Add support for creating and removing agent pools

[jcorioland]

Now that the Azure DevOps provider for Terraform is released, we can add the support in this module for adding/removing the agent pool, instead of requiring these pools to be created before the module is used.

[sdib]

When implementing this feature, would it also make sense to include authorizations on the agent pool to Azure DevOps projects ?
I think this could be done using agent_queues and resource authorization

[jcorioland]

@sdib I think it makes sense yes, but it should be optional. Not all organizations manage agent pool queues / authorizations at deployment time. Do you think it's possible?

[sdib]

@jcorioland yes I think so, using a flag for example.
we might also want to let the module consumer to provide projects IDs for which the agent pool should be authorized. This could also be a way to have it optional. What do you think ?

[jcorioland]

@sdib I like the idea! Can you please make a proposal of what the TF configuration could look like so we can validate the idea and then move to the implementation? Are you willing to do it?

[sdib]

hello @jcorioland I think it could look like something like this :

variable "authorized_to_linux_pool_projects_names" {
  type     = list(string)
  default = []
}

variable "authorized_to_windows_pool_projects_names" {
  type     = list(string)
  default = []
}

data "azuredevops_projects" "linux_pool_projects" {
  for_each = var.authorized_to_linux_pool_projects_names

  name = each.value
  state  = "wellFormed"
}

data "azuredevops_projects" "windows_pool_projects" {
  for_each = var.authorized_to_windows_pool_projects_names

  name = each.value
  state  = "wellFormed"
}

resource "azuredevops_agent_pool" "linux" {
  count = var.linux_agents_configuration != null && var.create_agent_pool  ? 1 : 0 

  name           = var.linux_agents_configuration.agent_pool_name
}

resource "azuredevops_agent_pool" "windows" {
  count = var.windows_agents_configuration != null && var.create_agent_pool  ? 1 : 0 

  name           = var.windows_agents_configuration.agent_pool_name
}

resource "azuredevops_agent_queue" "linux" {
  for_each      = { for project in data.azuredevops_projects.linux_pool_projects.*.projects : project.project_id => project.project_id }
  
  project_id    = each.value
  agent_pool_id = azuredevops_agent_pool.linux.id
}

resource "azuredevops_resource_authorization" "linux_pool_authorization" {
  for_each    = { for project in data.azuredevops_projects.linux_pool_projects.*.projects : project.project_id => project.project_id }
  
  project_id  = each.value
  resource_id = azuredevops_agent_queue.this[each.value].id
  type        = "queue"
  authorized  = true
}

resource "azuredevops_agent_queue" "windows_agent_queue" {
  for_each      = { for project in data.azuredevops_projects.windows_pool_projects.*.projects : project.project_id => project.project_id }
  
  project_id    = each.value
  agent_pool_id =  azuredevops_agent_pool.windows.id
}

resource "azuredevops_resource_authorization" "windows_pool_authorization" {
  for_each    = { for project in data.azuredevops_projects.windows_pool_projects.*.projects : project.project_id => project.project_id }
  
  project_id  = each.value
  resource_id = azuredevops_agent_queue.this[each.value].id
  type        = "queue"
  authorized  = true
}

I'm happy to implement this once we agree on the design

[jcorioland]

@sdib thanks for the proposal! it looks good to me. Let me know if I can help.

[jcorioland]

hey @sdib, have you been able to make some progress on this item? thanks!

[sdib]

hello @nathanchere, I didn't had time to progress on this, if you can take it over, please go ahead.

[jcorioland]

@nathanchere is it something you are interested to work on?