", new()
        {
            Name = "Example Project",
            WorkItemTemplate = "Agile",
            VersionControl = "Git",
            Visibility = "private",
            Description = "Managed by Terraform",
        });
    
        var exampleGit = new AzureDevOps.Git("example", new()
        {
            ProjectId = example.Id,
            Name = "Example Empty Git Repository",
            Initialization = new AzureDevOps.Inputs.GitInitializationArgs
            {
                InitType = "Clean",
            },
        });
    
        var example_group = AzureDevOps.GetGroup.Invoke(new()
        {
            Name = "Project Collection Administrators",
        });
    
        var example_permissions = new AzureDevOps.GitPermissions("example-permissions", new()
        {
            ProjectId = exampleGit.ProjectId,
            RepositoryId = exampleGit.Id,
            BranchName = "refs/heads/master",
            Principal = example_group.Apply(example_group => example_group.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "RemoveOthersLocks", "Allow" },
                { "ForcePush", "Deny" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuredevops.Project;
    import com.pulumi.azuredevops.ProjectArgs;
    import com.pulumi.azuredevops.Git;
    import com.pulumi.azuredevops.GitArgs;
    import com.pulumi.azuredevops.inputs.GitInitializationArgs;
    import com.pulumi.azuredevops.AzuredevopsFunctions;
    import com.pulumi.azuredevops.inputs.GetGroupArgs;
    import com.pulumi.azuredevops.GitPermissions;
    import com.pulumi.azuredevops.GitPermissionsArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Project("example", ProjectArgs.builder()        
                .name("Example Project")
                .workItemTemplate("Agile")
                .versionControl("Git")
                .visibility("private")
                .description("Managed by Terraform")
                .build());
    
            var exampleGit = new Git("exampleGit", GitArgs.builder()        
                .projectId(example.id())
                .name("Example Empty Git Repository")
                .initialization(GitInitializationArgs.builder()
                    .initType("Clean")
                    .build())
                .build());
    
            final var example-group = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .name("Project Collection Administrators")
                .build());
    
            var example_permissions = new GitPermissions("example-permissions", GitPermissionsArgs.builder()        
                .projectId(exampleGit.projectId())
                .repositoryId(exampleGit.id())
                .branchName("refs/heads/master")
                .principal(example_group.id())
                .permissions(Map.ofEntries(
                    Map.entry("RemoveOthersLocks", "Allow"),
                    Map.entry("ForcePush", "Deny")
                ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuredevops:Project
        properties:
          name: Example Project
          workItemTemplate: Agile
          versionControl: Git
          visibility: private
          description: Managed by Terraform
      exampleGit:
        type: azuredevops:Git
        name: example
        properties:
          projectId: ${example.id}
          name: Example Empty Git Repository
          initialization:
            initType: Clean
      example-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${exampleGit.projectId}
          repositoryId: ${exampleGit.id}
          branchName: refs/heads/master
          principal: ${["example-group"].id}
          permissions:
            RemoveOthersLocks: Allow
            ForcePush: Deny
    variables:
      example-group:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            name: Project Collection Administrators
    

    Example Usage

    import * as pulumi from "@pulumi/pulumi";
    import * as azuredevops from "@pulumi/azuredevops";
    
    const example = new azuredevops.Project("example", {
        name: "Example Project",
        visibility: "private",
        versionControl: "Git",
        workItemTemplate: "Agile",
        description: "Managed by Terraform",
    });
    const example-project-readers = azuredevops.getGroupOutput({
        projectId: example.id,
        name: "Readers",
    });
    const example-project-contributors = azuredevops.getGroupOutput({
        projectId: example.id,
        name: "Contributors",
    });
    const example-project-administrators = azuredevops.getGroupOutput({
        projectId: example.id,
        name: "Project administrators",
    });
    const example_permissions = new azuredevops.GitPermissions("example-permissions", {
        projectId: example.id,
        principal: example_project_readers.apply(example_project_readers => example_project_readers.id),
        permissions: {
            CreateRepository: "Deny",
            DeleteRepository: "Deny",
            RenameRepository: "NotSet",
        },
    });
    const exampleGit = new azuredevops.Git("example", {
        projectId: example.id,
        name: "TestRepo",
        defaultBranch: "refs/heads/master",
        initialization: {
            initType: "Clean",
        },
    });
    const example_repo_permissions = new azuredevops.GitPermissions("example-repo-permissions", {
        projectId: exampleGit.projectId,
        repositoryId: exampleGit.id,
        principal: example_project_administrators.apply(example_project_administrators => example_project_administrators.id),
        permissions: {
            RemoveOthersLocks: "Allow",
            ManagePermissions: "Deny",
            CreateTag: "Deny",
            CreateBranch: "NotSet",
        },
    });
    const example_branch_permissions = new azuredevops.GitPermissions("example-branch-permissions", {
        projectId: exampleGit.projectId,
        repositoryId: exampleGit.id,
        branchName: "master",
        principal: example_project_contributors.apply(example_project_contributors => example_project_contributors.id),
        permissions: {
            RemoveOthersLocks: "Allow",
            ForcePush: "Deny",
        },
    });
    
    import pulumi
    import pulumi_azuredevops as azuredevops
    
    example = azuredevops.Project("example",
        name="Example Project",
        visibility="private",
        version_control="Git",
        work_item_template="Agile",
        description="Managed by Terraform")
    example_project_readers = azuredevops.get_group_output(project_id=example.id,
        name="Readers")
    example_project_contributors = azuredevops.get_group_output(project_id=example.id,
        name="Contributors")
    example_project_administrators = azuredevops.get_group_output(project_id=example.id,
        name="Project administrators")
    example_permissions = azuredevops.GitPermissions("example-permissions",
        project_id=example.id,
        principal=example_project_readers.id,
        permissions={
            "CreateRepository": "Deny",
            "DeleteRepository": "Deny",
            "RenameRepository": "NotSet",
        })
    example_git = azuredevops.Git("example",
        project_id=example.id,
        name="TestRepo",
        default_branch="refs/heads/master",
        initialization=azuredevops.GitInitializationArgs(
            init_type="Clean",
        ))
    example_repo_permissions = azuredevops.GitPermissions("example-repo-permissions",
        project_id=example_git.project_id,
        repository_id=example_git.id,
        principal=example_project_administrators.id,
        permissions={
            "RemoveOthersLocks": "Allow",
            "ManagePermissions": "Deny",
            "CreateTag": "Deny",
            "CreateBranch": "NotSet",
        })
    example_branch_permissions = azuredevops.GitPermissions("example-branch-permissions",
        project_id=example_git.project_id,
        repository_id=example_git.id,
        branch_name="master",
        principal=example_project_contributors.id,
        permissions={
            "RemoveOthersLocks": "Allow",
            "ForcePush": "Deny",
        })
    
    package main
    
    import (
    	"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
    	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
    )
    
    func main() {
    	pulumi.Run(func(ctx *pulumi.Context) error {
    		example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
    			Name:             pulumi.String("Example Project"),
    			Visibility:       pulumi.String("private"),
    			VersionControl:   pulumi.String("Git"),
    			WorkItemTemplate: pulumi.String("Agile"),
    			Description:      pulumi.String("Managed by Terraform"),
    		})
    		if err != nil {
    			return err
    		}
    		example_project_readers := azuredevops.LookupGroupOutput(ctx, azuredevops.GetGroupOutputArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Readers"),
    		}, nil)
    		example_project_contributors := azuredevops.LookupGroupOutput(ctx, azuredevops.GetGroupOutputArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Contributors"),
    		}, nil)
    		example_project_administrators := azuredevops.LookupGroupOutput(ctx, azuredevops.GetGroupOutputArgs{
    			ProjectId: example.ID(),
    			Name:      pulumi.String("Project administrators"),
    		}, nil)
    		_, err = azuredevops.NewGitPermissions(ctx, "example-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId: example.ID(),
    			Principal: example_project_readers.ApplyT(func(example_project_readers azuredevops.GetGroupResult) (*string, error) {
    				return &example_project_readers.Id, nil
    			}).(pulumi.StringPtrOutput),
    			Permissions: pulumi.StringMap{
    				"CreateRepository": pulumi.String("Deny"),
    				"DeleteRepository": pulumi.String("Deny"),
    				"RenameRepository": pulumi.String("NotSet"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		exampleGit, err := azuredevops.NewGit(ctx, "example", &azuredevops.GitArgs{
    			ProjectId:     example.ID(),
    			Name:          pulumi.String("TestRepo"),
    			DefaultBranch: pulumi.String("refs/heads/master"),
    			Initialization: &azuredevops.GitInitializationArgs{
    				InitType: pulumi.String("Clean"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuredevops.NewGitPermissions(ctx, "example-repo-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId:    exampleGit.ProjectId,
    			RepositoryId: exampleGit.ID(),
    			Principal: example_project_administrators.ApplyT(func(example_project_administrators azuredevops.GetGroupResult) (*string, error) {
    				return &example_project_administrators.Id, nil
    			}).(pulumi.StringPtrOutput),
    			Permissions: pulumi.StringMap{
    				"RemoveOthersLocks": pulumi.String("Allow"),
    				"ManagePermissions": pulumi.String("Deny"),
    				"CreateTag":         pulumi.String("Deny"),
    				"CreateBranch":      pulumi.String("NotSet"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		_, err = azuredevops.NewGitPermissions(ctx, "example-branch-permissions", &azuredevops.GitPermissionsArgs{
    			ProjectId:    exampleGit.ProjectId,
    			RepositoryId: exampleGit.ID(),
    			BranchName:   pulumi.String("master"),
    			Principal: example_project_contributors.ApplyT(func(example_project_contributors azuredevops.GetGroupResult) (*string, error) {
    				return &example_project_contributors.Id, nil
    			}).(pulumi.StringPtrOutput),
    			Permissions: pulumi.StringMap{
    				"RemoveOthersLocks": pulumi.String("Allow"),
    				"ForcePush":         pulumi.String("Deny"),
    			},
    		})
    		if err != nil {
    			return err
    		}
    		return nil
    	})
    }
    
    using System.Collections.Generic;
    using System.Linq;
    using Pulumi;
    using AzureDevOps = Pulumi.AzureDevOps;
    
    return await Deployment.RunAsync(() => 
    {
        var example = new AzureDevOps.Project("example", new()
        {
            Name = "Example Project",
            Visibility = "private",
            VersionControl = "Git",
            WorkItemTemplate = "Agile",
            Description = "Managed by Terraform",
        });
    
        var example_project_readers = AzureDevOps.GetGroup.Invoke(new()
        {
            ProjectId = example.Id,
            Name = "Readers",
        });
    
        var example_project_contributors = AzureDevOps.GetGroup.Invoke(new()
        {
            ProjectId = example.Id,
            Name = "Contributors",
        });
    
        var example_project_administrators = AzureDevOps.GetGroup.Invoke(new()
        {
            ProjectId = example.Id,
            Name = "Project administrators",
        });
    
        var example_permissions = new AzureDevOps.GitPermissions("example-permissions", new()
        {
            ProjectId = example.Id,
            Principal = example_project_readers.Apply(example_project_readers => example_project_readers.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "CreateRepository", "Deny" },
                { "DeleteRepository", "Deny" },
                { "RenameRepository", "NotSet" },
            },
        });
    
        var exampleGit = new AzureDevOps.Git("example", new()
        {
            ProjectId = example.Id,
            Name = "TestRepo",
            DefaultBranch = "refs/heads/master",
            Initialization = new AzureDevOps.Inputs.GitInitializationArgs
            {
                InitType = "Clean",
            },
        });
    
        var example_repo_permissions = new AzureDevOps.GitPermissions("example-repo-permissions", new()
        {
            ProjectId = exampleGit.ProjectId,
            RepositoryId = exampleGit.Id,
            Principal = example_project_administrators.Apply(example_project_administrators => example_project_administrators.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "RemoveOthersLocks", "Allow" },
                { "ManagePermissions", "Deny" },
                { "CreateTag", "Deny" },
                { "CreateBranch", "NotSet" },
            },
        });
    
        var example_branch_permissions = new AzureDevOps.GitPermissions("example-branch-permissions", new()
        {
            ProjectId = exampleGit.ProjectId,
            RepositoryId = exampleGit.Id,
            BranchName = "master",
            Principal = example_project_contributors.Apply(example_project_contributors => example_project_contributors.Apply(getGroupResult => getGroupResult.Id)),
            Permissions = 
            {
                { "RemoveOthersLocks", "Allow" },
                { "ForcePush", "Deny" },
            },
        });
    
    });
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.azuredevops.Project;
    import com.pulumi.azuredevops.ProjectArgs;
    import com.pulumi.azuredevops.AzuredevopsFunctions;
    import com.pulumi.azuredevops.inputs.GetGroupArgs;
    import com.pulumi.azuredevops.GitPermissions;
    import com.pulumi.azuredevops.GitPermissionsArgs;
    import com.pulumi.azuredevops.Git;
    import com.pulumi.azuredevops.GitArgs;
    import com.pulumi.azuredevops.inputs.GitInitializationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var example = new Project("example", ProjectArgs.builder()        
                .name("Example Project")
                .visibility("private")
                .versionControl("Git")
                .workItemTemplate("Agile")
                .description("Managed by Terraform")
                .build());
    
            final var example-project-readers = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .projectId(example.id())
                .name("Readers")
                .build());
    
            final var example-project-contributors = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .projectId(example.id())
                .name("Contributors")
                .build());
    
            final var example-project-administrators = AzuredevopsFunctions.getGroup(GetGroupArgs.builder()
                .projectId(example.id())
                .name("Project administrators")
                .build());
    
            var example_permissions = new GitPermissions("example-permissions", GitPermissionsArgs.builder()        
                .projectId(example.id())
                .principal(example_project_readers.applyValue(example_project_readers -> example_project_readers.id()))
                .permissions(Map.ofEntries(
                    Map.entry("CreateRepository", "Deny"),
                    Map.entry("DeleteRepository", "Deny"),
                    Map.entry("RenameRepository", "NotSet")
                ))
                .build());
    
            var exampleGit = new Git("exampleGit", GitArgs.builder()        
                .projectId(example.id())
                .name("TestRepo")
                .defaultBranch("refs/heads/master")
                .initialization(GitInitializationArgs.builder()
                    .initType("Clean")
                    .build())
                .build());
    
            var example_repo_permissions = new GitPermissions("example-repo-permissions", GitPermissionsArgs.builder()        
                .projectId(exampleGit.projectId())
                .repositoryId(exampleGit.id())
                .principal(example_project_administrators.applyValue(example_project_administrators -> example_project_administrators.id()))
                .permissions(Map.ofEntries(
                    Map.entry("RemoveOthersLocks", "Allow"),
                    Map.entry("ManagePermissions", "Deny"),
                    Map.entry("CreateTag", "Deny"),
                    Map.entry("CreateBranch", "NotSet")
                ))
                .build());
    
            var example_branch_permissions = new GitPermissions("example-branch-permissions", GitPermissionsArgs.builder()        
                .projectId(exampleGit.projectId())
                .repositoryId(exampleGit.id())
                .branchName("master")
                .principal(example_project_contributors.applyValue(example_project_contributors -> example_project_contributors.id()))
                .permissions(Map.ofEntries(
                    Map.entry("RemoveOthersLocks", "Allow"),
                    Map.entry("ForcePush", "Deny")
                ))
                .build());
    
        }
    }
    
    resources:
      example:
        type: azuredevops:Project
        properties:
          name: Example Project
          visibility: private
          versionControl: Git
          workItemTemplate: Agile
          description: Managed by Terraform
      example-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${example.id}
          principal: ${["example-project-readers"].id}
          permissions:
            CreateRepository: Deny
            DeleteRepository: Deny
            RenameRepository: NotSet
      exampleGit:
        type: azuredevops:Git
        name: example
        properties:
          projectId: ${example.id}
          name: TestRepo
          defaultBranch: refs/heads/master
          initialization:
            initType: Clean
      example-repo-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${exampleGit.projectId}
          repositoryId: ${exampleGit.id}
          principal: ${["example-project-administrators"].id}
          permissions:
            RemoveOthersLocks: Allow
            ManagePermissions: Deny
            CreateTag: Deny
            CreateBranch: NotSet
      example-branch-permissions:
        type: azuredevops:GitPermissions
        properties:
          projectId: ${exampleGit.projectId}
          repositoryId: ${exampleGit.id}
          branchName: master
          principal: ${["example-project-contributors"].id}
          permissions:
            RemoveOthersLocks: Allow
            ForcePush: Deny
    variables:
      example-project-readers:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            projectId: ${example.id}
            name: Readers
      example-project-contributors:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            projectId: ${example.id}
            name: Contributors
      example-project-administrators:
        fn::invoke:
          Function: azuredevops:getGroup
          Arguments:
            projectId: ${example.id}
            name: Project administrators
    

    PAT Permissions Required

    • Project & Team: vso.security_manage - Grants the ability to read, write, and manage security permissions.

    Create GitPermissions Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new GitPermissions(name: string, args: GitPermissionsArgs, opts?: CustomResourceOptions);
    @overload
    def GitPermissions(resource_name: str,
                       args: GitPermissionsArgs,
                       opts: Optional[ResourceOptions] = None)
    
    @overload
    def GitPermissions(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       permissions: Optional[Mapping[str, str]] = None,
                       principal: Optional[str] = None,
                       project_id: Optional[str] = None,
                       branch_name: Optional[str] = None,
                       replace: Optional[bool] = None,
                       repository_id: Optional[str] = None)
    func NewGitPermissions(ctx *Context, name string, args GitPermissionsArgs, opts ...ResourceOption) (*GitPermissions, error)
    public GitPermissions(string name, GitPermissionsArgs args, CustomResourceOptions? opts = null)
    public GitPermissions(String name, GitPermissionsArgs args)
    public GitPermissions(String name, GitPermissionsArgs args, CustomResourceOptions options)
    
    type: azuredevops:GitPermissions
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args GitPermissionsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args GitPermissionsArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args GitPermissionsArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args GitPermissionsArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args GitPermissionsArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var gitPermissionsResource = new AzureDevOps.GitPermissions("gitPermissionsResource", new()
    {
        Permissions = 
        {
            { "string", "string" },
        },
        Principal = "string",
        ProjectId = "string",
        BranchName = "string",
        Replace = false,
        RepositoryId = "string",
    });
    
    example, err := azuredevops.NewGitPermissions(ctx, "gitPermissionsResource", &azuredevops.GitPermissionsArgs{
    	Permissions: pulumi.StringMap{
    		"string": pulumi.String("string"),
    	},
    	Principal:    pulumi.String("string"),
    	ProjectId:    pulumi.String("string"),
    	BranchName:   pulumi.String("string"),
    	Replace:      pulumi.Bool(false),
    	RepositoryId: pulumi.String("string"),
    })
    
    var gitPermissionsResource = new GitPermissions("gitPermissionsResource", GitPermissionsArgs.builder()
        .permissions(Map.of("string", "string"))
        .principal("string")
        .projectId("string")
        .branchName("string")
        .replace(false)
        .repositoryId("string")
        .build());
    
    git_permissions_resource = azuredevops.GitPermissions("gitPermissionsResource",
        permissions={
            "string": "string",
        },
        principal="string",
        project_id="string",
        branch_name="string",
        replace=False,
        repository_id="string")
    
    const gitPermissionsResource = new azuredevops.GitPermissions("gitPermissionsResource", {
        permissions: {
            string: "string",
        },
        principal: "string",
        projectId: "string",
        branchName: "string",
        replace: false,
        repositoryId: "string",
    });
    
    type: azuredevops:GitPermissions
    properties:
        branchName: string
        permissions:
            string: string
        principal: string
        projectId: string
        replace: false
        repositoryId: string
    

    GitPermissions Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The GitPermissions resource accepts the following input properties:

    Permissions Dictionary<string, string>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    Principal string
    The group principal to assign the permissions.
    ProjectId string
    The ID of the project to assign the permissions.
    BranchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    Replace bool
    Replace (true) or merge (false) the permissions. Default: true
    RepositoryId string
    The ID of the GIT repository to assign the permissions
    Permissions map[string]string

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    Principal string
    The group principal to assign the permissions.
    ProjectId string
    The ID of the project to assign the permissions.
    BranchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    Replace bool
    Replace (true) or merge (false) the permissions. Default: true
    RepositoryId string
    The ID of the GIT repository to assign the permissions
    permissions Map<String,String>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal String
    The group principal to assign the permissions.
    projectId String
    The ID of the project to assign the permissions.
    branchName String

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    replace Boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId String
    The ID of the GIT repository to assign the permissions
    permissions {[key: string]: string}

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal string
    The group principal to assign the permissions.
    projectId string
    The ID of the project to assign the permissions.
    branchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    replace boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId string
    The ID of the GIT repository to assign the permissions
    permissions Mapping[str, str]

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal str
    The group principal to assign the permissions.
    project_id str
    The ID of the project to assign the permissions.
    branch_name str

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    replace bool
    Replace (true) or merge (false) the permissions. Default: true
    repository_id str
    The ID of the GIT repository to assign the permissions
    permissions Map<String>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal String
    The group principal to assign the permissions.
    projectId String
    The ID of the project to assign the permissions.
    branchName String

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    replace Boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId String
    The ID of the GIT repository to assign the permissions

    Outputs

    All input properties are implicitly available as output properties. Additionally, the GitPermissions resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    Id string
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.
    id string
    The provider-assigned unique ID for this managed resource.
    id str
    The provider-assigned unique ID for this managed resource.
    id String
    The provider-assigned unique ID for this managed resource.

    Look up Existing GitPermissions Resource

    Get an existing GitPermissions resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: GitPermissionsState, opts?: CustomResourceOptions): GitPermissions
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            branch_name: Optional[str] = None,
            permissions: Optional[Mapping[str, str]] = None,
            principal: Optional[str] = None,
            project_id: Optional[str] = None,
            replace: Optional[bool] = None,
            repository_id: Optional[str] = None) -> GitPermissions
    func GetGitPermissions(ctx *Context, name string, id IDInput, state *GitPermissionsState, opts ...ResourceOption) (*GitPermissions, error)
    public static GitPermissions Get(string name, Input<string> id, GitPermissionsState? state, CustomResourceOptions? opts = null)
    public static GitPermissions get(String name, Output<String> id, GitPermissionsState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    BranchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    Permissions Dictionary<string, string>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    Principal string
    The group principal to assign the permissions.
    ProjectId string
    The ID of the project to assign the permissions.
    Replace bool
    Replace (true) or merge (false) the permissions. Default: true
    RepositoryId string
    The ID of the GIT repository to assign the permissions
    BranchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    Permissions map[string]string

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    Principal string
    The group principal to assign the permissions.
    ProjectId string
    The ID of the project to assign the permissions.
    Replace bool
    Replace (true) or merge (false) the permissions. Default: true
    RepositoryId string
    The ID of the GIT repository to assign the permissions
    branchName String

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    permissions Map<String,String>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal String
    The group principal to assign the permissions.
    projectId String
    The ID of the project to assign the permissions.
    replace Boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId String
    The ID of the GIT repository to assign the permissions
    branchName string

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    permissions {[key: string]: string}

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal string
    The group principal to assign the permissions.
    projectId string
    The ID of the project to assign the permissions.
    replace boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId string
    The ID of the GIT repository to assign the permissions
    branch_name str

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    permissions Mapping[str, str]

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal str
    The group principal to assign the permissions.
    project_id str
    The ID of the project to assign the permissions.
    replace bool
    Replace (true) or merge (false) the permissions. Default: true
    repository_id str
    The ID of the GIT repository to assign the permissions
    branchName String

    The name of the branch to assign the permissions.

    Note to assign permissions to a branch, the repository_id must be set as well.

    permissions Map<String>

    the permissions to assign. The follwing permissions are available

    | Permissions | Description | |-------------------------|--------------------------------------------------------| | Administer | Administer | | GenericRead | Read | | GenericContribute | Contribute | | ForcePush | Force push (rewrite history, delete branches and tags) | | CreateBranch | Create branch | | CreateTag | Create tag | | ManageNote | Manage notes | | PolicyExempt | Bypass policies when pushing | | CreateRepository | Create repository | | DeleteRepository | Delete repository | | RenameRepository | Rename repository | | EditPolicies | Edit policies | | RemoveOthersLocks | Remove others' locks | | ManagePermissions | Manage permissions | | PullRequestContribute | Contribute to pull requests | | PullRequestBypassPolicy | Bypass policies when completing pull requests |

    principal String
    The group principal to assign the permissions.
    projectId String
    The ID of the project to assign the permissions.
    replace Boolean
    Replace (true) or merge (false) the permissions. Default: true
    repositoryId String
    The ID of the GIT repository to assign the permissions

    Import

    The resource does not support import.

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Azure DevOps pulumi/pulumi-azuredevops
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the azuredevops Terraform Provider.
    azuredevops logo
    Azure DevOps v3.1.1 published on Monday, May 20, 2024 by Pulumi