Azure-Samples · promisinganuj · Jan 2, 2025 · Dec 24, 2024 · Dec 24, 2024 · Dec 24, 2024
diff --git a/e2e_samples/fabric_dataops_sample/README.md b/e2e_samples/fabric_dataops_sample/README.md
@@ -79,6 +79,8 @@ Here is a list of resources that are deployed:
   - Microsoft Fabric Environment
   - Microsoft Fabric Notebooks
   - Microsoft Fabric Data pipelines
+- Azure DevOps Resources
+  - Variable Group
 - Additional Resources
   - Fabric workspace GIT integration
   - Azure Role assignments to entra security group and workspace identity
@@ -118,7 +120,7 @@ Here is a list of resources that are deployed:
   - terraform
   - python version 3.9+ with `requests` package installed
 - Access to an Azure DevOps organization and project:
-  - Contributor permissions to an Azure Repo in such Azure DevOps environment.
+  - Contributor permissions to an Azure Repo in such Azure DevOps environment. The service principal or managed identity requires Contributor permissions as well. Refer to the [documentation](https://learn.microsoft.com/azure/devops/organizations/security/add-users-team-project#add-users-or-groups-to-a-project) for more details.
   - A branch and a folder in the repository where the Fabric items will be committed. The folder must already exist.
 
 ### Familiarize yourself with known issues, limitations, and workarounds
@@ -230,6 +232,7 @@ Once the deployment is complete, you can verify the resources created in the Azu
 | Azure - Log Analytics workspace | 'la-`BASE_NAME`' | Terraform |
 | Azure - Application Insights | 'appi-`BASE_NAME`' | Terraform |
 | Azure - Fabric Capacity | 'cap`BASE_NAME`' | Terraform |
+| Azure DevOps - Variable Group | 'vg-`BASE_NAME`-`ENVIRONMENT_NAME`' | Terraform |
 | Microsoft Fabric - Workspace | 'ws-`BASE_NAME`' | Terraform |
 | Microsoft Fabric - Lakehouse | 'lh_`BASE_NAME`' | Terraform |
 | Microsoft Fabric - Cloud Connection | 'conn-adls-st`BASE_NAME`' | Fabric REST API |

diff --git a/e2e_samples/fabric_dataops_sample/infrastructure/terraform/data.tf b/e2e_samples/fabric_dataops_sample/infrastructure/terraform/data.tf
@@ -14,3 +14,7 @@ data "azuread_group" "fabric_workspace_admin" {
   display_name     = var.fabric_workspace_admin_sg_name
   security_enabled = true
 }
+
+data "azuredevops_project" "git_project" {
+  name = var.git_project_name
+}
diff --git a/e2e_samples/fabric_dataops_sample/infrastructure/terraform/locals.tf b/e2e_samples/fabric_dataops_sample/infrastructure/terraform/locals.tf
@@ -25,4 +25,5 @@ locals {
   fabric_environment_name              = "env-${local.base_name}"
   fabric_custom_pool_name              = "sprk-${local.base_name}"
   fabric_runtime_version               = "1.3"
+  git_variable_group_name              = "vg-${local.base_name}-${var.environment_name}"
 }
diff --git a/e2e_samples/fabric_dataops_sample/infrastructure/terraform/main.tf b/e2e_samples/fabric_dataops_sample/infrastructure/terraform/main.tf
@@ -213,3 +213,12 @@ module "fabric_workspace_git_integration" {
 
   depends_on = [module.fabric_data_pipeline]
 }
+
+module "azure_devops_variable_group" {
+  source                           = "./modules/azure_devops/variable_group"
+  azure_devops_project_id          = data.azuredevops_project.git_project.id
+  azure_devops_variable_group_name = local.git_variable_group_name
+  azure_devops_variable_group_variables = {
+    "key_vault_name" = module.keyvault.keyvault_name # Needs at least one variable
+  }
+}
diff --git a/...abric_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/main.tf b/...abric_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/main.tf
@@ -0,0 +1,13 @@
+resource "azuredevops_variable_group" "vargroup" {
+  project_id   = var.azure_devops_project_id
+  name         = var.azure_devops_variable_group_name
+  allow_access = true
+
+  dynamic "variable" {
+    for_each = var.azure_devops_variable_group_variables
+    content {
+      name  = variable.key
+      value = variable.value
+    }
+  }
+}
diff --git a/...ic_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/outputs.tf b/...ic_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/outputs.tf
@@ -0,0 +1,4 @@
+output "variable_group_id" {
+  description = "The ID of the created Azure DevOps variable group"
+  value       = azuredevops_variable_group.vargroup.id
+}
diff --git a/..._dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/variables.tf b/..._dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/variables.tf
@@ -0,0 +1,14 @@
+variable "azure_devops_project_id" {
+  description = "Azure DevOps project id"
+  type        = string
+}
+
+variable "azure_devops_variable_group_name" {
+  description = "Azure DevOps project name"
+  type        = string
+}
+
+variable "azure_devops_variable_group_variables" {
+  description = "Azure DevOps project variables"
+  type        = map(string)
+}
diff --git a/...c_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/versions.tf b/...c_dataops_sample/infrastructure/terraform/modules/azure_devops/variable_group/versions.tf
@@ -0,0 +1,10 @@
+terraform {
+  required_version = ">= 1.9.8, < 2.0"
+
+  required_providers {
+    azuredevops = {
+      source  = "microsoft/azuredevops"
+      version = "= 1.5.0"
+    }
+  }
+}
diff --git a/e2e_samples/fabric_dataops_sample/infrastructure/terraform/providers.tf b/e2e_samples/fabric_dataops_sample/infrastructure/terraform/providers.tf
@@ -27,3 +27,11 @@ provider "azurerm" {
     }
   }
 }
+
+provider "azuredevops" {
+  org_service_url = "https://dev.azure.com/${var.git_organization_name}"
+  tenant_id       = var.use_msi ? null : var.tenant_id
+  client_id       = var.use_msi ? null : var.client_id
+  client_secret   = var.use_msi ? null : var.client_secret
+  use_msi         = var.use_msi
+}
diff --git a/e2e_samples/fabric_dataops_sample/infrastructure/terraform/versions.tf b/e2e_samples/fabric_dataops_sample/infrastructure/terraform/versions.tf
@@ -14,6 +14,10 @@ terraform {
       source  = "hashicorp/azuread"
       version = "3.0.2"
     }
+    azuredevops = {
+      source  = "microsoft/azuredevops"
+      version = "1.5.0"
+    }
     random = {
       source  = "hashicorp/random"
       version = "3.6.2"

diff --git a/e2e_samples/fabric_dataops_sample/scripts/deploy_infrastructure.sh b/e2e_samples/fabric_dataops_sample/scripts/deploy_infrastructure.sh
@@ -10,7 +10,7 @@ set -o errexit
 #######################################################
 
 ## Environment variables
-environment="$ENVIRONMENT_NAME"
+environment_name="$ENVIRONMENT_NAME"
 tenant_id="$TENANT_ID"
 subscription_id="$SUBSCRIPTION_ID"
 resource_group_name="$RESOURCE_GROUP_NAME"
@@ -96,7 +96,7 @@ deploy_terraform_resources() {
     -auto-approve \
     -var "use_cli=$use_cli" \
     -var "use_msi=$use_msi" \
-    -var "environment_name=$environment" \
+    -var "environment_name=$environment_name" \
     -var "tenant_id=$tenant_id" \
     -var "subscription_id=$subscription_id" \
     -var "resource_group_name=$resource_group_name" \