Docs Home
Azure DevOps v3.9.0 published on Tuesday, Apr 22, 2025 by Pulumi
azuredevops.ServiceEndpointAzureRM
Explore with Pulumi AI
Manages Manual or Automatic Azure Resource Manager service endpoint within Azure DevOps.
~>NOTE:
If you receive an error message like:Failed to obtain the Json Web Token(JWT) using service principal client ID. Exception message: A configuration issue is preventing authentication - check the error message from the server for details.
You should check the secret of this Application or if you recently rotate the secret, wait a few minutes for Azure to propagate the secret.
Requirements (Manual AzureRM Service Endpoint)
Before to create a service end point in Azure DevOps, you need to create a Service Principal in your Azure subscription.
For detailed steps to create a service principal with Azure cli see the documentation
Example Usage
Service Principal Manual AzureRM Service Endpoint (Subscription Scoped)
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
description: "Managed by Pulumi",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: "Example AzureRM",
description: "Managed by Pulumi",
serviceEndpointAuthenticationScheme: "ServicePrincipal",
credentials: {
serviceprincipalid: "00000000-0000-0000-0000-000000000000",
serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionName: "Example Subscription Name",
});
import pulumi
import pulumi_azuredevops as azuredevops
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile",
description="Managed by Pulumi")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name="Example AzureRM",
description="Managed by Pulumi",
service_endpoint_authentication_scheme="ServicePrincipal",
credentials={
"serviceprincipalid": "00000000-0000-0000-0000-000000000000",
"serviceprincipalkey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_subscription_id="00000000-0000-0000-0000-000000000000",
azurerm_subscription_name="Example Subscription Name")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
Description: pulumi.String("Managed by Pulumi"),
})
if err != nil {
return err
}
_, err = azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String("Example AzureRM"),
Description: pulumi.String("Managed by Pulumi"),
ServiceEndpointAuthenticationScheme: pulumi.String("ServicePrincipal"),
Credentials: &azuredevops.ServiceEndpointAzureRMCredentialsArgs{
Serviceprincipalid: pulumi.String("00000000-0000-0000-0000-000000000000"),
Serviceprincipalkey: pulumi.String("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"),
},
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionName: pulumi.String("Example Subscription Name"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
Description = "Managed by Pulumi",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = "Example AzureRM",
Description = "Managed by Pulumi",
ServiceEndpointAuthenticationScheme = "ServicePrincipal",
Credentials = new AzureDevOps.Inputs.ServiceEndpointAzureRMCredentialsArgs
{
Serviceprincipalid = "00000000-0000-0000-0000-000000000000",
Serviceprincipalkey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionId = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionName = "Example Subscription Name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import com.pulumi.azuredevops.inputs.ServiceEndpointAzureRMCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.description("Managed by Pulumi")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName("Example AzureRM")
.description("Managed by Pulumi")
.serviceEndpointAuthenticationScheme("ServicePrincipal")
.credentials(ServiceEndpointAzureRMCredentialsArgs.builder()
.serviceprincipalid("00000000-0000-0000-0000-000000000000")
.serviceprincipalkey("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.build())
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionId("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionName("Example Subscription Name")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
description: Managed by Pulumi
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: Example AzureRM
description: Managed by Pulumi
serviceEndpointAuthenticationScheme: ServicePrincipal
credentials:
serviceprincipalid: 00000000-0000-0000-0000-000000000000
serviceprincipalkey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermSubscriptionId: 00000000-0000-0000-0000-000000000000
azurermSubscriptionName: Example Subscription Name
Service Principal Manual AzureRM Service Endpoint (ManagementGroup Scoped)
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
description: "Managed by Pulumi",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: "Example AzureRM",
description: "Managed by Pulumi",
serviceEndpointAuthenticationScheme: "ServicePrincipal",
credentials: {
serviceprincipalid: "00000000-0000-0000-0000-000000000000",
serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermManagementGroupId: "managementGroup",
azurermManagementGroupName: "managementGroup",
});
import pulumi
import pulumi_azuredevops as azuredevops
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile",
description="Managed by Pulumi")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name="Example AzureRM",
description="Managed by Pulumi",
service_endpoint_authentication_scheme="ServicePrincipal",
credentials={
"serviceprincipalid": "00000000-0000-0000-0000-000000000000",
"serviceprincipalkey": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_management_group_id="managementGroup",
azurerm_management_group_name="managementGroup")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
Description: pulumi.String("Managed by Pulumi"),
})
if err != nil {
return err
}
_, err = azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String("Example AzureRM"),
Description: pulumi.String("Managed by Pulumi"),
ServiceEndpointAuthenticationScheme: pulumi.String("ServicePrincipal"),
Credentials: &azuredevops.ServiceEndpointAzureRMCredentialsArgs{
Serviceprincipalid: pulumi.String("00000000-0000-0000-0000-000000000000"),
Serviceprincipalkey: pulumi.String("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"),
},
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermManagementGroupId: pulumi.String("managementGroup"),
AzurermManagementGroupName: pulumi.String("managementGroup"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
Description = "Managed by Pulumi",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = "Example AzureRM",
Description = "Managed by Pulumi",
ServiceEndpointAuthenticationScheme = "ServicePrincipal",
Credentials = new AzureDevOps.Inputs.ServiceEndpointAzureRMCredentialsArgs
{
Serviceprincipalid = "00000000-0000-0000-0000-000000000000",
Serviceprincipalkey = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
},
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermManagementGroupId = "managementGroup",
AzurermManagementGroupName = "managementGroup",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import com.pulumi.azuredevops.inputs.ServiceEndpointAzureRMCredentialsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.description("Managed by Pulumi")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName("Example AzureRM")
.description("Managed by Pulumi")
.serviceEndpointAuthenticationScheme("ServicePrincipal")
.credentials(ServiceEndpointAzureRMCredentialsArgs.builder()
.serviceprincipalid("00000000-0000-0000-0000-000000000000")
.serviceprincipalkey("xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx")
.build())
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermManagementGroupId("managementGroup")
.azurermManagementGroupName("managementGroup")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
description: Managed by Pulumi
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: Example AzureRM
description: Managed by Pulumi
serviceEndpointAuthenticationScheme: ServicePrincipal
credentials:
serviceprincipalid: 00000000-0000-0000-0000-000000000000
serviceprincipalkey: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermManagementGroupId: managementGroup
azurermManagementGroupName: managementGroup
Service Principal Automatic AzureRM Service Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: "Example AzureRM",
serviceEndpointAuthenticationScheme: "ServicePrincipal",
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionName: "Example Subscription Name",
});
import pulumi
import pulumi_azuredevops as azuredevops
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name="Example AzureRM",
service_endpoint_authentication_scheme="ServicePrincipal",
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_subscription_id="00000000-0000-0000-0000-000000000000",
azurerm_subscription_name="Example Subscription Name")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
})
if err != nil {
return err
}
_, err = azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String("Example AzureRM"),
ServiceEndpointAuthenticationScheme: pulumi.String("ServicePrincipal"),
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionName: pulumi.String("Example Subscription Name"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = "Example AzureRM",
ServiceEndpointAuthenticationScheme = "ServicePrincipal",
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionId = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionName = "Example Subscription Name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName("Example AzureRM")
.serviceEndpointAuthenticationScheme("ServicePrincipal")
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionId("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionName("Example Subscription Name")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: Example AzureRM
serviceEndpointAuthenticationScheme: ServicePrincipal
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermSubscriptionId: 00000000-0000-0000-0000-000000000000
azurermSubscriptionName: Example Subscription Name
Workload Identity Federation Manual AzureRM Service Endpoint (Subscription Scoped)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azuredevops from "@pulumi/azuredevops";
const serviceConnectionName = "example-federated-sc";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
description: "Managed by Pulumi",
});
const identity = new azure.core.ResourceGroup("identity", {
name: "identity",
location: "UK South",
});
const exampleUserAssignedIdentity = new azure.authorization.UserAssignedIdentity("example", {
location: identity.location,
name: "example-identity",
resourceGroupName: "azurerm_resource_group.identity.name",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: serviceConnectionName,
description: "Managed by Pulumi",
serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
credentials: {
serviceprincipalid: exampleUserAssignedIdentity.clientId,
},
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionName: "Example Subscription Name",
});
const exampleFederatedIdentityCredential = new azure.armmsi.FederatedIdentityCredential("example", {
name: "example-federated-credential",
resourceGroupName: identity.name,
parentId: exampleUserAssignedIdentity.id,
audience: "api://AzureADTokenExchange",
issuer: exampleServiceEndpointAzureRM.workloadIdentityFederationIssuer,
subject: exampleServiceEndpointAzureRM.workloadIdentityFederationSubject,
});
import pulumi
import pulumi_azure as azure
import pulumi_azuredevops as azuredevops
service_connection_name = "example-federated-sc"
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile",
description="Managed by Pulumi")
identity = azure.core.ResourceGroup("identity",
name="identity",
location="UK South")
example_user_assigned_identity = azure.authorization.UserAssignedIdentity("example",
location=identity.location,
name="example-identity",
resource_group_name="azurerm_resource_group.identity.name")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name=service_connection_name,
description="Managed by Pulumi",
service_endpoint_authentication_scheme="WorkloadIdentityFederation",
credentials={
"serviceprincipalid": example_user_assigned_identity.client_id,
},
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_subscription_id="00000000-0000-0000-0000-000000000000",
azurerm_subscription_name="Example Subscription Name")
example_federated_identity_credential = azure.armmsi.FederatedIdentityCredential("example",
name="example-federated-credential",
resource_group_name=identity.name,
parent_id=example_user_assigned_identity.id,
audience="api://AzureADTokenExchange",
issuer=example_service_endpoint_azure_rm.workload_identity_federation_issuer,
subject=example_service_endpoint_azure_rm.workload_identity_federation_subject)
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/armmsi"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/authorization"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
serviceConnectionName := "example-federated-sc"
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
Description: pulumi.String("Managed by Pulumi"),
})
if err != nil {
return err
}
identity, err := core.NewResourceGroup(ctx, "identity", &core.ResourceGroupArgs{
Name: pulumi.String("identity"),
Location: pulumi.String("UK South"),
})
if err != nil {
return err
}
exampleUserAssignedIdentity, err := authorization.NewUserAssignedIdentity(ctx, "example", &authorization.UserAssignedIdentityArgs{
Location: identity.Location,
Name: pulumi.String("example-identity"),
ResourceGroupName: pulumi.String("azurerm_resource_group.identity.name"),
})
if err != nil {
return err
}
exampleServiceEndpointAzureRM, err := azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String(serviceConnectionName),
Description: pulumi.String("Managed by Pulumi"),
ServiceEndpointAuthenticationScheme: pulumi.String("WorkloadIdentityFederation"),
Credentials: &azuredevops.ServiceEndpointAzureRMCredentialsArgs{
Serviceprincipalid: exampleUserAssignedIdentity.ClientId,
},
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionName: pulumi.String("Example Subscription Name"),
})
if err != nil {
return err
}
_, err = armmsi.NewFederatedIdentityCredential(ctx, "example", &armmsi.FederatedIdentityCredentialArgs{
Name: pulumi.String("example-federated-credential"),
ResourceGroupName: identity.Name,
ParentId: exampleUserAssignedIdentity.ID(),
Audience: pulumi.String("api://AzureADTokenExchange"),
Issuer: exampleServiceEndpointAzureRM.WorkloadIdentityFederationIssuer,
Subject: exampleServiceEndpointAzureRM.WorkloadIdentityFederationSubject,
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Azure = Pulumi.Azure;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var serviceConnectionName = "example-federated-sc";
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
Description = "Managed by Pulumi",
});
var identity = new Azure.Core.ResourceGroup("identity", new()
{
Name = "identity",
Location = "UK South",
});
var exampleUserAssignedIdentity = new Azure.Authorization.UserAssignedIdentity("example", new()
{
Location = identity.Location,
Name = "example-identity",
ResourceGroupName = "azurerm_resource_group.identity.name",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = serviceConnectionName,
Description = "Managed by Pulumi",
ServiceEndpointAuthenticationScheme = "WorkloadIdentityFederation",
Credentials = new AzureDevOps.Inputs.ServiceEndpointAzureRMCredentialsArgs
{
Serviceprincipalid = exampleUserAssignedIdentity.ClientId,
},
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionId = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionName = "Example Subscription Name",
});
var exampleFederatedIdentityCredential = new Azure.ArmMsi.FederatedIdentityCredential("example", new()
{
Name = "example-federated-credential",
ResourceGroupName = identity.Name,
ParentId = exampleUserAssignedIdentity.Id,
Audience = "api://AzureADTokenExchange",
Issuer = exampleServiceEndpointAzureRM.WorkloadIdentityFederationIssuer,
Subject = exampleServiceEndpointAzureRM.WorkloadIdentityFederationSubject,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.authorization.UserAssignedIdentity;
import com.pulumi.azure.authorization.UserAssignedIdentityArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import com.pulumi.azuredevops.inputs.ServiceEndpointAzureRMCredentialsArgs;
import com.pulumi.azure.armmsi.FederatedIdentityCredential;
import com.pulumi.azure.armmsi.FederatedIdentityCredentialArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
final var serviceConnectionName = "example-federated-sc";
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.description("Managed by Pulumi")
.build());
var identity = new ResourceGroup("identity", ResourceGroupArgs.builder()
.name("identity")
.location("UK South")
.build());
var exampleUserAssignedIdentity = new UserAssignedIdentity("exampleUserAssignedIdentity", UserAssignedIdentityArgs.builder()
.location(identity.location())
.name("example-identity")
.resourceGroupName("azurerm_resource_group.identity.name")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName(serviceConnectionName)
.description("Managed by Pulumi")
.serviceEndpointAuthenticationScheme("WorkloadIdentityFederation")
.credentials(ServiceEndpointAzureRMCredentialsArgs.builder()
.serviceprincipalid(exampleUserAssignedIdentity.clientId())
.build())
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionId("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionName("Example Subscription Name")
.build());
var exampleFederatedIdentityCredential = new FederatedIdentityCredential("exampleFederatedIdentityCredential", FederatedIdentityCredentialArgs.builder()
.name("example-federated-credential")
.resourceGroupName(identity.name())
.parentId(exampleUserAssignedIdentity.id())
.audience("api://AzureADTokenExchange")
.issuer(exampleServiceEndpointAzureRM.workloadIdentityFederationIssuer())
.subject(exampleServiceEndpointAzureRM.workloadIdentityFederationSubject())
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
description: Managed by Pulumi
identity:
type: azure:core:ResourceGroup
properties:
name: identity
location: UK South
exampleUserAssignedIdentity:
type: azure:authorization:UserAssignedIdentity
name: example
properties:
location: ${identity.location}
name: example-identity
resourceGroupName: azurerm_resource_group.identity.name
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: ${serviceConnectionName}
description: Managed by Pulumi
serviceEndpointAuthenticationScheme: WorkloadIdentityFederation
credentials:
serviceprincipalid: ${exampleUserAssignedIdentity.clientId}
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermSubscriptionId: 00000000-0000-0000-0000-000000000000
azurermSubscriptionName: Example Subscription Name
exampleFederatedIdentityCredential:
type: azure:armmsi:FederatedIdentityCredential
name: example
properties:
name: example-federated-credential
resourceGroupName: ${identity.name}
parentId: ${exampleUserAssignedIdentity.id}
audience: api://AzureADTokenExchange
issuer: ${exampleServiceEndpointAzureRM.workloadIdentityFederationIssuer}
subject: ${exampleServiceEndpointAzureRM.workloadIdentityFederationSubject}
variables:
serviceConnectionName: example-federated-sc
Workload Identity Federation Automatic AzureRM Service Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: "Example AzureRM",
serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionName: "Example Subscription Name",
});
import pulumi
import pulumi_azuredevops as azuredevops
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name="Example AzureRM",
service_endpoint_authentication_scheme="WorkloadIdentityFederation",
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_subscription_id="00000000-0000-0000-0000-000000000000",
azurerm_subscription_name="Example Subscription Name")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
})
if err != nil {
return err
}
_, err = azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String("Example AzureRM"),
ServiceEndpointAuthenticationScheme: pulumi.String("WorkloadIdentityFederation"),
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionName: pulumi.String("Example Subscription Name"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = "Example AzureRM",
ServiceEndpointAuthenticationScheme = "WorkloadIdentityFederation",
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionId = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionName = "Example Subscription Name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName("Example AzureRM")
.serviceEndpointAuthenticationScheme("WorkloadIdentityFederation")
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionId("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionName("Example Subscription Name")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: Example AzureRM
serviceEndpointAuthenticationScheme: WorkloadIdentityFederation
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermSubscriptionId: 00000000-0000-0000-0000-000000000000
azurermSubscriptionName: Example Subscription Name
Managed Identity AzureRM Service Endpoint
import * as pulumi from "@pulumi/pulumi";
import * as azuredevops from "@pulumi/azuredevops";
const example = new azuredevops.Project("example", {
name: "Example Project",
visibility: "private",
versionControl: "Git",
workItemTemplate: "Agile",
});
const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("example", {
projectId: example.id,
serviceEndpointName: "Example AzureRM",
serviceEndpointAuthenticationScheme: "ManagedServiceIdentity",
azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
azurermSubscriptionName: "Example Subscription Name",
});
import pulumi
import pulumi_azuredevops as azuredevops
example = azuredevops.Project("example",
name="Example Project",
visibility="private",
version_control="Git",
work_item_template="Agile")
example_service_endpoint_azure_rm = azuredevops.ServiceEndpointAzureRM("example",
project_id=example.id,
service_endpoint_name="Example AzureRM",
service_endpoint_authentication_scheme="ManagedServiceIdentity",
azurerm_spn_tenantid="00000000-0000-0000-0000-000000000000",
azurerm_subscription_id="00000000-0000-0000-0000-000000000000",
azurerm_subscription_name="Example Subscription Name")
package main
import (
"github.com/pulumi/pulumi-azuredevops/sdk/v3/go/azuredevops"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
example, err := azuredevops.NewProject(ctx, "example", &azuredevops.ProjectArgs{
Name: pulumi.String("Example Project"),
Visibility: pulumi.String("private"),
VersionControl: pulumi.String("Git"),
WorkItemTemplate: pulumi.String("Agile"),
})
if err != nil {
return err
}
_, err = azuredevops.NewServiceEndpointAzureRM(ctx, "example", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: example.ID(),
ServiceEndpointName: pulumi.String("Example AzureRM"),
ServiceEndpointAuthenticationScheme: pulumi.String("ManagedServiceIdentity"),
AzurermSpnTenantid: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionId: pulumi.String("00000000-0000-0000-0000-000000000000"),
AzurermSubscriptionName: pulumi.String("Example Subscription Name"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using AzureDevOps = Pulumi.AzureDevOps;
return await Deployment.RunAsync(() =>
{
var example = new AzureDevOps.Project("example", new()
{
Name = "Example Project",
Visibility = "private",
VersionControl = "Git",
WorkItemTemplate = "Agile",
});
var exampleServiceEndpointAzureRM = new AzureDevOps.ServiceEndpointAzureRM("example", new()
{
ProjectId = example.Id,
ServiceEndpointName = "Example AzureRM",
ServiceEndpointAuthenticationScheme = "ManagedServiceIdentity",
AzurermSpnTenantid = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionId = "00000000-0000-0000-0000-000000000000",
AzurermSubscriptionName = "Example Subscription Name",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azuredevops.Project;
import com.pulumi.azuredevops.ProjectArgs;
import com.pulumi.azuredevops.ServiceEndpointAzureRM;
import com.pulumi.azuredevops.ServiceEndpointAzureRMArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var example = new Project("example", ProjectArgs.builder()
.name("Example Project")
.visibility("private")
.versionControl("Git")
.workItemTemplate("Agile")
.build());
var exampleServiceEndpointAzureRM = new ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", ServiceEndpointAzureRMArgs.builder()
.projectId(example.id())
.serviceEndpointName("Example AzureRM")
.serviceEndpointAuthenticationScheme("ManagedServiceIdentity")
.azurermSpnTenantid("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionId("00000000-0000-0000-0000-000000000000")
.azurermSubscriptionName("Example Subscription Name")
.build());
}
}
resources:
example:
type: azuredevops:Project
properties:
name: Example Project
visibility: private
versionControl: Git
workItemTemplate: Agile
exampleServiceEndpointAzureRM:
type: azuredevops:ServiceEndpointAzureRM
name: example
properties:
projectId: ${example.id}
serviceEndpointName: Example AzureRM
serviceEndpointAuthenticationScheme: ManagedServiceIdentity
azurermSpnTenantid: 00000000-0000-0000-0000-000000000000
azurermSubscriptionId: 00000000-0000-0000-0000-000000000000
azurermSubscriptionName: Example Subscription Name
Relevant Links
Create ServiceEndpointAzureRM Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new ServiceEndpointAzureRM(name: string, args: ServiceEndpointAzureRMArgs, opts?: CustomResourceOptions);@overload
def ServiceEndpointAzureRM(resource_name: str,
args: ServiceEndpointAzureRMArgs,
opts: Optional[ResourceOptions] = None)
@overload
def ServiceEndpointAzureRM(resource_name: str,
opts: Optional[ResourceOptions] = None,
project_id: Optional[str] = None,
service_endpoint_name: Optional[str] = None,
azurerm_spn_tenantid: Optional[str] = None,
azurerm_subscription_id: Optional[str] = None,
azurerm_subscription_name: Optional[str] = None,
credentials: Optional[ServiceEndpointAzureRMCredentialsArgs] = None,
description: Optional[str] = None,
environment: Optional[str] = None,
features: Optional[ServiceEndpointAzureRMFeaturesArgs] = None,
azurerm_management_group_id: Optional[str] = None,
resource_group: Optional[str] = None,
server_url: Optional[str] = None,
service_endpoint_authentication_scheme: Optional[str] = None,
azurerm_management_group_name: Optional[str] = None)func NewServiceEndpointAzureRM(ctx *Context, name string, args ServiceEndpointAzureRMArgs, opts ...ResourceOption) (*ServiceEndpointAzureRM, error)public ServiceEndpointAzureRM(string name, ServiceEndpointAzureRMArgs args, CustomResourceOptions? opts = null)
public ServiceEndpointAzureRM(String name, ServiceEndpointAzureRMArgs args)
public ServiceEndpointAzureRM(String name, ServiceEndpointAzureRMArgs args, CustomResourceOptions options)
type: azuredevops:ServiceEndpointAzureRM
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args ServiceEndpointAzureRMArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args ServiceEndpointAzureRMArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args ServiceEndpointAzureRMArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args ServiceEndpointAzureRMArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args ServiceEndpointAzureRMArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var serviceEndpointAzureRMResource = new AzureDevOps.ServiceEndpointAzureRM("serviceEndpointAzureRMResource", new()
{
ProjectId = "string",
ServiceEndpointName = "string",
AzurermSpnTenantid = "string",
AzurermSubscriptionId = "string",
AzurermSubscriptionName = "string",
Credentials = new AzureDevOps.Inputs.ServiceEndpointAzureRMCredentialsArgs
{
Serviceprincipalid = "string",
Serviceprincipalcertificate = "string",
Serviceprincipalkey = "string",
},
Description = "string",
Environment = "string",
Features = new AzureDevOps.Inputs.ServiceEndpointAzureRMFeaturesArgs
{
Validate = false,
},
AzurermManagementGroupId = "string",
ResourceGroup = "string",
ServerUrl = "string",
ServiceEndpointAuthenticationScheme = "string",
AzurermManagementGroupName = "string",
});
example, err := azuredevops.NewServiceEndpointAzureRM(ctx, "serviceEndpointAzureRMResource", &azuredevops.ServiceEndpointAzureRMArgs{
ProjectId: pulumi.String("string"),
ServiceEndpointName: pulumi.String("string"),
AzurermSpnTenantid: pulumi.String("string"),
AzurermSubscriptionId: pulumi.String("string"),
AzurermSubscriptionName: pulumi.String("string"),
Credentials: &azuredevops.ServiceEndpointAzureRMCredentialsArgs{
Serviceprincipalid: pulumi.String("string"),
Serviceprincipalcertificate: pulumi.String("string"),
Serviceprincipalkey: pulumi.String("string"),
},
Description: pulumi.String("string"),
Environment: pulumi.String("string"),
Features: &azuredevops.ServiceEndpointAzureRMFeaturesArgs{
Validate: pulumi.Bool(false),
},
AzurermManagementGroupId: pulumi.String("string"),
ResourceGroup: pulumi.String("string"),
ServerUrl: pulumi.String("string"),
ServiceEndpointAuthenticationScheme: pulumi.String("string"),
AzurermManagementGroupName: pulumi.String("string"),
})
var serviceEndpointAzureRMResource = new ServiceEndpointAzureRM("serviceEndpointAzureRMResource", ServiceEndpointAzureRMArgs.builder()
.projectId("string")
.serviceEndpointName("string")
.azurermSpnTenantid("string")
.azurermSubscriptionId("string")
.azurermSubscriptionName("string")
.credentials(ServiceEndpointAzureRMCredentialsArgs.builder()
.serviceprincipalid("string")
.serviceprincipalcertificate("string")
.serviceprincipalkey("string")
.build())
.description("string")
.environment("string")
.features(ServiceEndpointAzureRMFeaturesArgs.builder()
.validate(false)
.build())
.azurermManagementGroupId("string")
.resourceGroup("string")
.serverUrl("string")
.serviceEndpointAuthenticationScheme("string")
.azurermManagementGroupName("string")
.build());
service_endpoint_azure_rm_resource = azuredevops.ServiceEndpointAzureRM("serviceEndpointAzureRMResource",
project_id="string",
service_endpoint_name="string",
azurerm_spn_tenantid="string",
azurerm_subscription_id="string",
azurerm_subscription_name="string",
credentials={
"serviceprincipalid": "string",
"serviceprincipalcertificate": "string",
"serviceprincipalkey": "string",
},
description="string",
environment="string",
features={
"validate": False,
},
azurerm_management_group_id="string",
resource_group="string",
server_url="string",
service_endpoint_authentication_scheme="string",
azurerm_management_group_name="string")
const serviceEndpointAzureRMResource = new azuredevops.ServiceEndpointAzureRM("serviceEndpointAzureRMResource", {
projectId: "string",
serviceEndpointName: "string",
azurermSpnTenantid: "string",
azurermSubscriptionId: "string",
azurermSubscriptionName: "string",
credentials: {
serviceprincipalid: "string",
serviceprincipalcertificate: "string",
serviceprincipalkey: "string",
},
description: "string",
environment: "string",
features: {
validate: false,
},
azurermManagementGroupId: "string",
resourceGroup: "string",
serverUrl: "string",
serviceEndpointAuthenticationScheme: "string",
azurermManagementGroupName: "string",
});
type: azuredevops:ServiceEndpointAzureRM
properties:
azurermManagementGroupId: string
azurermManagementGroupName: string
azurermSpnTenantid: string
azurermSubscriptionId: string
azurermSubscriptionName: string
credentials:
serviceprincipalcertificate: string
serviceprincipalid: string
serviceprincipalkey: string
description: string
environment: string
features:
validate: false
projectId: string
resourceGroup: string
serverUrl: string
serviceEndpointAuthenticationScheme: string
serviceEndpointName: string
ServiceEndpointAzureRM Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The ServiceEndpointAzureRM resource accepts the following input properties:
- Azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- Project
Id string - The ID of the project.
- Service
Endpoint stringName - The Service Endpoint Name.
- Azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- Azurerm
Management stringGroup Name - The Management group Name of the targets.
- Azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- Azurerm
Subscription stringName - The Subscription Name of the targets.
- Credentials
Pulumi.
Azure Dev Ops. Inputs. Service Endpoint Azure RMCredentials - A
credentialsblock as defined below. - Description string
- Service connection description.
- Environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - Features
Pulumi.
Azure Dev Ops. Inputs. Service Endpoint Azure RMFeatures - A
featuresblock as defined below. - Resource
Group string - The resource group used for scope of automatic service endpoint.
- Server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- Service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
- Azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- Project
Id string - The ID of the project.
- Service
Endpoint stringName - The Service Endpoint Name.
- Azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- Azurerm
Management stringGroup Name - The Management group Name of the targets.
- Azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- Azurerm
Subscription stringName - The Subscription Name of the targets.
- Credentials
Service
Endpoint Azure RMCredentials Args - A
credentialsblock as defined below. - Description string
- Service connection description.
- Environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - Features
Service
Endpoint Azure RMFeatures Args - A
featuresblock as defined below. - Resource
Group string - The resource group used for scope of automatic service endpoint.
- Server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- Service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
- azurerm
Spn StringTenantid - The Tenant ID of the service principal.
- project
Id String - The ID of the project.
- service
Endpoint StringName - The Service Endpoint Name.
- azurerm
Management StringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management StringGroup Name - The Management group Name of the targets.
- azurerm
Subscription StringId - The Subscription ID of the Azure targets.
- azurerm
Subscription StringName - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials - A
credentialsblock as defined below. - description String
- Service connection description.
- environment String
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures - A
featuresblock as defined below. - resource
Group String - The resource group used for scope of automatic service endpoint.
- server
Url String The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint StringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
- azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- project
Id string - The ID of the project.
- service
Endpoint stringName - The Service Endpoint Name.
- azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management stringGroup Name - The Management group Name of the targets.
- azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- azurerm
Subscription stringName - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials - A
credentialsblock as defined below. - description string
- Service connection description.
- environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures - A
featuresblock as defined below. - resource
Group string - The resource group used for scope of automatic service endpoint.
- server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
- azurerm_
spn_ strtenantid - The Tenant ID of the service principal.
- project_
id str - The ID of the project.
- service_
endpoint_ strname - The Service Endpoint Name.
- azurerm_
management_ strgroup_ id - The Management group ID of the Azure targets.
- azurerm_
management_ strgroup_ name - The Management group Name of the targets.
- azurerm_
subscription_ strid - The Subscription ID of the Azure targets.
- azurerm_
subscription_ strname - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials Args - A
credentialsblock as defined below. - description str
- Service connection description.
- environment str
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures Args - A
featuresblock as defined below. - resource_
group str - The resource group used for scope of automatic service endpoint.
- server_
url str The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service_
endpoint_ strauthentication_ scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
- azurerm
Spn StringTenantid - The Tenant ID of the service principal.
- project
Id String - The ID of the project.
- service
Endpoint StringName - The Service Endpoint Name.
- azurerm
Management StringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management StringGroup Name - The Management group Name of the targets.
- azurerm
Subscription StringId - The Subscription ID of the Azure targets.
- azurerm
Subscription StringName - The Subscription Name of the targets.
- credentials Property Map
- A
credentialsblock as defined below. - description String
- Service connection description.
- environment String
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features Property Map
- A
featuresblock as defined below. - resource
Group String - The resource group used for scope of automatic service endpoint.
- server
Url String The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint StringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.
Outputs
All input properties are implicitly available as output properties. Additionally, the ServiceEndpointAzureRM resource produces the following output properties:
- Dictionary<string, string>
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Principal stringId - The Application(Client) ID of the Service Principal.
- Workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - Workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- map[string]string
- Id string
- The provider-assigned unique ID for this managed resource.
- Service
Principal stringId - The Application(Client) ID of the Service Principal.
- Workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - Workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Map<String,String>
- id String
- The provider-assigned unique ID for this managed resource.
- service
Principal StringId - The Application(Client) ID of the Service Principal.
- workload
Identity StringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity StringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- {[key: string]: string}
- id string
- The provider-assigned unique ID for this managed resource.
- service
Principal stringId - The Application(Client) ID of the Service Principal.
- workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Mapping[str, str]
- id str
- The provider-assigned unique ID for this managed resource.
- service_
principal_ strid - The Application(Client) ID of the Service Principal.
- workload_
identity_ strfederation_ issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload_
identity_ strfederation_ subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Map<String>
- id String
- The provider-assigned unique ID for this managed resource.
- service
Principal StringId - The Application(Client) ID of the Service Principal.
- workload
Identity StringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity StringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
Look up Existing ServiceEndpointAzureRM Resource
Get an existing ServiceEndpointAzureRM resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: ServiceEndpointAzureRMState, opts?: CustomResourceOptions): ServiceEndpointAzureRM@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
authorization: Optional[Mapping[str, str]] = None,
azurerm_management_group_id: Optional[str] = None,
azurerm_management_group_name: Optional[str] = None,
azurerm_spn_tenantid: Optional[str] = None,
azurerm_subscription_id: Optional[str] = None,
azurerm_subscription_name: Optional[str] = None,
credentials: Optional[ServiceEndpointAzureRMCredentialsArgs] = None,
description: Optional[str] = None,
environment: Optional[str] = None,
features: Optional[ServiceEndpointAzureRMFeaturesArgs] = None,
project_id: Optional[str] = None,
resource_group: Optional[str] = None,
server_url: Optional[str] = None,
service_endpoint_authentication_scheme: Optional[str] = None,
service_endpoint_name: Optional[str] = None,
service_principal_id: Optional[str] = None,
workload_identity_federation_issuer: Optional[str] = None,
workload_identity_federation_subject: Optional[str] = None) -> ServiceEndpointAzureRMfunc GetServiceEndpointAzureRM(ctx *Context, name string, id IDInput, state *ServiceEndpointAzureRMState, opts ...ResourceOption) (*ServiceEndpointAzureRM, error)public static ServiceEndpointAzureRM Get(string name, Input<string> id, ServiceEndpointAzureRMState? state, CustomResourceOptions? opts = null)public static ServiceEndpointAzureRM get(String name, Output<String> id, ServiceEndpointAzureRMState state, CustomResourceOptions options)resources: _: type: azuredevops:ServiceEndpointAzureRM get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Dictionary<string, string>
- Azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- Azurerm
Management stringGroup Name - The Management group Name of the targets.
- Azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- Azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- Azurerm
Subscription stringName - The Subscription Name of the targets.
- Credentials
Pulumi.
Azure Dev Ops. Inputs. Service Endpoint Azure RMCredentials - A
credentialsblock as defined below. - Description string
- Service connection description.
- Environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - Features
Pulumi.
Azure Dev Ops. Inputs. Service Endpoint Azure RMFeatures - A
featuresblock as defined below. - Project
Id string - The ID of the project.
- Resource
Group string - The resource group used for scope of automatic service endpoint.
- Server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- Service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- Service
Endpoint stringName - The Service Endpoint Name.
- Service
Principal stringId - The Application(Client) ID of the Service Principal.
- Workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - Workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- map[string]string
- Azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- Azurerm
Management stringGroup Name - The Management group Name of the targets.
- Azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- Azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- Azurerm
Subscription stringName - The Subscription Name of the targets.
- Credentials
Service
Endpoint Azure RMCredentials Args - A
credentialsblock as defined below. - Description string
- Service connection description.
- Environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - Features
Service
Endpoint Azure RMFeatures Args - A
featuresblock as defined below. - Project
Id string - The ID of the project.
- Resource
Group string - The resource group used for scope of automatic service endpoint.
- Server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- Service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- Service
Endpoint stringName - The Service Endpoint Name.
- Service
Principal stringId - The Application(Client) ID of the Service Principal.
- Workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - Workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Map<String,String>
- azurerm
Management StringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management StringGroup Name - The Management group Name of the targets.
- azurerm
Spn StringTenantid - The Tenant ID of the service principal.
- azurerm
Subscription StringId - The Subscription ID of the Azure targets.
- azurerm
Subscription StringName - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials - A
credentialsblock as defined below. - description String
- Service connection description.
- environment String
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures - A
featuresblock as defined below. - project
Id String - The ID of the project.
- resource
Group String - The resource group used for scope of automatic service endpoint.
- server
Url String The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint StringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- service
Endpoint StringName - The Service Endpoint Name.
- service
Principal StringId - The Application(Client) ID of the Service Principal.
- workload
Identity StringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity StringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- {[key: string]: string}
- azurerm
Management stringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management stringGroup Name - The Management group Name of the targets.
- azurerm
Spn stringTenantid - The Tenant ID of the service principal.
- azurerm
Subscription stringId - The Subscription ID of the Azure targets.
- azurerm
Subscription stringName - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials - A
credentialsblock as defined below. - description string
- Service connection description.
- environment string
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures - A
featuresblock as defined below. - project
Id string - The ID of the project.
- resource
Group string - The resource group used for scope of automatic service endpoint.
- server
Url string The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint stringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- service
Endpoint stringName - The Service Endpoint Name.
- service
Principal stringId - The Application(Client) ID of the Service Principal.
- workload
Identity stringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity stringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Mapping[str, str]
- azurerm_
management_ strgroup_ id - The Management group ID of the Azure targets.
- azurerm_
management_ strgroup_ name - The Management group Name of the targets.
- azurerm_
spn_ strtenantid - The Tenant ID of the service principal.
- azurerm_
subscription_ strid - The Subscription ID of the Azure targets.
- azurerm_
subscription_ strname - The Subscription Name of the targets.
- credentials
Service
Endpoint Azure RMCredentials Args - A
credentialsblock as defined below. - description str
- Service connection description.
- environment str
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features
Service
Endpoint Azure RMFeatures Args - A
featuresblock as defined below. - project_
id str - The ID of the project.
- resource_
group str - The resource group used for scope of automatic service endpoint.
- server_
url str The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service_
endpoint_ strauthentication_ scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- service_
endpoint_ strname - The Service Endpoint Name.
- service_
principal_ strid - The Application(Client) ID of the Service Principal.
- workload_
identity_ strfederation_ issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload_
identity_ strfederation_ subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
- Map<String>
- azurerm
Management StringGroup Id - The Management group ID of the Azure targets.
- azurerm
Management StringGroup Name - The Management group Name of the targets.
- azurerm
Spn StringTenantid - The Tenant ID of the service principal.
- azurerm
Subscription StringId - The Subscription ID of the Azure targets.
- azurerm
Subscription StringName - The Subscription Name of the targets.
- credentials Property Map
- A
credentialsblock as defined below. - description String
- Service connection description.
- environment String
- The Cloud Environment to use. Defaults to
AzureCloud. Possible values areAzureCloud,AzureChinaCloud,AzureUSGovernment,AzureGermanCloudandAzureStack. Changing this forces a new resource to be created. - features Property Map
- A
featuresblock as defined below. - project
Id String - The ID of the project.
- resource
Group String - The resource group used for scope of automatic service endpoint.
- server
Url String The server URL of the service endpoint. Changing this forces a new resource to be created.
NOTE: One of either
Subscriptionscoped i.e.azurerm_subscription_id,azurerm_subscription_nameorManagementGroupscoped i.e.azurerm_management_group_id,azurerm_management_group_namevalues must be specified.- service
Endpoint StringAuthentication Scheme Specifies the type of Azure Resource Manager Service Endpoint. Possible values are
WorkloadIdentityFederation,ManagedServiceIdentityorServicePrincipal. Defaults toServicePrincipalfor backwards compatibility.NOTE: The
WorkloadIdentityFederationauthentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found here.- service
Endpoint StringName - The Service Endpoint Name.
- service
Principal StringId - The Application(Client) ID of the Service Principal.
- workload
Identity StringFederation Issuer - The issuer if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likehttps://vstoken.dev.azure.com/00000000-0000-0000-0000-000000000000, where the GUID is the Organization ID of your Azure DevOps Organisation. - workload
Identity StringFederation Subject - The subject if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. This looks likesc://<organisation>/<project>/<service-connection-name>.
Supporting Types
ServiceEndpointAzureRMCredentials, ServiceEndpointAzureRMCredentialsArgs
- Serviceprincipalid string
- The service principal application ID
- Serviceprincipalcertificate string
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - Serviceprincipalkey string
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
- Serviceprincipalid string
- The service principal application ID
- Serviceprincipalcertificate string
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - Serviceprincipalkey string
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
- serviceprincipalid String
- The service principal application ID
- serviceprincipalcertificate String
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - serviceprincipalkey String
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
- serviceprincipalid string
- The service principal application ID
- serviceprincipalcertificate string
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - serviceprincipalkey string
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
- serviceprincipalid str
- The service principal application ID
- serviceprincipalcertificate str
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - serviceprincipalkey str
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
- serviceprincipalid String
- The service principal application ID
- serviceprincipalcertificate String
- The service principal certificate. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation. - serviceprincipalkey String
- The service principal secret. This not required if
service_endpoint_authentication_schemeis set toWorkloadIdentityFederation.
ServiceEndpointAzureRMFeatures, ServiceEndpointAzureRMFeaturesArgs
- Validate bool
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
- Validate bool
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
- validate Boolean
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
- validate boolean
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
- validate bool
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
- validate Boolean
- Whether or not to validate connection with Azure after create or update operations. Defaults to
false
Import
Azure DevOps Azure Resource Manager Service Endpoint can be imported using projectID/serviceEndpointID or projectName/serviceEndpointID
$ pulumi import azuredevops:index/serviceEndpointAzureRM:ServiceEndpointAzureRM example 00000000-0000-0000-0000-000000000000/00000000-0000-0000-0000-000000000000
To learn more about importing existing cloud resources, see Importing resources.
Package Details
- Repository
- Azure DevOps pulumi/pulumi-azuredevops
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azuredevopsTerraform Provider.