@pulumi/azuredevops 2.9.0 → 2.10.0

package/pipelineAuthorization.d.ts

@@ -2,8 +2,9 @@ import * as pulumi from "@pulumi/pulumi";
 /**
  * Manage pipeline access permissions to resources.
  *
- * > **Note** This resource is a replacement for `azuredevops.ResourceAuthorization`.  Pipeline authorizations managed by `azuredevops.ResourceAuthorization` can also
- * be managed by this resource
+ * > **Note** This resource is a replacement for `azuredevops.ResourceAuthorization`.  Pipeline authorizations managed by `azuredevops.ResourceAuthorization` can also be managed by this resource.
+ *
+ * > **Note** If both "All Pipeline Authorization" and "Custom Pipeline Authorization" are configured, "All Pipeline Authorization" has higher priority.
  *
  * ## Example Usage
  * ### Authorization for all pipelines
@@ -92,7 +93,7 @@ export declare class PipelineAuthorization extends pulumi.CustomResource {
      */
     static isInstance(obj: any): obj is PipelineAuthorization;
     /**
-     * The ID of the pipeline. Changing this forces a new resource to be created
+     * The ID of the pipeline. If not configured, all pipelines will be authorized. Changing this forces a new resource to be created.
      */
     readonly pipelineId: pulumi.Output<number | undefined>;
     /**
@@ -121,7 +122,7 @@ export declare class PipelineAuthorization extends pulumi.CustomResource {
  */
 export interface PipelineAuthorizationState {
     /**
-     * The ID of the pipeline. Changing this forces a new resource to be created
+     * The ID of the pipeline. If not configured, all pipelines will be authorized. Changing this forces a new resource to be created.
      */
     pipelineId?: pulumi.Input<number>;
     /**
@@ -142,7 +143,7 @@ export interface PipelineAuthorizationState {
  */
 export interface PipelineAuthorizationArgs {
     /**
-     * The ID of the pipeline. Changing this forces a new resource to be created
+     * The ID of the pipeline. If not configured, all pipelines will be authorized. Changing this forces a new resource to be created.
      */
     pipelineId?: pulumi.Input<number>;
     /**

package/pipelineAuthorization.js

@@ -8,8 +8,9 @@ const utilities = require("./utilities");
 /**
  * Manage pipeline access permissions to resources.
  *
- * > **Note** This resource is a replacement for `azuredevops.ResourceAuthorization`.  Pipeline authorizations managed by `azuredevops.ResourceAuthorization` can also
- * be managed by this resource
+ * > **Note** This resource is a replacement for `azuredevops.ResourceAuthorization`.  Pipeline authorizations managed by `azuredevops.ResourceAuthorization` can also be managed by this resource.
+ *
+ * > **Note** If both "All Pipeline Authorization" and "Custom Pipeline Authorization" are configured, "All Pipeline Authorization" has higher priority.
  *
  * ## Example Usage
  * ### Authorization for all pipelines

package/pipelineAuthorization.js.map

@@ -1 +1 @@
-{"version":3,"file":"pipelineAuthorization.js","sourceRoot":"","sources":["../pipelineAuthorization.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA2EG;AACH,MAAa,qBAAsB,SAAQ,MAAM,CAAC,cAAc;IAC5D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAkC,EAAE,IAAmC;QAChI,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC5E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,qBAAqB,CAAC,YAAY,CAAC;IACtE,CAAC;IA2BD,YAAY,IAAY,EAAE,WAAoE,EAAE,IAAmC;QAC/H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAqD,CAAC;YACpE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAoD,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,qBAAqB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC1E,CAAC;;AAhFL,sDAiFC;AAnEG,gBAAgB;AACO,kCAAY,GAAG,+DAA+D,CAAC"}
+{"version":3,"file":"pipelineAuthorization.js","sourceRoot":"","sources":["../pipelineAuthorization.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA4EG;AACH,MAAa,qBAAsB,SAAQ,MAAM,CAAC,cAAc;IAC5D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAkC,EAAE,IAAmC;QAChI,OAAO,IAAI,qBAAqB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC5E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,qBAAqB,CAAC,YAAY,CAAC;IACtE,CAAC;IA2BD,YAAY,IAAY,EAAE,WAAoE,EAAE,IAAmC;QAC/H,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAqD,CAAC;YACpE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,YAAY,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,MAAM,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3D;aAAM;YACH,MAAM,IAAI,GAAG,WAAoD,CAAC;YAClE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,UAAU,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACvD,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;aAC7D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,IAAI,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACjD,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;aACvD;YACD,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,YAAY,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,MAAM,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,IAAI,CAAC,CAAC,CAAC,SAAS,CAAC;SACzD;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,KAAK,CAAC,qBAAqB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC1E,CAAC;;AAhFL,sDAiFC;AAnEG,gBAAgB;AACO,kCAAY,GAAG,+DAA+D,CAAC"}

package/provider.js

@@ -20,7 +20,7 @@ class Provider extends pulumi.ProviderResource {
         if (obj === undefined || obj === null) {
             return false;
         }
-        return obj['__pulumiType'] === Provider.__pulumiType;
+        return obj['__pulumiType'] === "pulumi:providers:" + Provider.__pulumiType;
     }
     /**
      * Create a Provider resource with the given unique name, arguments, and options.

package/provider.js.map

@@ -1 +1 @@
-{"version":3,"file":"provider.js","sourceRoot":"","sources":["../provider.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;GAKG;AACH,MAAa,QAAS,SAAQ,MAAM,CAAC,gBAAgB;IAIjD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,QAAQ,CAAC,YAAY,CAAC;IACzD,CAAC;IAWD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAmB,EAAE,IAA6B;;QACxE,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB;YACI,cAAc,CAAC,eAAe,CAAC,GAAG,MAAA,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,mCAAI,SAAS,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACtH,cAAc,CAAC,qBAAqB,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,mBAAmB,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3H;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;;AA1CL,4BA2CC;AA1CG,gBAAgB;AACO,qBAAY,GAAG,aAAa,CAAC"}
+{"version":3,"file":"provider.js","sourceRoot":"","sources":["../provider.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AACzC,yCAAyC;AAEzC;;;;;GAKG;AACH,MAAa,QAAS,SAAQ,MAAM,CAAC,gBAAgB;IAIjD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,mBAAmB,GAAG,QAAQ,CAAC,YAAY,CAAC;IAC/E,CAAC;IAWD;;;;;;OAMG;IACH,YAAY,IAAY,EAAE,IAAmB,EAAE,IAA6B;;QACxE,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB;YACI,cAAc,CAAC,eAAe,CAAC,GAAG,MAAA,CAAC,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC,mCAAI,SAAS,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC;YACtH,cAAc,CAAC,qBAAqB,CAAC,GAAG,CAAA,IAAI,aAAJ,IAAI,uBAAJ,IAAI,CAAE,mBAAmB,EAAC,CAAC,CAAC,MAAM,CAAC,MAAM,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;SAC3H;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,UAAU,GAAG,EAAE,uBAAuB,EAAE,CAAC,qBAAqB,CAAC,EAAE,CAAC;QACxE,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,UAAU,CAAC,CAAC;QAC7C,KAAK,CAAC,QAAQ,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC7D,CAAC;;AA1CL,4BA2CC;AA1CG,gBAAgB;AACO,qBAAY,GAAG,aAAa,CAAC"}

package/serviceEndpointAzureRM.d.ts

@@ -11,7 +11,7 @@ import * as outputs from "./types/output";
  * For detailed steps to create a service principal with Azure cli see the [documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
  *
  * ## Example Usage
- * ### Manual AzureRM Service Endpoint (Subscription Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (Subscription Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -27,6 +27,7 @@ import * as outputs from "./types/output";
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -36,7 +37,7 @@ import * as outputs from "./types/output";
  *     azurermSubscriptionName: "Example Subscription Name",
  * });
  * ```
- * ### Manual AzureRM Service Endpoint (ManagementGroup Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (ManagementGroup Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -52,6 +53,7 @@ import * as outputs from "./types/output";
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -61,7 +63,7 @@ import * as outputs from "./types/output";
  *     azurermManagementGroupName: "managementGroup",
  * });
  * ```
- * ### Automatic AzureRM Service Endpoint
+ * ### Service Principal Automatic AzureRM Service Endpoint
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -75,6 +77,91 @@ import * as outputs from "./types/output";
  * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Manual AzureRM Service Endpoint (Subscription Scoped)
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ * import * as azurerm from "@pulumi/azurerm";
+ *
+ * const serviceConnectionName = "example-federated-sc";
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ *     description: "Managed by Terraform",
+ * });
+ * const identity = new azurerm.index.Azurerm_resource_group("identity", {
+ *     name: "identity",
+ *     location: "UK South",
+ * });
+ * const exampleazurerm_user_assigned_identity = new azurerm.index.Azurerm_user_assigned_identity("exampleazurerm_user_assigned_identity", {
+ *     location: _var.location,
+ *     name: "example-identity",
+ *     resourceGroupName: "azurerm_resource_group.identity.name",
+ * });
+ * const exampleazurerm_federated_identity_credential = new azurerm.index.Azurerm_federated_identity_credential("exampleazurerm_federated_identity_credential", {
+ *     name: "example-federated-credential",
+ *     resourceGroupName: identity.name,
+ *     audience: ["api://AzureADTokenExchange"],
+ *     issuer: "https://app.vstoken.visualstudio.com",
+ *     parentId: exampleazurerm_user_assigned_identity.id,
+ *     subject: `sc://${_var.azure_devops_organisation}/${exampleProject.name}/${serviceConnectionName}`,
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: serviceConnectionName,
+ *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     credentials: {
+ *         serviceprincipalid: exampleazurerm_user_assigned_identity.clientId,
+ *     },
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Automatic AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Managed Identity AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ManagedServiceIdentity",
  *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionName: "Example Subscription Name",
@@ -153,6 +240,12 @@ export declare class ServiceEndpointAzureRM extends pulumi.CustomResource {
      * The resource group used for scope of automatic service endpoint.
      */
     readonly resourceGroup: pulumi.Output<string | undefined>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    readonly serviceEndpointAuthenticationScheme: pulumi.Output<string | undefined>;
     /**
      * The Service Endpoint Name.
      */
@@ -215,6 +308,12 @@ export interface ServiceEndpointAzureRMState {
      * The resource group used for scope of automatic service endpoint.
      */
     resourceGroup?: pulumi.Input<string>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    serviceEndpointAuthenticationScheme?: pulumi.Input<string>;
     /**
      * The Service Endpoint Name.
      */
@@ -269,6 +368,12 @@ export interface ServiceEndpointAzureRMArgs {
      * The resource group used for scope of automatic service endpoint.
      */
     resourceGroup?: pulumi.Input<string>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    serviceEndpointAuthenticationScheme?: pulumi.Input<string>;
     /**
      * The Service Endpoint Name.
      */

package/serviceEndpointAzureRM.js

@@ -15,7 +15,7 @@ const utilities = require("./utilities");
  * For detailed steps to create a service principal with Azure cli see the [documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
  *
  * ## Example Usage
- * ### Manual AzureRM Service Endpoint (Subscription Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (Subscription Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -31,6 +31,7 @@ const utilities = require("./utilities");
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -40,7 +41,7 @@ const utilities = require("./utilities");
  *     azurermSubscriptionName: "Example Subscription Name",
  * });
  * ```
- * ### Manual AzureRM Service Endpoint (ManagementGroup Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (ManagementGroup Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -56,6 +57,7 @@ const utilities = require("./utilities");
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -65,7 +67,7 @@ const utilities = require("./utilities");
  *     azurermManagementGroupName: "managementGroup",
  * });
  * ```
- * ### Automatic AzureRM Service Endpoint
+ * ### Service Principal Automatic AzureRM Service Endpoint
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -79,6 +81,91 @@ const utilities = require("./utilities");
  * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Manual AzureRM Service Endpoint (Subscription Scoped)
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ * import * as azurerm from "@pulumi/azurerm";
+ *
+ * const serviceConnectionName = "example-federated-sc";
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ *     description: "Managed by Terraform",
+ * });
+ * const identity = new azurerm.index.Azurerm_resource_group("identity", {
+ *     name: "identity",
+ *     location: "UK South",
+ * });
+ * const exampleazurerm_user_assigned_identity = new azurerm.index.Azurerm_user_assigned_identity("exampleazurerm_user_assigned_identity", {
+ *     location: _var.location,
+ *     name: "example-identity",
+ *     resourceGroupName: "azurerm_resource_group.identity.name",
+ * });
+ * const exampleazurerm_federated_identity_credential = new azurerm.index.Azurerm_federated_identity_credential("exampleazurerm_federated_identity_credential", {
+ *     name: "example-federated-credential",
+ *     resourceGroupName: identity.name,
+ *     audience: ["api://AzureADTokenExchange"],
+ *     issuer: "https://app.vstoken.visualstudio.com",
+ *     parentId: exampleazurerm_user_assigned_identity.id,
+ *     subject: `sc://${_var.azure_devops_organisation}/${exampleProject.name}/${serviceConnectionName}`,
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: serviceConnectionName,
+ *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     credentials: {
+ *         serviceprincipalid: exampleazurerm_user_assigned_identity.clientId,
+ *     },
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Automatic AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Managed Identity AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ManagedServiceIdentity",
  *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionName: "Example Subscription Name",
@@ -135,6 +222,7 @@ class ServiceEndpointAzureRM extends pulumi.CustomResource {
             resourceInputs["environment"] = state ? state.environment : undefined;
             resourceInputs["projectId"] = state ? state.projectId : undefined;
             resourceInputs["resourceGroup"] = state ? state.resourceGroup : undefined;
+            resourceInputs["serviceEndpointAuthenticationScheme"] = state ? state.serviceEndpointAuthenticationScheme : undefined;
             resourceInputs["serviceEndpointName"] = state ? state.serviceEndpointName : undefined;
         }
         else {
@@ -159,6 +247,7 @@ class ServiceEndpointAzureRM extends pulumi.CustomResource {
             resourceInputs["environment"] = args ? args.environment : undefined;
             resourceInputs["projectId"] = args ? args.projectId : undefined;
             resourceInputs["resourceGroup"] = args ? args.resourceGroup : undefined;
+            resourceInputs["serviceEndpointAuthenticationScheme"] = args ? args.serviceEndpointAuthenticationScheme : undefined;
             resourceInputs["serviceEndpointName"] = args ? args.serviceEndpointName : undefined;
         }
         opts = pulumi.mergeOptions(utilities.resourceOptsDefaults(), opts);

package/serviceEndpointAzureRM.js.map

@@ -1 +1 @@
-{"version":3,"file":"serviceEndpointAzureRM.js","sourceRoot":"","sources":["../serviceEndpointAzureRM.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GA0FG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IA0DD,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,4BAA4B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;SACzF;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;aACrE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,mBAAmB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,6CAA6C,EAAE,CAAC,EAAE,CAAC;QACzF,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5C,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AAjIL,wDAkIC;AApHG,gBAAgB;AACO,mCAAY,GAAG,iEAAiE,CAAC"}
+{"version":3,"file":"serviceEndpointAzureRM.js","sourceRoot":"","sources":["../serviceEndpointAzureRM.ts"],"names":[],"mappings":";AAAA,wFAAwF;AACxF,iFAAiF;;;AAEjF,yCAAyC;AAGzC,yCAAyC;AAEzC;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;;GAiLG;AACH,MAAa,sBAAuB,SAAQ,MAAM,CAAC,cAAc;IAC7D;;;;;;;;OAQG;IACI,MAAM,CAAC,GAAG,CAAC,IAAY,EAAE,EAA2B,EAAE,KAAmC,EAAE,IAAmC;QACjI,OAAO,IAAI,sBAAsB,CAAC,IAAI,EAAO,KAAK,kCAAO,IAAI,KAAE,EAAE,EAAE,EAAE,IAAG,CAAC;IAC7E,CAAC;IAKD;;;OAGG;IACI,MAAM,CAAC,UAAU,CAAC,GAAQ;QAC7B,IAAI,GAAG,KAAK,SAAS,IAAI,GAAG,KAAK,IAAI,EAAE;YACnC,OAAO,KAAK,CAAC;SAChB;QACD,OAAO,GAAG,CAAC,cAAc,CAAC,KAAK,sBAAsB,CAAC,YAAY,CAAC;IACvE,CAAC;IAgED,YAAY,IAAY,EAAE,WAAsE,EAAE,IAAmC;QACjI,IAAI,cAAc,GAAkB,EAAE,CAAC;QACvC,IAAI,GAAG,IAAI,IAAI,EAAE,CAAC;QAClB,IAAI,IAAI,CAAC,EAAE,EAAE;YACT,MAAM,KAAK,GAAG,WAAsD,CAAC;YACrE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,0BAA0B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAChG,cAAc,CAAC,4BAA4B,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YACpG,cAAc,CAAC,oBAAoB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YACpF,cAAc,CAAC,uBAAuB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1F,cAAc,CAAC,yBAAyB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,aAAa,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACtE,cAAc,CAAC,WAAW,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAClE,cAAc,CAAC,eAAe,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YAC1E,cAAc,CAAC,qCAAqC,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mCAAmC,CAAC,CAAC,CAAC,SAAS,CAAC;YACtH,cAAc,CAAC,qBAAqB,CAAC,GAAG,KAAK,CAAC,CAAC,CAAC,KAAK,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;SACzF;aAAM;YACH,MAAM,IAAI,GAAG,WAAqD,CAAC;YACnE,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,kBAAkB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAC/D,MAAM,IAAI,KAAK,CAAC,gDAAgD,CAAC,CAAC;aACrE;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,SAAS,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBACtD,MAAM,IAAI,KAAK,CAAC,uCAAuC,CAAC,CAAC;aAC5D;YACD,IAAI,CAAC,CAAC,IAAI,IAAI,IAAI,CAAC,mBAAmB,KAAK,SAAS,CAAC,IAAI,CAAC,IAAI,CAAC,GAAG,EAAE;gBAChE,MAAM,IAAI,KAAK,CAAC,iDAAiD,CAAC,CAAC;aACtE;YACD,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,0BAA0B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,wBAAwB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC9F,cAAc,CAAC,4BAA4B,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,0BAA0B,CAAC,CAAC,CAAC,SAAS,CAAC;YAClG,cAAc,CAAC,oBAAoB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,CAAC,CAAC,SAAS,CAAC;YAClF,cAAc,CAAC,uBAAuB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,qBAAqB,CAAC,CAAC,CAAC,SAAS,CAAC;YACxF,cAAc,CAAC,yBAAyB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,uBAAuB,CAAC,CAAC,CAAC,SAAS,CAAC;YAC5F,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,aAAa,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,WAAW,CAAC,CAAC,CAAC,SAAS,CAAC;YACpE,cAAc,CAAC,WAAW,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,SAAS,CAAC,CAAC,CAAC,SAAS,CAAC;YAChE,cAAc,CAAC,eAAe,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC,CAAC,SAAS,CAAC;YACxE,cAAc,CAAC,qCAAqC,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mCAAmC,CAAC,CAAC,CAAC,SAAS,CAAC;YACpH,cAAc,CAAC,qBAAqB,CAAC,GAAG,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC,mBAAmB,CAAC,CAAC,CAAC,SAAS,CAAC;SACvF;QACD,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,SAAS,CAAC,oBAAoB,EAAE,EAAE,IAAI,CAAC,CAAC;QACnE,MAAM,SAAS,GAAG,EAAE,OAAO,EAAE,CAAC,EAAE,IAAI,EAAE,6CAA6C,EAAE,CAAC,EAAE,CAAC;QACzF,IAAI,GAAG,MAAM,CAAC,YAAY,CAAC,IAAI,EAAE,SAAS,CAAC,CAAC;QAC5C,KAAK,CAAC,sBAAsB,CAAC,YAAY,EAAE,IAAI,EAAE,cAAc,EAAE,IAAI,CAAC,CAAC;IAC3E,CAAC;;AAzIL,wDA0IC;AA5HG,gBAAgB;AACO,mCAAY,GAAG,iEAAiE,CAAC"}

package/serviceendpoint/azureRM.d.ts

@@ -11,7 +11,7 @@ import * as outputs from "../types/output";
  * For detailed steps to create a service principal with Azure cli see the [documentation](https://docs.microsoft.com/en-us/cli/azure/create-an-azure-service-principal-azure-cli?view=azure-cli-latest)
  *
  * ## Example Usage
- * ### Manual AzureRM Service Endpoint (Subscription Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (Subscription Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -27,6 +27,7 @@ import * as outputs from "../types/output";
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -36,7 +37,7 @@ import * as outputs from "../types/output";
  *     azurermSubscriptionName: "Example Subscription Name",
  * });
  * ```
- * ### Manual AzureRM Service Endpoint (ManagementGroup Scoped)
+ * ### Service Principal Manual AzureRM Service Endpoint (ManagementGroup Scoped)
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -52,6 +53,7 @@ import * as outputs from "../types/output";
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
  *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
  *     credentials: {
  *         serviceprincipalid: "00000000-0000-0000-0000-000000000000",
  *         serviceprincipalkey: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx",
@@ -61,7 +63,7 @@ import * as outputs from "../types/output";
  *     azurermManagementGroupName: "managementGroup",
  * });
  * ```
- * ### Automatic AzureRM Service Endpoint
+ * ### Service Principal Automatic AzureRM Service Endpoint
  *
  * ```typescript
  * import * as pulumi from "@pulumi/pulumi";
@@ -75,6 +77,91 @@ import * as outputs from "../types/output";
  * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
  *     projectId: exampleProject.id,
  *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ServicePrincipal",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Manual AzureRM Service Endpoint (Subscription Scoped)
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ * import * as azurerm from "@pulumi/azurerm";
+ *
+ * const serviceConnectionName = "example-federated-sc";
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ *     description: "Managed by Terraform",
+ * });
+ * const identity = new azurerm.index.Azurerm_resource_group("identity", {
+ *     name: "identity",
+ *     location: "UK South",
+ * });
+ * const exampleazurerm_user_assigned_identity = new azurerm.index.Azurerm_user_assigned_identity("exampleazurerm_user_assigned_identity", {
+ *     location: _var.location,
+ *     name: "example-identity",
+ *     resourceGroupName: "azurerm_resource_group.identity.name",
+ * });
+ * const exampleazurerm_federated_identity_credential = new azurerm.index.Azurerm_federated_identity_credential("exampleazurerm_federated_identity_credential", {
+ *     name: "example-federated-credential",
+ *     resourceGroupName: identity.name,
+ *     audience: ["api://AzureADTokenExchange"],
+ *     issuer: "https://app.vstoken.visualstudio.com",
+ *     parentId: exampleazurerm_user_assigned_identity.id,
+ *     subject: `sc://${_var.azure_devops_organisation}/${exampleProject.name}/${serviceConnectionName}`,
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: serviceConnectionName,
+ *     description: "Managed by Terraform",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     credentials: {
+ *         serviceprincipalid: exampleazurerm_user_assigned_identity.clientId,
+ *     },
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Workload Identity Federation Automatic AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "WorkloadIdentityFederation",
+ *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
+ *     azurermSubscriptionName: "Example Subscription Name",
+ * });
+ * ```
+ * ### Managed Identity AzureRM Service Endpoint
+ *
+ * ```typescript
+ * import * as pulumi from "@pulumi/pulumi";
+ * import * as azuredevops from "@pulumi/azuredevops";
+ *
+ * const exampleProject = new azuredevops.Project("exampleProject", {
+ *     visibility: "private",
+ *     versionControl: "Git",
+ *     workItemTemplate: "Agile",
+ * });
+ * const exampleServiceEndpointAzureRM = new azuredevops.ServiceEndpointAzureRM("exampleServiceEndpointAzureRM", {
+ *     projectId: exampleProject.id,
+ *     serviceEndpointName: "Example AzureRM",
+ *     serviceEndpointAuthenticationScheme: "ManagedServiceIdentity",
  *     azurermSpnTenantid: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionId: "00000000-0000-0000-0000-000000000000",
  *     azurermSubscriptionName: "Example Subscription Name",
@@ -155,6 +242,12 @@ export declare class AzureRM extends pulumi.CustomResource {
      * The resource group used for scope of automatic service endpoint.
      */
     readonly resourceGroup: pulumi.Output<string | undefined>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    readonly serviceEndpointAuthenticationScheme: pulumi.Output<string | undefined>;
     /**
      * The Service Endpoint Name.
      */
@@ -218,6 +311,12 @@ export interface AzureRMState {
      * The resource group used for scope of automatic service endpoint.
      */
     resourceGroup?: pulumi.Input<string>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    serviceEndpointAuthenticationScheme?: pulumi.Input<string>;
     /**
      * The Service Endpoint Name.
      */
@@ -272,6 +371,12 @@ export interface AzureRMArgs {
      * The resource group used for scope of automatic service endpoint.
      */
     resourceGroup?: pulumi.Input<string>;
+    /**
+     * Specifies the type of azurerm endpoint, either `WorkloadIdentityFederation`, `ManagedServiceIdentity` or `ServicePrincipal`. Defaults to `ServicePrincipal` for backwards compatibility.
+     *
+     * > **NOTE:** The `WorkloadIdentityFederation` authentication scheme is currently in private preview. Your organisation must be part of the preview and the feature toggle must be turned on to use it. More details can be found [here](https://aka.ms/azdo-rm-workload-identity).
+     */
+    serviceEndpointAuthenticationScheme?: pulumi.Input<string>;
     /**
      * The Service Endpoint Name.
      */