This page documents the language specification for the azuredevops package. If you're looking for help working with the inputs, outputs, or functions of azuredevops resources in a Pulumi program, please see the resource documentation for examples and API reference.

identities¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-azuredevops repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-azuredevops repo.

class pulumi_azuredevops.identities.AwaitableGetGroupResult(descriptor=None, id=None, name=None, project_id=None)¶

class pulumi_azuredevops.identities.AwaitableGetUsersResult(id=None, origin=None, origin_id=None, principal_name=None, subject_types=None, users=None)¶

class pulumi_azuredevops.identities.GetGroupResult(descriptor=None, id=None, name=None, project_id=None)¶

A collection of values returned by getGroup.

descriptor = None¶: The Descriptor is the primary way to reference the graph subject. This field will uniquely identify the same graph subject across both Accounts and Organizations.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_azuredevops.identities.GetUsersResult(id=None, origin=None, origin_id=None, principal_name=None, subject_types=None, users=None)¶

A collection of values returned by getUsers.

id = None¶: The provider-assigned unique ID for this managed resource.

class pulumi_azuredevops.identities.Group(resource_name, opts=None, description=None, display_name=None, mail=None, members=None, origin_id=None, scope=None, __props__=None, __name__=None, __opts__=None)¶

Manages a group within Azure DevOps.

import pulumi
import pulumi_azuredevops as azuredevops

project = azuredevops.core.Project("project", project_name="Test Project")
tf_project_readers = project.id.apply(lambda id: azuredevops.Identities.get_group(project_id=id,
    name="Readers"))
tf_project_contributors = project.id.apply(lambda id: azuredevops.Identities.get_group(project_id=id,
    name="Contributors"))
group = azuredevops.identities.Group("group",
    scope=project.id,
    display_name="Test group",
    description="Test description",
    members=[
        tf_project_readers.descriptor,
        tf_project_contributors.descriptor,
    ])

Azure DevOps Service REST API 5.1 - Groups

Project & Team: Read, Write, & Manage

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The Description of the Project.
display_name (pulumi.Input[str]) – The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
mail (pulumi.Input[str]) – The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members (pulumi.Input[list]) – > NOTE: It’s possible to define group members both within the Identities.Group resource via the members block and by using the Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
origin_id (pulumi.Input[str]) – The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
scope (pulumi.Input[str]) – The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

description: pulumi.Output[str] = None¶: The Description of the Project.

descriptor: pulumi.Output[str] = None¶: The identity (subject) descriptor of the Group.

display_name: pulumi.Output[str] = None¶: The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.

domain: pulumi.Output[str] = None¶: This represents the name of the container of origin for a graph member.

mail: pulumi.Output[str] = None¶: The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.

members: pulumi.Output[list] = None¶: NOTE: It’s possible to define group members both within the Identities.Group resource via the members block and by using the Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

origin: pulumi.Output[str] = None¶: The type of source provider for the origin identifier (ex:AD, AAD, MSA)

origin_id: pulumi.Output[str] = None¶: The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.

principal_name: pulumi.Output[str] = None¶: This is the PrincipalName of this graph member from the source provider.

scope: pulumi.Output[str] = None¶: The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x

subject_kind: pulumi.Output[str] = None¶: This field identifies the type of the graph subject (ex: Group, Scope, User).

url: pulumi.Output[str] = None¶: This url is the full route to the source resource of this graph subject.

static get(resource_name, id, opts=None, description=None, descriptor=None, display_name=None, domain=None, mail=None, members=None, origin=None, origin_id=None, principal_name=None, scope=None, subject_kind=None, url=None)¶

Get an existing Group resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
description (pulumi.Input[str]) – The Description of the Project.
descriptor (pulumi.Input[str]) – The identity (subject) descriptor of the Group.
display_name (pulumi.Input[str]) – The name of a new Azure DevOps group that is not backed by an external provider. The origin_id and mail arguments cannot be used simultaneously with display_name.
domain (pulumi.Input[str]) – This represents the name of the container of origin for a graph member.
mail (pulumi.Input[str]) – The mail address as a reference to an existing group from an external AD or AAD backed provider. The scope, origin_id and display_name arguments cannot be used simultaneously with mail.
members (pulumi.Input[list]) – > NOTE: It’s possible to define group members both within the Identities.Group resource via the members block and by using the Identities.GroupMembership resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.
origin (pulumi.Input[str]) – The type of source provider for the origin identifier (ex:AD, AAD, MSA)
origin_id (pulumi.Input[str]) – The OriginID as a reference to a group from an external AD or AAD backed provider. The scope, mail and display_name arguments cannot be used simultaneously with origin_id.
principal_name (pulumi.Input[str]) – This is the PrincipalName of this graph member from the source provider.
scope (pulumi.Input[str]) – The scope of the group. A descriptor referencing the scope (collection, project) in which the group should be created. If omitted, will be created in the scope of the enclosing account or organization.x
subject_kind (pulumi.Input[str]) – This field identifies the type of the graph subject (ex: Group, Scope, User).
url (pulumi.Input[str]) – This url is the full route to the source resource of this graph subject.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_azuredevops.identities.GroupMembership(resource_name, opts=None, group=None, members=None, mode=None, __props__=None, __name__=None, __opts__=None)¶

Manages group membership within Azure DevOps.

import pulumi
import pulumi_azuredevops as azuredevops

project = azuredevops.core.Project("project", project_name="Test Project")
user = azuredevops.entitlement.User("user", principal_name="foo@contoso.com")
group = project.id.apply(lambda id: azuredevops.Identities.get_group(project_id=id,
    name="Build Administrators"))
membership = azuredevops.identities.GroupMembership("membership",
    group=group.descriptor,
    members=[user.descriptor])

Azure DevOps Service REST API 5.1 - Memberships

Deployment Groups: Read & Manage

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
group (pulumi.Input[str]) – The descriptor of the group being managed.
members (pulumi.Input[list]) – A list of user or group descriptors that will become members of the group.

> NOTE: It's possible to define group members both within the `Identities.GroupMembership resource` via the members block and by using the `Identities.Group` resource. However it's not possible to use both methods to manage group members, since there'll be conflicts.

Parameters: mode (pulumi.Input[str]) – The mode how the resource manages group members.

* `mode == add`: the resource will ensure that all specified members will be part of the referenced group
* `mode == overwrite`: the resource will replace all existing members with the members specified within the `members` block
> NOTE: To clear all members from a group, specify an empty list of descriptors in the `members` attribute and set the `mode` member to `overwrite`.

group: pulumi.Output[str] = None¶: The descriptor of the group being managed.

members: pulumi.Output[list] = None¶: A list of user or group descriptors that will become members of the group.
NOTE: It’s possible to define group members both within the Identities.GroupMembership resource via the members block and by using the Identities.Group resource. However it’s not possible to use both methods to manage group members, since there’ll be conflicts.

mode: pulumi.Output[str] = None¶

The mode how the resource manages group members.

mode == add: the resource will ensure that all specified members will be part of the referenced group
mode == overwrite: the resource will replace all existing members with the members specified within the members block ..
NOTE: To clear all members from a group, specify an empty list of descriptors in the members attribute and set the mode member to overwrite.

static get(resource_name, id, opts=None, group=None, members=None, mode=None)¶

Get an existing GroupMembership resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
group (pulumi.Input[str]) – The descriptor of the group being managed.
members (pulumi.Input[list]) – A list of user or group descriptors that will become members of the group.

> NOTE: It's possible to define group members both within the `Identities.GroupMembership resource` via the members block and by using the `Identities.Group` resource. However it's not possible to use both methods to manage group members, since there'll be conflicts.

Parameters: mode (pulumi.Input[str]) – The mode how the resource manages group members.

* `mode == add`: the resource will ensure that all specified members will be part of the referenced group
* `mode == overwrite`: the resource will replace all existing members with the members specified within the `members` block
> NOTE: To clear all members from a group, specify an empty list of descriptors in the `members` attribute and set the `mode` member to `overwrite`.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

pulumi_azuredevops.identities.get_group(name=None, project_id=None, opts=None)¶

Use this data source to access information about an existing Group within Azure DevOps

import pulumi
import pulumi_azuredevops as azuredevops

project = azuredevops.Core.get_project(project_name="contoso-project")
test = azuredevops.Identities.get_group(project_id=project.id,
    name="Test Group")
pulumi.export("groupId", test.id)
pulumi.export("groupDescriptor", test.descriptor)

Azure DevOps Service REST API 5.1 - Groups - Get

Parameters

name (str) – The Group Name.
project_id (str) – The Project Id.

pulumi_azuredevops.identities.get_users(origin=None, origin_id=None, principal_name=None, subject_types=None, opts=None)¶

Use this data source to access information about an existing users within Azure DevOps.

import pulumi
import pulumi_azuredevops as azuredevops

user = azuredevops.Identities.get_users(principal_name="contoso-user@contoso.onmicrosoft.com")
all_users = azuredevops.Identities.get_users()
all_from_origin = azuredevops.Identities.get_users(origin="aad")
all_from_subject_types = azuredevops.Identities.get_users(subject_types=[
    "aad",
    "msa",
])
all_from_origin_id = azuredevops.Identities.get_users(origin="aad",
    origin_id="a7ead982-8438-4cd2-b9e3-c3aa51a7b675")

Azure DevOps Service REST API 5.1 - Graph Users API

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

identities¶

On This Page