Referencing predefined "Project Viewer"/"Project Planner"/"Project Deployer"/"Project Admin" in a env0_team_environment_assignment

Question

Referencing predefined "Project Viewer"/"Project Planner"/"Project Deployer"/"Project Admin" in a env0_team_environment_assignment

ankon opened this issue 4 months ago · comments

Is your feature request related to a problem? Please describe.

For a business/enterprise plan one can create env0_custom_role resources, or use a data source to find the id that one uses in this snippet:

data "env0_custom_role" "team role" {
  name = "Known Role"
}

resource "env0_team_environment_assignment" "assignment" {
  team_id        = var.team_id
  environment_id = env0_environment.environment.id
  role_id        = data.env0_custom_role.role.team_role.id
}

But: How would I reference the existing roles that exist also on the pro plan?

I tried in vain:

data "env0_custom_role" "team_deployer" {
  name = "Project Deployer"
}

Describe the solution you'd like

I guess a couple:

Have a data source for the predefined roles?
Have a way to see the ids in the UI so I can hard-code them?
Make the above data "env0_custom_role" work?

Describe alternatives you've considered

Buy the business/enterprise plan, and make my own roles.
Assign the roles manually in the UI, if needed with some ignore_changes magic

Additional context

The env0_custom_role produces:

│ Error: schema resource data serialization failed: id is empty
│ 
│   with module.XXXX.data.env0_custom_role.team_role,
│   on modules/env0/environment/main.tf line 80, in data "env0_custom_role" "team_role":
│   80: data "env0_custom_role" "team_role" {
│

tomporat247 · Answer 1 · Mon Apr 01 2024 19:36:47 GMT+0800 (China Standard Time)

Hey, thank you bringing this up - we are looking into it 🙏

tomporat247 · Answer 2 · Wed Apr 03 2024 20:17:51 GMT+0800 (China Standard Time)

Hey @ankon, we've looked into this request and we have an answer.

The env0_custom_role data resource is designed to be used with custom roles (which are eligible for higher tiers).
If you wish to use the default roles (the ones that exist on the "pro" tier) you can simply pass the literal id of the role you wish to use, here is an example:

resource "env0_team_environment_assignment" "assignment" {
  team_id        = var.team_id
  environment_id = env0_environment.environment.id
  role_id        = "User"
}

Here is the "mapping" of the roles you can pass:
Organization roles - User / Admin
Project roles - Viewer / Planner / Deployer / Admin
Environment roles - Viewer / Planner / Deployer / Admin

Andreas Kohn · Answer 3 · Fri Apr 05 2024 21:44:40 GMT+0800 (China Standard Time)

Thanks a lot, going to try that!

I guess then the ask here is: Can this be documented on the resources for the future?

tomporat247 · Answer 4 · Sat Apr 06 2024 18:25:34 GMT+0800 (China Standard Time)

Yes of course, that's a very welcomed suggestion :)