Group

Manages a group within Azure DevOps.

Relevant Links

Azure DevOps Service REST API 5.1 - Groups

PAT Permissions Required

Project & Team: Read, Write, & Manage

Example Usage

using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;

class MyStack : Stack
{
    public MyStack()
    {
        var project = new AzureDevOps.Core.Project("project", new AzureDevOps.Core.ProjectArgs
        {
            ProjectName = "Test Project",
        });
        var tf_project_readers = project.Id.Apply(id => AzureDevOps.Identities.GetGroup.InvokeAsync(new AzureDevOps.Identities.GetGroupArgs
        {
            ProjectId = id,
            Name = "Readers",
        }));
        var tf_project_contributors = project.Id.Apply(id => AzureDevOps.Identities.GetGroup.InvokeAsync(new AzureDevOps.Identities.GetGroupArgs
        {
            ProjectId = id,
            Name = "Contributors",
        }));
        var @group = new AzureDevOps.Identities.Group("group", new AzureDevOps.Identities.GroupArgs
        {
            Scope = project.Id,
            DisplayName = "Test group",
            Description = "Test description",
            Members = 
            {
                tf_project_readers.Apply(tf_project_readers => tf_project_readers.Descriptor),
                tf_project_contributors.Apply(tf_project_contributors => tf_project_contributors.Descriptor),
            },
        });
    }

}

Coming soon!

import pulumi
import pulumi_azuredevops as azuredevops

project = azuredevops.core.Project("project", project_name="Test Project")
tf_project_readers = project.id.apply(lambda id: azuredevops.Identities.get_group(project_id=id,
    name="Readers"))
tf_project_contributors = project.id.apply(lambda id: azuredevops.Identities.get_group(project_id=id,
    name="Contributors"))
group = azuredevops.identities.Group("group",
    scope=project.id,
    display_name="Test group",
    description="Test description",
    members=[
        tf_project_readers.descriptor,
        tf_project_contributors.descriptor,
    ])

import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";

const project = new azuredevops.Core.Project("project", {projectName: "Test Project"});
const tf-project-readers = project.id.apply(id => azuredevops.Identities.getGroup({
    projectId: id,
    name: "Readers",
}));
const tf-project-contributors = project.id.apply(id => azuredevops.Identities.getGroup({
    projectId: id,
    name: "Contributors",
}));
const group = new azuredevops.Identities.Group("group", {
    scope: project.id,
    displayName: "Test group",
    description: "Test description",
    members: [
        tf_project_readers.descriptor,
        tf_project_contributors.descriptor,
    ],
});

Create a Group Resource

new Group(name: string, args?: GroupArgs, opts?: CustomResourceOptions);

def Group(resource_name, opts=None, description=None, display_name=None, mail=None, members=None, origin_id=None, scope=None, __props__=None);

func NewGroup(ctx *Context, name string, args *GroupArgs, opts ...ResourceOption) (*Group, error)

public Group(string name, GroupArgs? args = null, CustomResourceOptions? opts = null)

name string: The unique name of the resource.
args GroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
opts ResourceOptions: A bag of options that control this resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args GroupArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args GroupArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

Group Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Programming Model docs.

Inputs

The Group resource accepts the following input properties:

Description string: The Description of the Project.
DisplayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
Mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
Members List<string>: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
OriginId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
Scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

Description string: The Description of the Project.
DisplayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
Mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
Members []string: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
OriginId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
Scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

description string: The Description of the Project.
displayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members string[]: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
originId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

description str: The Description of the Project.
display_name str: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
mail str: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members List[str]: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
origin_id str: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
scope str: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

Outputs

All input properties are implicitly available as output properties. Additionally, the Group resource produces the following output properties:

Descriptor string: The identity (subject) descriptor of the Group.
Domain string: This represents the name of the container of origin for a graph member.
Id string: The provider-assigned unique ID for this managed resource.
Origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
PrincipalName string: This is the PrincipalName of this graph member from the source provider.
SubjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
Url string: This url is the full route to the source resource of this graph subject.

Descriptor string: The identity (subject) descriptor of the Group.
Domain string: This represents the name of the container of origin for a graph member.
Id string: The provider-assigned unique ID for this managed resource.
Origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
PrincipalName string: This is the PrincipalName of this graph member from the source provider.
SubjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
Url string: This url is the full route to the source resource of this graph subject.

descriptor string: The identity (subject) descriptor of the Group.
domain string: This represents the name of the container of origin for a graph member.
id string: The provider-assigned unique ID for this managed resource.
origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
principalName string: This is the PrincipalName of this graph member from the source provider.
subjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
url string: This url is the full route to the source resource of this graph subject.

descriptor str: The identity (subject) descriptor of the Group.
domain str: This represents the name of the container of origin for a graph member.
id str: The provider-assigned unique ID for this managed resource.
origin str: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
principal_name str: This is the PrincipalName of this graph member from the source provider.
subject_kind str: This field identifies the type of the graph subject (ex: Group, Scope, User).
url str: This url is the full route to the source resource of this graph subject.

Look up an Existing Group Resource

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: GroupState, opts?: CustomResourceOptions): Group

static get(resource_name, id, opts=None, description=None, descriptor=None, display_name=None, domain=None, mail=None, members=None, origin=None, origin_id=None, principal_name=None, scope=None, subject_kind=None, url=None, __props__=None);

func GetGroup(ctx *Context, name string, id IDInput, state *GroupState, opts ...ResourceOption) (*Group, error)

public static Group Get(string name, Input<string> id, GroupState? state, CustomResourceOptions? opts = null)

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

Description string: The Description of the Project.
Descriptor string: The identity (subject) descriptor of the Group.
DisplayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
Domain string: This represents the name of the container of origin for a graph member.
Mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
Members List<string>: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
Origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
OriginId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
PrincipalName string: This is the PrincipalName of this graph member from the source provider.
Scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
SubjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
Url string: This url is the full route to the source resource of this graph subject.

Description string: The Description of the Project.
Descriptor string: The identity (subject) descriptor of the Group.
DisplayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
Domain string: This represents the name of the container of origin for a graph member.
Mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
Members []string: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
Origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
OriginId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
PrincipalName string: This is the PrincipalName of this graph member from the source provider.
Scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
SubjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
Url string: This url is the full route to the source resource of this graph subject.

description string: The Description of the Project.
descriptor string: The identity (subject) descriptor of the Group.
displayName string: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
domain string: This represents the name of the container of origin for a graph member.
mail string: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members string[]: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
origin string: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
originId string: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
principalName string: This is the PrincipalName of this graph member from the source provider.
scope string: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
subjectKind string: This field identifies the type of the graph subject (ex: Group, Scope, User).
url string: This url is the full route to the source resource of this graph subject.

description str: The Description of the Project.
descriptor str: The identity (subject) descriptor of the Group.
display_name str: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
domain str: This represents the name of the container of origin for a graph member.
mail str: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members List[str]: NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
origin str: The type of source provider for the origin identifier (ex:AD, AAD, MSA)
origin_id str: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
principal_name str: This is the PrincipalName of this graph member from the source provider.
scope str: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
subject_kind str: This field identifies the type of the graph subject (ex: Group, Scope, User).
url str: This url is the full route to the source resource of this graph subject.

Package Details

Repository: https://github.com/pulumi/pulumi-azuredevops
License: Apache-2.0
Notes: This Pulumi package is based on the azuredevops Terraform Provider.

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud