{"id":29551329,"url":"https://github.com/libre-devops/terraform-azuredevops-managed-identity-connection","last_synced_at":"2025-07-18T04:05:39.390Z","repository":{"id":295334508,"uuid":"989830575","full_name":"libre-devops/terraform-azuredevops-managed-identity-connection","owner":"libre-devops","description":"A module used to create a managed identity connection in Azure DevOps 🪪","archived":false,"fork":false,"pushed_at":"2025-05-25T00:39:48.000Z","size":35,"stargazers_count":0,"open_issues_count":0,"forks_count":0,"subscribers_count":0,"default_branch":"main","last_synced_at":"2025-05-25T00:57:12.947Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"PowerShell","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/libre-devops.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null,"zenodo":null}},"created_at":"2025-05-24T23:11:30.000Z","updated_at":"2025-05-25T00:39:50.000Z","dependencies_parsed_at":"2025-05-25T00:57:54.840Z","dependency_job_id":"2b431dda-c0cf-4185-951d-338a47c82971","html_url":"https://github.com/libre-devops/terraform-azuredevops-managed-identity-connection","commit_stats":null,"previous_names":["libre-devops/terraform-azuredevops-managed-identity-connection"],"tags_count":1,"template":false,"template_full_name":"libre-devops/terraform-module-template","purl":"pkg:github/libre-devops/terraform-azuredevops-managed-identity-connection","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fterraform-azuredevops-managed-identity-connection","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fterraform-azuredevops-managed-identity-connection/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fterraform-azuredevops-managed-identity-connection/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fterraform-azuredevops-managed-identity-connection/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/libre-devops","download_url":"https://codeload.github.com/libre-devops/terraform-azuredevops-managed-identity-connection/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/libre-devops%2Fterraform-azuredevops-managed-identity-connection/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265698015,"owners_count":23813124,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2025-07-18T04:05:38.322Z","updated_at":"2025-07-18T04:05:39.382Z","avatar_url":"https://github.com/libre-devops.png","language":"PowerShell","funding_links":[],"categories":[],"sub_categories":[],"readme":"```hcl\ndata \"azurerm_client_config\" \"current\" {}\n\ndata \"azurerm_subscription\" \"current\" {}\n\ndata \"azuredevops_project\" \"project_id\" {\n  name = var.azuredevops_project_name\n}\n\nlocals {\n  default_managed_identity_type        = var.managed_identity_type != \"SystemAssigned\" ? \"UserAssigned\" : \"SystemAssigned\"\n  default_managed_identity_name        = var.managed_identity_name != null ? var.managed_identity_name : \"msi-azdo-${var.azuredevops_project_name}-${var.azuredevops_organization_guid}\"\n  default_managed_identity_description = var.managed_identity_description != null ? var.managed_identity_description : \"This managed identity is for the federated credential of Azure DevOps of the project ${var.azuredevops_project_name}, in the organization ${var.azuredevops_organization_name} with guid ${var.azuredevops_organization_guid}\"\n}\n\nmodule \"rg\" {\n  source = \"libre-devops/rg/azurerm\"\n\n  count = var.rg_id == null ? 1 : 0\n\n  rg_name  = var.rg_name\n  location = var.location\n  tags     = var.tags\n}\n\nlocals {\n  rg_parts           = var.rg_id != null ? split(\"/\", var.rg_id) : null\n  rg_name            = local.rg_parts != null ? local.rg_parts[4] : null\n  rg_subscription_id = local.rg_parts != null ? local.rg_parts[2] : null\n}\n\nresource \"azurerm_user_assigned_identity\" \"uid\" {\n  count               = local.default_managed_identity_type != \"SystemAssigned\" ? 1 : 0\n  name                = local.default_managed_identity_name\n  resource_group_name = local.rg_name != null ? local.rg_name : module.rg[0].rg_name\n  location            = var.location\n  tags                = var.tags\n}\n\nresource \"azuredevops_serviceendpoint_azurerm\" \"azure_devops_service_endpoint_azurerm\" {\n  depends_on                             = [azurerm_role_assignment.assign_spn_to_subscription[0]]\n  project_id                             = data.azuredevops_project.project_id.id\n  service_endpoint_name                  = var.managed_identity_name != null ? var.managed_identity_name : local.default_managed_identity_name\n  description                            = var.managed_identity_description\n  service_endpoint_authentication_scheme = \"ManagedServiceIdentity\"\n\n  credentials {\n    serviceprincipalid = var.system_assigned_managed_identity_principal_id == null ? azurerm_user_assigned_identity.uid[0].client : var.system_assigned_managed_identity_client_id\n  }\n\n  azurerm_spn_tenantid      = data.azurerm_client_config.current.tenant_id\n  azurerm_subscription_id   = data.azurerm_subscription.current.subscription_id\n  azurerm_subscription_name = data.azurerm_subscription.current.display_name\n}\n\nresource \"azurerm_role_assignment\" \"assign_spn_to_subscription\" {\n  count                = var.attempt_assign_role_to_spn == true ? 1 : 0\n  principal_id         = var.system_assigned_managed_identity_principal_id == null ? azurerm_user_assigned_identity.uid[0].principal_id : var.system_assigned_managed_identity_principal_id\n  scope                = data.azurerm_subscription.current.id\n  role_definition_name = var.role_definition_name_to_assign\n}\n\n# resource \"azurerm_federated_identity_credential\" \"fed_cred_managed_identity\" {\n#   count               = var.managed_identity_type == \"UserAssigned\" ? 1 : 0\n#   name                = local.default_managed_identity_name\n#   resource_group_name = local.rg_name\n#   parent_id           = azurerm_user_assigned_identity.uid[0].id\n#   audience            = [\"api://AzureADTokenExchange\"]\n#   issuer              = azuredevops_serviceendpoint_azurerm.azure_devops_service_endpoint_azurerm.workload_identity_federation_issuer\n#   subject             = azuredevops_serviceendpoint_azurerm.azure_devops_service_endpoint_azurerm.workload_identity_federation_subject\n# }\n```\n## Requirements\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"requirement_azuredevops\"\u003e\u003c/a\u003e [azuredevops](#requirement\\_azuredevops) | \u003e=1.0.1 |\n\n## Providers\n\n| Name | Version |\n|------|---------|\n| \u003ca name=\"provider_azuredevops\"\u003e\u003c/a\u003e [azuredevops](#provider\\_azuredevops) | \u003e=1.0.1 |\n| \u003ca name=\"provider_azurerm\"\u003e\u003c/a\u003e [azurerm](#provider\\_azurerm) | n/a |\n\n## Modules\n\n| Name | Source | Version |\n|------|--------|---------|\n| \u003ca name=\"module_rg\"\u003e\u003c/a\u003e [rg](#module\\_rg) | libre-devops/rg/azurerm | n/a |\n\n## Resources\n\n| Name | Type |\n|------|------|\n| [azuredevops_serviceendpoint_azurerm.azure_devops_service_endpoint_azurerm](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/resources/serviceendpoint_azurerm) | resource |\n| [azurerm_role_assignment.assign_spn_to_subscription](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment) | resource |\n| [azurerm_user_assigned_identity.uid](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/user_assigned_identity) | resource |\n| [azuredevops_project.project_id](https://registry.terraform.io/providers/microsoft/azuredevops/latest/docs/data-sources/project) | data source |\n| [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) | data source |\n| [azurerm_subscription.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/subscription) | data source |\n\n## Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| \u003ca name=\"input_attempt_assign_role_to_spn\"\u003e\u003c/a\u003e [attempt\\_assign\\_role\\_to\\_spn](#input\\_attempt\\_assign\\_role\\_to\\_spn) | Whether or not to attempt to assign a role to the SPN to the subscription.  This is actually needed, so defaults to true | `bool` | `true` | no |\n| \u003ca name=\"input_azuredevops_organization_guid\"\u003e\u003c/a\u003e [azuredevops\\_organization\\_guid](#input\\_azuredevops\\_organization\\_guid) | The unique ID of your Azure DevOps organisation | `string` | n/a | yes |\n| \u003ca name=\"input_azuredevops_organization_name\"\u003e\u003c/a\u003e [azuredevops\\_organization\\_name](#input\\_azuredevops\\_organization\\_name) | The name of your Azure DevOps organization | `string` | n/a | yes |\n| \u003ca name=\"input_azuredevops_project_name\"\u003e\u003c/a\u003e [azuredevops\\_project\\_name](#input\\_azuredevops\\_project\\_name) | The name of your Azure DevOps project you want to configure | `string` | n/a | yes |\n| \u003ca name=\"input_location\"\u003e\u003c/a\u003e [location](#input\\_location) | The location for this resource to be put in | `string` | `\"uksouth\"` | no |\n| \u003ca name=\"input_managed_identity_description\"\u003e\u003c/a\u003e [managed\\_identity\\_description](#input\\_managed\\_identity\\_description) | The description of the service principal | `string` | `null` | no |\n| \u003ca name=\"input_managed_identity_name\"\u003e\u003c/a\u003e [managed\\_identity\\_name](#input\\_managed\\_identity\\_name) | The name of the service principal | `string` | `null` | no |\n| \u003ca name=\"input_managed_identity_type\"\u003e\u003c/a\u003e [managed\\_identity\\_type](#input\\_managed\\_identity\\_type) | The type of the managed identity | `string` | `null` | no |\n| \u003ca name=\"input_rg_id\"\u003e\u003c/a\u003e [rg\\_id](#input\\_rg\\_id) | The id of a resource group, supplying this value stops the module from creating a resource group, defaults to null as created a resource group is the default behaviour | `string` | `null` | no |\n| \u003ca name=\"input_rg_name\"\u003e\u003c/a\u003e [rg\\_name](#input\\_rg\\_name) | The name of the resource group, this module creates a resource group for you, so please supply a unique name | `string` | `null` | no |\n| \u003ca name=\"input_role_definition_name_to_assign\"\u003e\u003c/a\u003e [role\\_definition\\_name\\_to\\_assign](#input\\_role\\_definition\\_name\\_to\\_assign) | The role definition needed to setup SPN, for security reasons, defautls to Reader | `string` | `\"Reader\"` | no |\n| \u003ca name=\"input_system_assigned_managed_identity_client_id\"\u003e\u003c/a\u003e [system\\_assigned\\_managed\\_identity\\_client\\_id](#input\\_system\\_assigned\\_managed\\_identity\\_client\\_id) | The client id of the system assigned managed identity | `string` | `null` | no |\n| \u003ca name=\"input_system_assigned_managed_identity_principal_id\"\u003e\u003c/a\u003e [system\\_assigned\\_managed\\_identity\\_principal\\_id](#input\\_system\\_assigned\\_managed\\_identity\\_principal\\_id) | The principal id of the system assigned managed identity | `string` | `null` | no |\n| \u003ca name=\"input_tags\"\u003e\u003c/a\u003e [tags](#input\\_tags) | A map of the tags to use on the resources that are deployed with this module. | `map(string)` | `{}` | no |\n\n## Outputs\n\n| Name | Description |\n|------|-------------|\n| \u003ca name=\"output_managed_identity_client_id\"\u003e\u003c/a\u003e [managed\\_identity\\_client\\_id](#output\\_managed\\_identity\\_client\\_id) | The client id of the managed identity |\n| \u003ca name=\"output_managed_identity_id\"\u003e\u003c/a\u003e [managed\\_identity\\_id](#output\\_managed\\_identity\\_id) | The id of the managed identity |\n| \u003ca name=\"output_managed_identity_principal_id\"\u003e\u003c/a\u003e [managed\\_identity\\_principal\\_id](#output\\_managed\\_identity\\_principal\\_id) | The principal id of the managed identity |\n| \u003ca name=\"output_service_endpoint_id\"\u003e\u003c/a\u003e [service\\_endpoint\\_id](#output\\_service\\_endpoint\\_id) | The id of the service endpoint |\n| \u003ca name=\"output_service_endpoint_name\"\u003e\u003c/a\u003e [service\\_endpoint\\_name](#output\\_service\\_endpoint\\_name) | The project name of the service endpoint is made with |\n| \u003ca name=\"output_service_endpoint_project_id\"\u003e\u003c/a\u003e [service\\_endpoint\\_project\\_id](#output\\_service\\_endpoint\\_project\\_id) | The project id of the service endpoint is made with |\n| \u003ca name=\"output_service_endpoint_service_principal_id\"\u003e\u003c/a\u003e [service\\_endpoint\\_service\\_principal\\_id](#output\\_service\\_endpoint\\_service\\_principal\\_id) | The service principal id service endpoint is made with |\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fterraform-azuredevops-managed-identity-connection","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Flibre-devops%2Fterraform-azuredevops-managed-identity-connection","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Flibre-devops%2Fterraform-azuredevops-managed-identity-connection/lists"}