terraform-provider-azuredevops icon indicating copy to clipboard operation
terraform-provider-azuredevops copied to clipboard
verified publisher icon microsoft

Manage PAT tokens through terraform provider

Open joewragg opened this issue 1 year ago • 5 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

It would be very useful to my organisation if were able to manage PAT tokens in Azure DevOps through this terraform provider. Especially since they expire and a PAT token is required to run the provider in the first place.

New or Affected Resource(s)

N/A

Potential Terraform Configuration

resource "azuredevops_pat" "example" {
  name = "Example-PAT"
  scope = ["read:token,", "build:create"]       
}

References

None

joewragg avatar Jul 03 '24 14:07 joewragg

@joewragg I am working on adding this functionality which does not exist in the azuredevops-go-api library but I have a PR pending full end-to-end testing and review.

cparkins avatar Aug 15 '24 19:08 cparkins

This one might be more difficult than expected. I have successfully tested the API functionality but the method of Authentication is a bit tricky. This feature currently requires an OAuth Token running on behalf of a Service Principal/User. I will need some time to figure out how to generate those for testing.

cparkins avatar Aug 20 '24 21:08 cparkins

@joewragg I am working on adding this functionality which does not exist in the azuredevops-go-api library but I have a PR pending full end-to-end testing and review.

Thanks good to hear it's being looked at 👍

joewragg avatar Sep 05 '24 13:09 joewragg

Hey everyone, I was wondering if there are any news about the ability to create a PAT via the azuredevops provider?

Alepernicolo avatar Feb 07 '25 12:02 Alepernicolo

@Alepernicolo I think it's possible, but not how I was attempting to do it in my fork. Unfortunately my ability to do any extra work has pretty much disappeared. There is a pattern to make calls to the API without updating the library, but I haven't done any testing that this approach will work. There is also some difficulty making the call because it requires an interesting On-Behalf-Of Authentication Flow to execute.

cparkins avatar Feb 07 '25 17:02 cparkins