This is the 1st part in the series of blog posts on managing Azure DevOps using Terraform. You can find the series index here. While using Terraform as part of CI/CD pipelines (or Azure Pipelines) to provide Azure Resources is fun and common, it came across my mind if we can manage Azure DevOps itself using Terraform. So I searched for the providers and seems like Microsoft very recently announced the release of Azure DevOps Provider 0.0.1 for Terraform. Even though the version seems to be very beta, its good enough to dive-in, learn something and also standardize Azure DevOps management. This also takes away one more manual work from DevOps side and we can use standard Infrastructure-as-Code approach to manage our work using already familiar and known approaches.
Navigating Pre-Requisites for Terraform
Create Azure DevOps Personal Access Token
We need to create a personal access token (PAT) in the Azure DevOps so that we can use it to authenticate and perform operations. To create a PAT, login to your Azure DevOps organization, hover over username and select ‘personal access token’. Here you can select a token name, age and required privileges. This is really helpful for organizations that want to follow a least-privilege access approach. Since Terraform is going to use same token, make sure it has enough permissions to do required operations that you are looking for. In our case, we would just give full access since this is sample token.
For authentication, we need to provide the Azure DevOps organization name and PAT token to the Terraform. There are many ways to provide the required information. In our case, we’ll be using below environmental variables to provide the same:
AZDO_ORG_SERVICE_URL – This is the Azure DevOps organization url.AZDO_PERSONAL_ACCESS_TOKEN – This is the Azure DevOps organization personal access token
Create Azure DevOps Project with Terraform
First we need to add Azure DevOps provider to the list of the providers. After this, since we are interested in creating an Azure DevOps project, we can add resource “azuredevops_project”. As of now, only name is the required property for the resource. This will allow us to create a main.tf file with below code:
Lets run the
terraform init followed by
terraform plan and analyze the output:
As we can see in the above output, that it is using default values for other properties such as version control is set to git, visibility is set to private, etc. However it is a good Terraform practice to use explicit values for the resources instead of depending upon the provider to fill-in the same, which might change depending on the version. So, following the same, we need to modify our Terraform code as below:
We can again run
terraform plan and view the output if it looks correct. Let’s go ahead and run
terraform apply -auto-approve. We should get an output like below:
If we hover over to Azure DevOps, we can see that our project has been created by Terraform.
To destroy the Azure DevOps project, we can use familiar
terraform destroy -auto-approve:
Above code is very basic example for managing Azure DevOps projects using Terraform. We have not used any of the Terraform best practices like defining variables, outputs, modules, backends, etc. to name a few. We’ll learn using the same in upcoming few posts. Perhaps we’ll also learn deploying using Azure resources, Project, Pipelines using Terraform…using Terraform !!