How to create VCS for Azure DevOps and a PAT

Avatar
Patrick Munne
  • Updated

Introduction

The creation of a VCS connection for Azure DevOps using a Personal Access Token (PAT) is documented on the following page here. That documentation outlines the process when using the Terraform Enterprise (TFE) user interface.

This knowledge base article describes how to perform the same configuration using the Terraform Enterprise API and the Terraform Enterprise (TFE) provider, including the required provider values.

 

Expected Outcome

Created a VCS for Azure DevOps and a PAT using the TFE provider or API

 

Prerequisites 

  •  Have a Azure DevOps Personal Access Token as described here in step 2
    • Make sure the token has the following permissions
      • Code read and status scopes
      • All accessible organizations access
  • Have a Terraform Enterprise Token with enough permissions to create a VCS connection
     

Use Case
 

Using the Terraform Enterprise provider

  • Use the resource tfe_oauth_client as described here
     
  • Example code 
provider "tfe" {
  hostname = "<TFE_FQDN>"                         # Fully Qualified Domain Name of your Terraform Enterprise environment
  token = "<TFE_TOKEN>"                           # This is the TOKEN to access Terraform Enterprise
}

resource "tfe_oauth_client" "test" {
  name             = "Azure DevOps using PAT"     # The name of the VCS connection to be reflected in Terraform Enterprise
  organization     = "<YOUR_ORGANIZATION>"        # You organization where the VCS should be created
  api_url          = "https://dev.azure.com"      # This is the name to be used for Azure DevOps (do not alter)
  http_url         = "https://dev.azure.com"      # This is the name to be used for Azure DevOps (do not alter)
  oauth_token      = "<YOUR_PAT_AZURE_DEVOPS>"    # This is the PAT value  
  service_provider = "ado_services" 
  organization_scoped = true
}

 

Using the Terraform Enterprise API

  • Use the following API call as described here
     
  • Create a file called payload.json with the following contents
{
  "data": {
    "type": "oauth-clients",
    "attributes": {
      "service-provider": "ado_services",
      "name": "Azure DevOps using PAT",
      "http-url": "https://dev.azure.com",
      "api-url": "https://dev.azure.com",
      "oauth-token-string": "<YOUR_PAT_AZURE_DEVOPS>"
    }
  }
}

 

  • Make the API call to Terraform Enterprise
export TOKEN="<TFE_TOKEN>" 

curl \
  --header "Authorization: Bearer $TOKEN" \
  --header "Content-Type: application/vnd.api+json" \
  --request POST \
  --data @payload.json \
  https://<TFE_FQDN>/api/v2/organizations/<YOUR_ORGANIZATION>/oauth-clients

 

 

Additional Information

  • API call as described here

  • Resource tfe_oauth_client as described here

  • Official documentation for Azure DevOps PAT can be found here

Articles in this section

See more