» azuredevops_group

Manages a group within Azure DevOps.

» Example Usage

resource "azuredevops_project" "p" {
  project_name = "Test Project"

data "azuredevops_group" "tf-project-readers" {
  project_id = azuredevops_project.p.id
  name       = "Readers"

data "azuredevops_group" "tf-project-contributors" {
  project_id = azuredevops_project.p.id
  name       = "Contributors"

resource "azuredevops_group" "g" {
  scope        = azuredevops_project.p.id
  display_name = "Test group"
  description  = "Test description"

  members = [

» Argument Reference

The following arguments are supported:

  • scope - (Optional) The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
  • origin_id - (Optional) The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
  • mail - (Optional) The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
  • display_name - (Optional) The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
  • description - (Optional) The Description of the Project.
  • members - (Optional) > NOTE: It's possible to define group members both within the azuredevops_group resource via the members block and by using the azuredevops_group_membership resource. However it's not possible to use both methods to manage group members, since there'll be conflicts.

» Attributes Reference

In addition to all arguments above, the following attributes are exported:

  • id - The ID of the Group.
  • url - This url is the full route to the source resource of this graph subject.
  • origin - The type of source provider for the origin identifier (ex:AD, AAD, MSA)
  • subject_kind - This field identifies the type of the graph subject (ex: Group, Scope, User).
  • domain - This represents the name of the container of origin for a graph member.
  • principal_name - This is the PrincipalName of this graph member from the source provider.
  • descriptor - The identity (subject) descriptor of the Group.

» Import

Azure DevOps Projects can be imported using the group identity descriptor, e.g.

terraform import azuredevops_project.id aadgp.Uy0xLTktMTU1MTM3NDI0NS0xMjA0NDAwOTY5LTI0MDI5ODY0MTMtMjE3OTQwODYxNi0zLTIxNjc2NjQyNTMtMzI1Nzg0NDI4OS0yMjU4MjcwOTc0LTI2MDYxODY2NDU

» PAT Permissions Required

  • Project & Team: Read, Write, & Manage