moritzkoerber/stack.tf

## stack.tf
terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">=3.81.0"
    }
    azuredevops = {
      source  = "microsoft/azuredevops"
      version = ">= 0.10.0"
    }
  }
}

provider "azurerm" {
  features {}
}

provider "azuredevops" {
  org_service_url       = "https://dev.azure.com/your-organization"
  personal_access_token = ""
}

resource "azurerm_user_assigned_identity" "managed_identity" {
  name                = "choose-a-name" # e.g. deploy-identity
  resource_group_name = "your-resource-group"
  location            = "your-resource-group-location"
}

resource "azuredevops_serviceendpoint_azurerm" "ado_se" {
  project_id                             = "your-ado-project-id"
  service_endpoint_name                  = "choose-a-name" # e.g. "deploy-federated-sc"
  description                            = "Managed by Terraform"
  service_endpoint_authentication_scheme = "WorkloadIdentityFederation"
  credentials {
    serviceprincipalid = azurerm_user_assigned_identity.managed_identity.client_id
  }
  azurerm_spn_tenantid      = "your-tenant-id"
  azurerm_subscription_id   = "your-subscription-id"
  azurerm_subscription_name = "your-subscription-name"
}

resource "azurerm_federated_identity_credential" "fe_creds" {
  name                = "choose-a-name" # e.g.,"deploy-federated-credential"
  resource_group_name = azurerm_resource_group.identity.name
  parent_id           = azurerm_user_assigned_identity.managed_identity.id
  audience            = ["api://AzureADTokenExchange"]
  issuer              = azuredevops_serviceendpoint_azurerm.ado_se.workload_identity_federation_issuer
  subject             = azuredevops_serviceendpoint_azurerm.ado_se.workload_identity_federation_subject
}
	terraform {
	required_providers {
	azurerm = {
	source = "hashicorp/azurerm"
	version = ">=3.81.0"
	}
	azuredevops = {
	source = "microsoft/azuredevops"
	version = ">= 0.10.0"
	}
	}
	}

	provider "azurerm" {
	features {}
	}

	provider "azuredevops" {
	org_service_url = "https://dev.azure.com/your-organization"
	personal_access_token = ""
	}

	resource "azurerm_user_assigned_identity" "managed_identity" {
	name = "choose-a-name" # e.g. deploy-identity
	resource_group_name = "your-resource-group"
	location = "your-resource-group-location"
	}

	resource "azuredevops_serviceendpoint_azurerm" "ado_se" {
	project_id = "your-ado-project-id"
	service_endpoint_name = "choose-a-name" # e.g. "deploy-federated-sc"
	description = "Managed by Terraform"
	service_endpoint_authentication_scheme = "WorkloadIdentityFederation"
	credentials {
	serviceprincipalid = azurerm_user_assigned_identity.managed_identity.client_id
	}
	azurerm_spn_tenantid = "your-tenant-id"
	azurerm_subscription_id = "your-subscription-id"
	azurerm_subscription_name = "your-subscription-name"
	}

	resource "azurerm_federated_identity_credential" "fe_creds" {
	name = "choose-a-name" # e.g.,"deploy-federated-credential"
	resource_group_name = azurerm_resource_group.identity.name
	parent_id = azurerm_user_assigned_identity.managed_identity.id
	audience = ["api://AzureADTokenExchange"]
	issuer = azuredevops_serviceendpoint_azurerm.ado_se.workload_identity_federation_issuer
	subject = azuredevops_serviceendpoint_azurerm.ado_se.workload_identity_federation_subject
	}