dbtcloud.AzureAdApplication

dbt Cloud v1.8.2, May 14 26

Viewing docs for dbt Cloud v1.8.2
published on Thursday, May 14, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-dbtcloud

Viewing docs for dbt Cloud v1.8.2
published on Thursday, May 14, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-dbtcloud

Destroy behaviour: running terraform destroy calls the dbt Cloud DELETE endpoint, which marks the record as inactive. Due to a known dbt Cloud backend limitation, the underlying database row is retained and re-creating the resource against the same account without a backend cleanup will fail with a unique-constraint error. If you need to recreate the resource after a destroy, contact dbt Cloud support to have the orphaned record removed, or use pulumi import to re-adopt the existing record ID.

Requires the Azure DevOps integration feature to be enabled on the account (enterprise plans only).

Example Usage

import * as pulumi from "@pulumi/pulumi";
import * as dbtcloud from "@pulumi/dbtcloud";

const _this = new dbtcloud.AzureAdApplication("this", {
    organizationName: "my-azure-devops-org",
    clientId: "00000000-0000-0000-0000-000000000000",
    clientSecret: azureClientSecret,
    tenantId: "00000000-0000-0000-0000-000000000001",
    azureServiceAuthenticationMethod: "service_user",
});

import pulumi
import pulumi_dbtcloud as dbtcloud

this = dbtcloud.AzureAdApplication("this",
    organization_name="my-azure-devops-org",
    client_id="00000000-0000-0000-0000-000000000000",
    client_secret=azure_client_secret,
    tenant_id="00000000-0000-0000-0000-000000000001",
    azure_service_authentication_method="service_user")

package main

import (
	"github.com/pulumi/pulumi-dbtcloud/sdk/go/dbtcloud"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := dbtcloud.NewAzureAdApplication(ctx, "this", &dbtcloud.AzureAdApplicationArgs{
			OrganizationName:                 pulumi.String("my-azure-devops-org"),
			ClientId:                         pulumi.String("00000000-0000-0000-0000-000000000000"),
			ClientSecret:                     pulumi.Any(azureClientSecret),
			TenantId:                         pulumi.String("00000000-0000-0000-0000-000000000001"),
			AzureServiceAuthenticationMethod: pulumi.String("service_user"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

using System.Collections.Generic;
using System.Linq;
using Pulumi;
using DbtCloud = Pulumi.DbtCloud;

return await Deployment.RunAsync(() => 
{
    var @this = new DbtCloud.AzureAdApplication("this", new()
    {
        OrganizationName = "my-azure-devops-org",
        ClientId = "00000000-0000-0000-0000-000000000000",
        ClientSecret = azureClientSecret,
        TenantId = "00000000-0000-0000-0000-000000000001",
        AzureServiceAuthenticationMethod = "service_user",
    });

});

package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.dbtcloud.AzureAdApplication;
import com.pulumi.dbtcloud.AzureAdApplicationArgs;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var this_ = new AzureAdApplication("this", AzureAdApplicationArgs.builder()
            .organizationName("my-azure-devops-org")
            .clientId("00000000-0000-0000-0000-000000000000")
            .clientSecret(azureClientSecret)
            .tenantId("00000000-0000-0000-0000-000000000001")
            .azureServiceAuthenticationMethod("service_user")
            .build());

    }
}

resources:
  this:
    type: dbtcloud:AzureAdApplication
    properties:
      organizationName: my-azure-devops-org
      clientId: 00000000-0000-0000-0000-000000000000
      clientSecret: ${azureClientSecret}
      tenantId: 00000000-0000-0000-0000-000000000001
      azureServiceAuthenticationMethod: service_user

Example coming soon!

Create AzureAdApplication Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new AzureAdApplication(name: string, args: AzureAdApplicationArgs, opts?: CustomResourceOptions);

@overload
def AzureAdApplication(resource_name: str,
                       args: AzureAdApplicationArgs,
                       opts: Optional[ResourceOptions] = None)

@overload
def AzureAdApplication(resource_name: str,
                       opts: Optional[ResourceOptions] = None,
                       client_id: Optional[str] = None,
                       client_secret: Optional[str] = None,
                       organization_name: Optional[str] = None,
                       tenant_id: Optional[str] = None,
                       azure_service_authentication_method: Optional[str] = None)

func NewAzureAdApplication(ctx *Context, name string, args AzureAdApplicationArgs, opts ...ResourceOption) (*AzureAdApplication, error)

public AzureAdApplication(string name, AzureAdApplicationArgs args, CustomResourceOptions? opts = null)

public AzureAdApplication(String name, AzureAdApplicationArgs args)
public AzureAdApplication(String name, AzureAdApplicationArgs args, CustomResourceOptions options)

type: dbtcloud:AzureAdApplication
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

resource "dbtcloud_azureadapplication" "name" {
    # resource properties
}

Parameters

name string: The unique name of the resource.
args AzureAdApplicationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AzureAdApplicationArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AzureAdApplicationArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AzureAdApplicationArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AzureAdApplicationArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Constructor example

The following reference example uses placeholder values for all input properties.

var azureAdApplicationResource = new DbtCloud.AzureAdApplication("azureAdApplicationResource", new()
{
    ClientId = "string",
    ClientSecret = "string",
    OrganizationName = "string",
    TenantId = "string",
    AzureServiceAuthenticationMethod = "string",
});

example, err := dbtcloud.NewAzureAdApplication(ctx, "azureAdApplicationResource", &dbtcloud.AzureAdApplicationArgs{
	ClientId:                         pulumi.String("string"),
	ClientSecret:                     pulumi.String("string"),
	OrganizationName:                 pulumi.String("string"),
	TenantId:                         pulumi.String("string"),
	AzureServiceAuthenticationMethod: pulumi.String("string"),
})

resource "dbtcloud_azureadapplication" "azureAdApplicationResource" {
  client_id                           = "string"
  client_secret                       = "string"
  organization_name                   = "string"
  tenant_id                           = "string"
  azure_service_authentication_method = "string"
}

var azureAdApplicationResource = new AzureAdApplication("azureAdApplicationResource", AzureAdApplicationArgs.builder()
    .clientId("string")
    .clientSecret("string")
    .organizationName("string")
    .tenantId("string")
    .azureServiceAuthenticationMethod("string")
    .build());

azure_ad_application_resource = dbtcloud.AzureAdApplication("azureAdApplicationResource",
    client_id="string",
    client_secret="string",
    organization_name="string",
    tenant_id="string",
    azure_service_authentication_method="string")

const azureAdApplicationResource = new dbtcloud.AzureAdApplication("azureAdApplicationResource", {
    clientId: "string",
    clientSecret: "string",
    organizationName: "string",
    tenantId: "string",
    azureServiceAuthenticationMethod: "string",
});

type: dbtcloud:AzureAdApplication
properties:
    azureServiceAuthenticationMethod: string
    clientId: string
    clientSecret: string
    organizationName: string
    tenantId: string

AzureAdApplication Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

The AzureAdApplication resource accepts the following input properties:

ClientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
ClientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
OrganizationName string: The name of the Azure DevOps organization.
TenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
AzureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

ClientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
ClientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
OrganizationName string: The name of the Azure DevOps organization.
TenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
AzureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

client_id string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
client_secret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
organization_name string: The name of the Azure DevOps organization.
tenant_id string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
azure_service_authentication_method string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

clientId String: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret String: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
organizationName String: The name of the Azure DevOps organization.
tenantId String: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
azureServiceAuthenticationMethod String: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

clientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
organizationName string: The name of the Azure DevOps organization.
tenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
azureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

client_id str: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
client_secret str: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
organization_name str: The name of the Azure DevOps organization.
tenant_id str: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
azure_service_authentication_method str: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

clientId String: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret String: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
organizationName String: The name of the Azure DevOps organization.
tenantId String: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
azureServiceAuthenticationMethod String: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.

Outputs

All input properties are implicitly available as output properties. Additionally, the AzureAdApplication resource produces the following output properties:

AccountId int: The ID of the dbt Cloud account.
CreatedAt string: Timestamp when the application was created.
Id string: The provider-assigned unique ID for this managed resource.
OauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
UpdatedAt string: Timestamp when the application was last updated.

AccountId int: The ID of the dbt Cloud account.
CreatedAt string: Timestamp when the application was created.
Id string: The provider-assigned unique ID for this managed resource.
OauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
UpdatedAt string: Timestamp when the application was last updated.

account_id number: The ID of the dbt Cloud account.
created_at string: Timestamp when the application was created.
id string: The provider-assigned unique ID for this managed resource.
oauth_redirect_uri_domain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
updated_at string: Timestamp when the application was last updated.

accountId Integer: The ID of the dbt Cloud account.
createdAt String: Timestamp when the application was created.
id String: The provider-assigned unique ID for this managed resource.
oauthRedirectUriDomain String: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
updatedAt String: Timestamp when the application was last updated.

accountId number: The ID of the dbt Cloud account.
createdAt string: Timestamp when the application was created.
id string: The provider-assigned unique ID for this managed resource.
oauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
updatedAt string: Timestamp when the application was last updated.

account_id int: The ID of the dbt Cloud account.
created_at str: Timestamp when the application was created.
id str: The provider-assigned unique ID for this managed resource.
oauth_redirect_uri_domain str: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
updated_at str: Timestamp when the application was last updated.

accountId Number: The ID of the dbt Cloud account.
createdAt String: Timestamp when the application was created.
id String: The provider-assigned unique ID for this managed resource.
oauthRedirectUriDomain String: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
updatedAt String: Timestamp when the application was last updated.

Look up Existing AzureAdApplication Resource

Get an existing AzureAdApplication resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

public static get(name: string, id: Input<ID>, state?: AzureAdApplicationState, opts?: CustomResourceOptions): AzureAdApplication

@staticmethod
def get(resource_name: str,
        id: str,
        opts: Optional[ResourceOptions] = None,
        account_id: Optional[int] = None,
        azure_service_authentication_method: Optional[str] = None,
        client_id: Optional[str] = None,
        client_secret: Optional[str] = None,
        created_at: Optional[str] = None,
        oauth_redirect_uri_domain: Optional[str] = None,
        organization_name: Optional[str] = None,
        tenant_id: Optional[str] = None,
        updated_at: Optional[str] = None) -> AzureAdApplication

func GetAzureAdApplication(ctx *Context, name string, id IDInput, state *AzureAdApplicationState, opts ...ResourceOption) (*AzureAdApplication, error)

public static AzureAdApplication Get(string name, Input<string> id, AzureAdApplicationState? state, CustomResourceOptions? opts = null)

public static AzureAdApplication get(String name, Output<String> id, AzureAdApplicationState state, CustomResourceOptions options)

resources:  _:    type: dbtcloud:AzureAdApplication    get:      id: ${id}

import {
  to = dbtcloud_azureadapplication.example
  id = "${id}"
}

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

resource_name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

name: The unique name of the resulting resource.
id: The unique provider ID of the resource to lookup.
state: Any extra arguments used during the lookup.
opts: A bag of options that control this resource's behavior.

The following state arguments are supported:

AccountId int: The ID of the dbt Cloud account.
AzureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
ClientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
ClientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
CreatedAt string: Timestamp when the application was created.
OauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
OrganizationName string: The name of the Azure DevOps organization.
TenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
UpdatedAt string: Timestamp when the application was last updated.

AccountId int: The ID of the dbt Cloud account.
AzureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
ClientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
ClientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
CreatedAt string: Timestamp when the application was created.
OauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
OrganizationName string: The name of the Azure DevOps organization.
TenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
UpdatedAt string: Timestamp when the application was last updated.

account_id number: The ID of the dbt Cloud account.
azure_service_authentication_method string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
client_id string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
client_secret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
created_at string: Timestamp when the application was created.
oauth_redirect_uri_domain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
organization_name string: The name of the Azure DevOps organization.
tenant_id string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
updated_at string: Timestamp when the application was last updated.

accountId Integer: The ID of the dbt Cloud account.
azureServiceAuthenticationMethod String: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
clientId String: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret String: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
createdAt String: Timestamp when the application was created.
oauthRedirectUriDomain String: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
organizationName String: The name of the Azure DevOps organization.
tenantId String: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
updatedAt String: Timestamp when the application was last updated.

accountId number: The ID of the dbt Cloud account.
azureServiceAuthenticationMethod string: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
clientId string: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret string: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
createdAt string: Timestamp when the application was created.
oauthRedirectUriDomain string: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
organizationName string: The name of the Azure DevOps organization.
tenantId string: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
updatedAt string: Timestamp when the application was last updated.

account_id int: The ID of the dbt Cloud account.
azure_service_authentication_method str: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
client_id str: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
client_secret str: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
created_at str: Timestamp when the application was created.
oauth_redirect_uri_domain str: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
organization_name str: The name of the Azure DevOps organization.
tenant_id str: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
updated_at str: Timestamp when the application was last updated.

accountId Number: The ID of the dbt Cloud account.
azureServiceAuthenticationMethod String: The method used for service authentication. One of: ~~~serviceuser~~~, ~~~serviceprincipal~~~. Defaults to ~~~service_user~~~.
clientId String: The client ID (application ID) of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
clientSecret String: The client secret of the Azure AD app registration. Stored as a sensitive value — the API never returns it.
createdAt String: Timestamp when the application was created.
oauthRedirectUriDomain String: The domain used for the OAuth redirect URI. Set automatically by dbt Cloud based on the account's subdomain.
organizationName String: The name of the Azure DevOps organization.
tenantId String: The tenant ID of the Azure AD directory. Stored as a sensitive value — the API never returns it.
updatedAt String: Timestamp when the application was last updated.

Import

using import blocks (requires Terraform >= 1.5) import { to = dbtcloud_azure_ad_application.this id = “azureAdApplicationId” }

import { to = dbtcloud_azure_ad_application.this id = “12345” }

using the older import command

$ pulumi import dbtcloud:index/azureAdApplication:AzureAdApplication this azure_ad_application_id
$ pulumi import dbtcloud:index/azureAdApplication:AzureAdApplication this 12345

NOTE: client_id, client_secret, and tenantId will be empty after import — the API never returns these values. You must set them in your config to avoid drift on the next apply.

Import is also the recovery path if destroy left an orphaned record in dbt Cloud (the DELETE endpoint soft-deletes the row rather than removing it). Find the existing record ID and import it instead of creating a new one.

To learn more about importing existing cloud resources, see Importing resources.

Package Details

Repository: dbtcloud pulumi/pulumi-dbtcloud
License: Apache-2.0
Notes: This Pulumi package is based on the dbtcloud Terraform Provider.

Viewing docs for dbt Cloud v1.8.2
published on Thursday, May 14, 2026 by Pulumi

Schema (JSON)

pulumi/pulumi-dbtcloud

dbtcloud.AzureAdApplication

On this page

On this page

Example Usage

Create AzureAdApplication Resource

Constructor syntax

Parameters

Constructor example

AzureAdApplication Resource Properties

Inputs

Outputs

Look up Existing AzureAdApplication Resource

Import

Package Details

On this page

On this page