layout | page_title | description |
---|---|---|
azuredevops |
AzureDevops: azuredevops_group |
Manages a group within Azure DevOps organization. |
Manages a group within Azure DevOps.
resource "azuredevops_project" "p" {
name = "Test Project"
}
data "azuredevops_group" "tf-project-readers" {
project_id = azuredevops_project.p.id
name = "Readers"
}
data "azuredevops_group" "tf-project-contributors" {
project_id = azuredevops_project.p.id
name = "Contributors"
}
resource "azuredevops_group" "g" {
scope = azuredevops_project.p.id
display_name = "Test group"
description = "Test description"
members = [
data.azuredevops_group.tf-project-readers.descriptor,
data.azuredevops_group.tf-project-contributors.descriptor
]
}
The following arguments are supported:
scope
- (Optional) The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.xorigin_id
- (Optional) The OriginID as a reference to a group from an external AD or AAD backed provider. Thescope
,mail
anddisplay_name
arguments cannot be used simultaneously withorigin_id
.mail
- (Optional) The mail address as a reference to an existing group from an external AD or AAD backed provider. Thescope
,origin_id
anddisplay_name
arguments cannot be used simultaneously withmail
.display_name
- (Optional) The name of a new Azure DevOps group that is not backed by an external provider. Theorigin_id
andmail
arguments cannot be used simultaneously withdisplay_name
.description
- (Optional) The Description of the Project.members
- (Optional)NOTE: It's possible to define group members both within the
azuredevops_group
resource via the members block and by using theazuredevops_group_membership
resource. However it's not possible to use both methods to manage group members, since there'll be conflicts.
In addition to all arguments above, the following attributes are exported:
id
- The ID of the Group.url
- This url is the full route to the source resource of this graph subject.origin
- The type of source provider for the origin identifier (ex:AD, AAD, MSA)subject_kind
- This field identifies the type of the graph subject (ex: Group, Scope, User).domain
- This represents the name of the container of origin for a graph member.principal_name
- This is the PrincipalName of this graph member from the source provider.descriptor
- The identity (subject) descriptor of the Group.
Azure DevOps Projects can be imported using the group identity descriptor, e.g.
terraform import azuredevops_project.id aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU
- Project & Team: Read, Write, & Manage