1. Docs
  2. Reference
  3. API
  4. @pulumi/azuredevops
  5. Identities

Module Identities

This page documents the language specification for the azuredevops package. If you're looking for help working with the inputs, outputs, or functions of azuredevops resources in a Pulumi program, please see the resource documentation for examples and API reference.

Resources

Functions

Others

Resources

Resource Group

class Group extends CustomResource

Manages a group within Azure DevOps.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";

const project = new azuredevops.Core.Project("project", {projectName: "Test Project"});
const tf-project-readers = project.id.apply(id => azuredevops.Identities.getGroup({
    projectId: id,
    name: "Readers",
}));
const tf-project-contributors = project.id.apply(id => azuredevops.Identities.getGroup({
    projectId: id,
    name: "Contributors",
}));
const group = new azuredevops.Identities.Group("group", {
    scope: project.id,
    displayName: "Test group",
    description: "Test description",
    members: [
        tf_project_readers.descriptor,
        tf_project_contributors.descriptor,
    ],
});

PAT Permissions Required

  • Project & Team: Read, Write, & Manage

constructor

new Group(name: string, args?: GroupArgs, opts?: pulumi.CustomResourceOptions)

Create a Group resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupState, opts?: pulumi.CustomResourceOptions): Group

Get an existing Group resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is Group

Returns true if the given object is an instance of Group. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property description

public description: pulumi.Output<string | undefined>;

The Description of the Project.

property descriptor

public descriptor: pulumi.Output<string>;

The identity (subject) descriptor of the Group.

property displayName

public displayName: pulumi.Output<string>;

The name of a new Azure DevOps group that is not backed by an external provider. The originId and mail arguments cannot be used simultaneously with displayName.

property domain

public domain: pulumi.Output<string>;

This represents the name of the container of origin for a graph member.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property mail

public mail: pulumi.Output<string>;

The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, originId and displayName arguments cannot be used simultaneously with mail.

property members

public members: pulumi.Output<string[]>;

NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property origin

public origin: pulumi.Output<string>;

The type of source provider for the origin identifier (ex:AD, AAD, MSA)

property originId

public originId: pulumi.Output<string>;

The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and displayName arguments cannot be used simultaneously with originId.

property principalName

public principalName: pulumi.Output<string>;

This is the PrincipalName of this graph member from the source provider.

property scope

public scope: pulumi.Output<string | undefined>;

The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

property subjectKind

public subjectKind: pulumi.Output<string>;

This field identifies the type of the graph subject (ex: Group, Scope, User).

property url

public url: pulumi.Output<string>;

This url is the full route to the source resource of this graph subject.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Resource GroupMembership

class GroupMembership extends CustomResource

Manages group membership within Azure DevOps.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";

const project = new azuredevops.Core.Project("project", {projectName: "Test Project"});
const user = new azuredevops.Entitlement.User("user", {principalName: "foo@contoso.com"});
const group = project.id.apply(id => azuredevops.Identities.getGroup({
    projectId: id,
    name: "Build Administrators",
}));
const membership = new azuredevops.Identities.GroupMembership("membership", {
    group: group.descriptor,
    members: [user.descriptor],
});

PAT Permissions Required

  • Deployment Groups: Read & Manage

constructor

new GroupMembership(name: string, args: GroupMembershipArgs, opts?: pulumi.CustomResourceOptions)

Create a GroupMembership resource with the given unique name, arguments, and options.

  • name The unique name of the resource.
  • args The arguments to use to populate this resource's properties.
  • opts A bag of options that control this resource's behavior.

method get

public static get(name: string, id: pulumi.Input<pulumi.ID>, state?: GroupMembershipState, opts?: pulumi.CustomResourceOptions): GroupMembership

Get an existing GroupMembership resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

method getProvider

getProvider(moduleMember: string): ProviderResource | undefined

method isInstance

public static isInstance(obj: any): obj is GroupMembership

Returns true if the given object is an instance of GroupMembership. This is designed to work even when multiple copies of the Pulumi SDK have been loaded into the same process.

property group

public group: pulumi.Output<string>;

The descriptor of the group being managed.

property id

id: Output<ID>;

id is the provider-assigned unique ID for this managed resource. It is set during deployments and may be missing (undefined) during planning phases.

property members

public members: pulumi.Output<string[]>;

A list of user or group descriptors that will become members of the group. > NOTE: It’s possible to define group members both within the azuredevops.Identities.GroupMembership resource via the members block and by using the azuredevops.Identities.Group resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property mode

public mode: pulumi.Output<string | undefined>;

The mode how the resource manages group members. * mode == add: the resource will ensure that all specified members will be part of the referenced group * mode == overwrite: the resource will replace all existing members with the members specified within the members block > NOTE: To clear all members from a group, specify an empty list of descriptors in the members attribute and set the mode member to overwrite.

property urn

urn: Output<URN>;

urn is the stable logical URN used to distinctly address a resource, both before and after deployments.

Functions

Function getGroup

getGroup(args: GetGroupArgs, opts?: pulumi.InvokeOptions): Promise<GetGroupResult>

Use this data source to access information about an existing Group within Azure DevOps

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";

const project = azuredevops.Core.getProject({
    projectName: "contoso-project",
});
const test = project.then(project => azuredevops.Identities.getGroup({
    projectId: project.id,
    name: "Test Group",
}));
export const groupId = test.then(test => test.id);
export const groupDescriptor = test.then(test => test.descriptor);

Function getUsers

getUsers(args?: GetUsersArgs, opts?: pulumi.InvokeOptions): Promise<GetUsersResult>

Use this data source to access information about an existing users within Azure DevOps.

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";

// Load single user by using it's principal name
const user = pulumi.output(azuredevops.Identities.getUsers({
    principalName: "contoso-user@contoso.onmicrosoft.com",
}, { async: true }));
// Load all users know inside an organization
const all_users = pulumi.output(azuredevops.Identities.getUsers({ async: true }));
// Load all users know inside an organization originating from a specific source (origin)
const all_from_origin = pulumi.output(azuredevops.Identities.getUsers({
    origin: "aad",
}, { async: true }));
// Load all users know inside an organization filtered by their subject types
const all_from_subject_types = pulumi.output(azuredevops.Identities.getUsers({
    subjectTypes: [
        "aad",
        "msa",
    ],
}, { async: true }));
// Load a single user by origin and origin ID
const all_from_origin_id = pulumi.output(azuredevops.Identities.getUsers({
    origin: "aad",
    originId: "a7ead982-8438-4cd2-b9e3-c3aa51a7b675",
}, { async: true }));

Others

interface GetGroupArgs

interface GetGroupArgs

A collection of arguments for invoking getGroup.

property name

name: string;

The Group Name.

property projectId

projectId: string;

The Project Id.

interface GetGroupResult

interface GetGroupResult

A collection of values returned by getGroup.

property descriptor

descriptor: string;

The Descriptor is the primary way to reference the graph subject. This field will uniquely identify the same graph subject across both Accounts and Organizations.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property name

name: string;

property projectId

projectId: string;

interface GetUsersArgs

interface GetUsersArgs

A collection of arguments for invoking getUsers.

property origin

origin?: undefined | string;

property originId

originId?: undefined | string;

property principalName

principalName?: undefined | string;

property subjectTypes

subjectTypes?: string[];

interface GetUsersResult

interface GetUsersResult

A collection of values returned by getUsers.

property id

id: string;

The provider-assigned unique ID for this managed resource.

property origin

origin?: undefined | string;

property originId

originId?: undefined | string;

property principalName

principalName?: undefined | string;

property subjectTypes

subjectTypes?: string[];

property users

users: GetUsersUser[];

interface GroupArgs

interface GroupArgs

The set of arguments for constructing a Group resource.

property description

description?: pulumi.Input<string>;

The Description of the Project.

property displayName

displayName?: pulumi.Input<string>;

The name of a new Azure DevOps group that is not backed by an external provider. The originId and mail arguments cannot be used simultaneously with displayName.

property mail

mail?: pulumi.Input<string>;

The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, originId and displayName arguments cannot be used simultaneously with mail.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property originId

originId?: pulumi.Input<string>;

The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and displayName arguments cannot be used simultaneously with originId.

property scope

scope?: pulumi.Input<string>;

The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

interface GroupMembershipArgs

interface GroupMembershipArgs

The set of arguments for constructing a GroupMembership resource.

property group

group: pulumi.Input<string>;

The descriptor of the group being managed.

property members

members: pulumi.Input<pulumi.Input<string>[]>;

A list of user or group descriptors that will become members of the group. > NOTE: It’s possible to define group members both within the azuredevops.Identities.GroupMembership resource via the members block and by using the azuredevops.Identities.Group resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property mode

mode?: pulumi.Input<string>;

The mode how the resource manages group members. * mode == add: the resource will ensure that all specified members will be part of the referenced group * mode == overwrite: the resource will replace all existing members with the members specified within the members block > NOTE: To clear all members from a group, specify an empty list of descriptors in the members attribute and set the mode member to overwrite.

interface GroupMembershipState

interface GroupMembershipState

Input properties used for looking up and filtering GroupMembership resources.

property group

group?: pulumi.Input<string>;

The descriptor of the group being managed.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

A list of user or group descriptors that will become members of the group. > NOTE: It’s possible to define group members both within the azuredevops.Identities.GroupMembership resource via the members block and by using the azuredevops.Identities.Group resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property mode

mode?: pulumi.Input<string>;

The mode how the resource manages group members. * mode == add: the resource will ensure that all specified members will be part of the referenced group * mode == overwrite: the resource will replace all existing members with the members specified within the members block > NOTE: To clear all members from a group, specify an empty list of descriptors in the members attribute and set the mode member to overwrite.

interface GroupState

interface GroupState

Input properties used for looking up and filtering Group resources.

property description

description?: pulumi.Input<string>;

The Description of the Project.

property descriptor

descriptor?: pulumi.Input<string>;

The identity (subject) descriptor of the Group.

property displayName

displayName?: pulumi.Input<string>;

The name of a new Azure DevOps group that is not backed by an external provider. The originId and mail arguments cannot be used simultaneously with displayName.

property domain

domain?: pulumi.Input<string>;

This represents the name of the container of origin for a graph member.

property mail

mail?: pulumi.Input<string>;

The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, originId and displayName arguments cannot be used simultaneously with mail.

property members

members?: pulumi.Input<pulumi.Input<string>[]>;

NOTE: It’s possible to define group members both within the azuredevops.Identities.Group resource via the members block and by using the azuredevops.Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

property origin

origin?: pulumi.Input<string>;

The type of source provider for the origin identifier (ex:AD, AAD, MSA)

property originId

originId?: pulumi.Input<string>;

The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and displayName arguments cannot be used simultaneously with originId.

property principalName

principalName?: pulumi.Input<string>;

This is the PrincipalName of this graph member from the source provider.

property scope

scope?: pulumi.Input<string>;

The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

property subjectKind

subjectKind?: pulumi.Input<string>;

This field identifies the type of the graph subject (ex: Group, Scope, User).

property url

url?: pulumi.Input<string>;

This url is the full route to the source resource of this graph subject.