Skip to content

Creates an Azure DevOps service connection with a service principal and optionally grants rights on a subscription as well.

License

Notifications You must be signed in to change notification settings

qbeyond/terraform-azuredevops-service-connection

Repository files navigation

DevOps Service Connection

Use this module to create a service connection and the corresponding service principal.

Usage

It's very easy to use!

terraform {
  required_providers {
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = "~> 0.4.0"
    }
    azuread = {
      source  = "hashicorp/azuread"
      version = "~> 2.39.0"
    }
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.63.0"
    }
  }
}

provider "azuread" {}

provider "azurerm" {
  features {}
}

provider "azuredevops" {
  org_service_url = "<yourDevopsUrl>"
  personal_access_token = "<yourPAT>"
}

data "azuredevops_project" "example" {
  name = "Example Project"
}

data "azurerm_subscription" "current" {}

module "service_connection" {
  source = "../.."
  azure_devops_project = data.azuredevops_project.example
  display_name = data.azurerm_subscription.current.display_name
  subscription_id = data.azurerm_subscription.current.subscription_id
  subscription_name = data.azurerm_subscription.current.display_name
  tenant_id = data.azurerm_subscription.current.tenant_id
}

Requirements

Name Version
azuread ~> 2.39.0
azuredevops ~> 0.4.0
azurerm ~> 3.90.0

Inputs

Name Description Type Default Required
azure_devops_project Azure DevOps project to create the service connection in.
object({
name = string
id = string
})
n/a yes
display_name Display name of Service principal (prefix: sp-) and service connection (prefix: sc-azurerm-). string n/a yes
subscription_id ID of subscription to create service connection to. string n/a yes
subscription_name Name of subscription to create service connection to. string n/a yes
tenant_id Tenant of the service principal. string n/a yes
application Optional azuread_application if one already exists.
object({
object_id = string
application_id = string
})
null no
application_permission The permission the serviceprincipal gets on the target subscription. Defaults to Contributor. string "Contributor" no
service_connection_suffix Suffix of the service connection name. Defaults to devops-01 string "devops-01" no

Outputs

Name Description
application Created azuread_application by this module for reuse in other service connections or null if already exists.
service_endpoint Service Endpoint for the created service connection
service_principal_object_id Object Id of created Service Principle
  ## Resource types

  | Type | Used |
  |------|-------|
    | [azuread_application](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application) | 1 |
    | [azuread_application_password](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_password) | 1 |
    | [azuread_service_principal](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | 1 |
    | [azuredevops_serviceendpoint_azurerm](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/serviceendpoint_azurerm) | 1 |
    | [azurerm_role_assignment](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | 1 |

  **`Used` only includes resource blocks.** `for_each` and `count` meta arguments, as well as resource blocks of modules are not considered.

Modules

No modules.

    ## Resources by Files

        ### main.tf

        | Name | Type |
        |------|------|
              | [azuread_application.this](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application) | resource |
              | [azuread_application_password.this](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/application_password) | resource |
              | [azuread_service_principal.this](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/resources/service_principal) | resource |
              | [azuredevops_serviceendpoint_azurerm.this](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/serviceendpoint_azurerm) | resource |
              | [azurerm_role_assignment.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |
              | [azuread_client_config.current](https://registry.terraform.io/providers/hashicorp/azuread/latest/docs/data-sources/client_config) | data source |

About

Creates an Azure DevOps service connection with a service principal and optionally grants rights on a subscription as well.

Resources

License

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages