Skip to content

Latest commit

 

History

History
76 lines (58 loc) · 3.18 KB

group.html.markdown

File metadata and controls

76 lines (58 loc) · 3.18 KB
Raw
layout page_title description
azuredevops
AzureDevops: azuredevops_group
Manages a group within Azure DevOps organization.

azuredevops_group

Manages a group within Azure DevOps.

Example Usage

resource "azuredevops_project" "p" {
  project_name = "Test Project"
}

data "azuredevops_group" "tf-project-readers" {
  project_id = azuredevops_project.p.id
  name       = "Readers"
}

data "azuredevops_group" "tf-project-contributors" {
  project_id = azuredevops_project.p.id
  name       = "Contributors"
}

resource "azuredevops_group" "g" {
  scope        = azuredevops_project.p.id
  display_name = "Test group"
  description  = "Test description"

  members = [
    data.azuredevops_group.tf-project-readers.descriptor,
    data.azuredevops_group.tf-project-contributors.descriptor
  ]
}

Argument Reference

The following arguments are supported:

  • scope - (Optional) The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
  • origin_id - (Optional) The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
  • mail - (Optional) The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
  • display_name - (Optional) The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
  • description - (Optional) The Description of the Project.
  • members - (Optional)

NOTE: It's possible to define group members both within the azuredevops_group resource via the members block and by using the azuredevops_group_membership resource. However it's not possible to use both methods to manage group members, since there'll be conflicts.

Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the Group.
  • url - This url is the full route to the source resource of this graph subject.
  • origin - The type of source provider for the origin identifier (ex:AD, AAD, MSA)
  • subject_kind - This field identifies the type of the graph subject (ex: Group, Scope, User).
  • domain - This represents the name of the container of origin for a graph member.
  • principal_name - This is the PrincipalName of this graph member from the source provider.
  • descriptor - The identity (subject) descriptor of the Group.

Relevant Links

Import

Azure DevOps Projects can be imported using the group identity descriptor, e.g.

terraform import azuredevops_project.id aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU

PAT Permissions Required

  • Project & Team: Read, Write, & Manage