Resource: Git Integration

.changes/unreleased/added-20260403-122500.yaml

@@ -0,0 +1,5 @@
+kind: added
+body: Add Azure DevOps-backed Dataverse Git integration resources for environment bindings and solution branch bindings, including environment-scope solution enablement behavior and known authentication limitations.
+time: 2026-04-03T12:25:00Z
+custom:
+    Issue: "1104"

docs/resources/environment_git_integration.md

@@ -0,0 +1,101 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "powerplatform_environment_git_integration Resource - Power Platform"
+subcategory: ""
+description: |-
+  Manages the environment-level Dataverse Git repository binding. This maps to the documented sourcecontrolconfiguration Dataverse table and stores the repository connection metadata for an environment.
+  Known limitation: the underlying Power Platform Git integration bootstrap currently requires delegated user principal authentication with Azure DevOps access. Service principal, app-only, and OIDC pipeline identities are not currently supported by the backing Dataverse Git integration flow.
+---
+
+# powerplatform_environment_git_integration (Resource)
+
+Manages the environment-level Dataverse Git repository binding. This maps to the documented `sourcecontrolconfiguration` Dataverse table and stores the repository connection metadata for an environment.
+
+Known limitation: the underlying Power Platform Git integration bootstrap currently requires delegated user principal authentication with Azure DevOps access. Service principal, app-only, and OIDC pipeline identities are not currently supported by the backing Dataverse Git integration flow.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    powerplatform = {
+      source = "microsoft/power-platform"
+    }
+  }
+}
+
+provider "powerplatform" {
+  use_cli = true
+}
+
+# Known limitation: Dataverse Git integration currently works only with delegated
+# user principal authentication that also has Azure DevOps repository access.
+# Service principal, app-only, and OIDC pipeline identities are not supported.
+
+# Use `scope = "Environment"` to mirror the maker UI environment-level binding.
+# In this mode the provider manages the root Dataverse binding and proactively
+# enables eligible visible unmanaged solutions in the environment. Built-in
+# platform solutions are excluded automatically.
+resource "powerplatform_environment" "example" {
+  display_name     = var.environment_display_name
+  description      = "Example environment for validating Dataverse Git integration."
+  location         = var.location
+  azure_region     = var.azure_region
+  environment_type = "Sandbox"
+  dataverse = {
+    language_code     = "1033"
+    currency_code     = "USD"
+    security_group_id = var.security_group_id
+  }
+}
+
+resource "powerplatform_environment_git_integration" "example" {
+  environment_id    = powerplatform_environment.example.id
+  git_provider      = var.git_provider
+  scope             = var.scope
+  organization_name = var.organization_name
+  project_name      = var.project_name
+  repository_name   = var.repository_name
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `environment_id` (String) Environment ID of the Dataverse environment where the Git repository binding will be created.
+- `git_provider` (String) Git provider for the repository binding. Supported value is `AzureDevOps`.
+- `organization_name` (String) Organization or owner name for the configured Git provider.
+- `project_name` (String) Project name for the Azure DevOps repository binding.
+- `repository_name` (String) Repository name that the environment will bind to.
+- `scope` (String) Source control integration scope for the environment. Use `Solution` for solution-level branch bindings and `Environment` for an environment-level binding. In `Environment` scope, the provider manages the root branch binding and proactively enables eligible visible unmanaged solutions in the environment while excluding platform-owned default solutions.
+
+### Optional
+
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
+
+### Read-Only
+
+- `id` (String) Unique identifier of the Dataverse source control configuration.
+
+<a id="nestedatt--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+# Environment Git integration resources can be imported using the environment id (replace with a real environment id)
+terraform import powerplatform_environment_git_integration.example 00000000-0000-0000-0000-000000000000
+```

docs/resources/solution_git_branch.md

@@ -0,0 +1,152 @@
+---
+# generated by https://github.com/hashicorp/terraform-plugin-docs
+page_title: "powerplatform_solution_git_branch Resource - Power Platform"
+subcategory: ""
+description: |-
+  Manages a solution-level Dataverse Git branch binding. This maps to the documented sourcecontrolbranchconfiguration Dataverse table and links a solution partition to a branch and folder beneath an environment Git integration.
+  Known limitation: the underlying Power Platform Git integration bootstrap currently requires delegated user principal authentication with Azure DevOps access. Service principal, app-only, and OIDC pipeline identities are not currently supported by the backing Dataverse Git integration flow.
+---
+
+# powerplatform_solution_git_branch (Resource)
+
+Manages a solution-level Dataverse Git branch binding. This maps to the documented `sourcecontrolbranchconfiguration` Dataverse table and links a solution partition to a branch and folder beneath an environment Git integration.
+
+Known limitation: the underlying Power Platform Git integration bootstrap currently requires delegated user principal authentication with Azure DevOps access. Service principal, app-only, and OIDC pipeline identities are not currently supported by the backing Dataverse Git integration flow.
+
+## Example Usage
+
+```terraform
+terraform {
+  required_providers {
+    local = {
+      source  = "hashicorp/local"
+      version = "2.6.2"
+    }
+    powerplatform = {
+      source = "microsoft/power-platform"
+    }
+  }
+}
+
+provider "local" {}
+
+provider "powerplatform" {
+  use_cli = true
+}
+
+# Known limitation: Dataverse Git integration currently works only with delegated
+# user principal authentication that also has Azure DevOps repository access.
+# Service principal, app-only, and OIDC pipeline identities are not supported.
+
+resource "local_file" "solution_settings_file" {
+  filename = "${path.module}/solution_settings.json"
+  content  = <<EOF
+{
+  "EnvironmentVariables": [
+    {
+      "SchemaName": "cra6e_SolutionVariableDataSource",
+      "Value": "/sites/Shared Documents"
+    },
+    {
+      "SchemaName": "cra6e_SolutionVariableJson",
+      "Value": "{ \"value\": 1234, \"text\": \"abc\" }"
+    },
+    {
+      "SchemaName": "cra6e_SolutionVariableText",
+      "Value": "${powerplatform_environment.example.id}"
+    }
+  ],
+  "ConnectionReferences": [
+    {
+      "LogicalName": "cra6e_ConnectionReferenceSharePoint",
+      "ConnectionId": "00000000-0000-0000-0000-000000000000",
+      "ConnectorId": "/providers/Microsoft.PowerApps/apis/shared_sharepointonline"
+    }
+  ]
+}
+EOF
+}
+
+resource "powerplatform_environment" "example" {
+  display_name     = var.environment_display_name
+  description      = "Example environment for validating Dataverse Git branch bindings."
+  location         = var.location
+  azure_region     = var.azure_region
+  environment_type = "Sandbox"
+  dataverse = {
+    language_code     = "1033"
+    currency_code     = "USD"
+    security_group_id = var.security_group_id
+  }
+}
+
+resource "powerplatform_solution" "example" {
+  environment_id = powerplatform_environment.example.id
+  solution_file  = coalesce(var.solution_file, "${path.module}/../powerplatform_solution/TerraformTestSolution_Complex_1_1_0_0.zip")
+  settings_file  = local_file.solution_settings_file.filename
+}
+
+resource "powerplatform_environment_git_integration" "example" {
+  count = var.enable_git_binding ? 1 : 0
+
+  environment_id    = powerplatform_environment.example.id
+  git_provider      = var.git_provider
+  scope             = var.scope
+  organization_name = var.organization_name
+  project_name      = var.project_name
+  repository_name   = var.repository_name
+}
+
+resource "powerplatform_solution_git_branch" "example" {
+  count = var.enable_git_binding ? 1 : 0
+
+  environment_id       = powerplatform_environment.example.id
+  git_integration_id   = powerplatform_environment_git_integration.example[0].id
+  solution_id          = powerplatform_solution.example.id
+  branch_name          = var.branch_name
+  upstream_branch_name = var.upstream_branch_name
+  root_folder_path     = var.root_folder_path
+}
+```
+
+<!-- schema generated by tfplugindocs -->
+## Schema
+
+### Required
+
+- `branch_name` (String) Branch name to bind the solution partition to.
+- `environment_id` (String) Environment ID of the Dataverse environment where the branch binding exists.
+- `git_integration_id` (String) ID of the parent `powerplatform_environment_git_integration` resource.
+- `root_folder_path` (String) Repository folder path that stores the solution's files.
+- `solution_id` (String) ID of the existing `powerplatform_solution` resource to bind to the Git branch. This must use the provider solution ID format for the same environment.
+
+### Optional
+
+- `timeouts` (Attributes) (see [below for nested schema](#nestedatt--timeouts))
+- `upstream_branch_name` (String) Upstream branch name. When omitted, the provider will use the same value as `branch_name`.
+
+### Read-Only
+
+- `id` (String) Unique identifier of the Dataverse source control branch configuration.
+
+<a id="nestedatt--timeouts"></a>
+### Nested Schema for `timeouts`
+
+Optional:
+
+- `create` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+- `delete` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Setting a timeout for a Delete operation is only applicable if changes are saved into state before the destroy operation occurs.
+- `read` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours). Read operations occur during any refresh or planning operation when refresh is enabled.
+- `update` (String) A string that can be [parsed as a duration](https://pkg.go.dev/time#ParseDuration) consisting of numbers and unit suffixes, such as "30s" or "2h45m". Valid time units are "s" (seconds), "m" (minutes), "h" (hours).
+
+## Import
+
+Import is supported using the following syntax:
+
+The [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import) can be used, for example:
+
+```shell
+# Solution Git branch resources can be imported using environment_id/git_integration_id/solution_id
+# The final segment can be either the raw Dataverse solution id or the provider-formatted powerplatform_solution.id
+terraform import powerplatform_solution_git_branch.example 00000000-0000-0000-0000-000000000000/11111111-1111-1111-1111-111111111111/00000000-0000-0000-0000-000000000000_22222222-2222-2222-2222-222222222222
+```

examples/resources/powerplatform_environment_git_integration/import.sh

@@ -0,0 +1,2 @@
+# Environment Git integration resources can be imported using the environment id (replace with a real environment id)
+terraform import powerplatform_environment_git_integration.example 00000000-0000-0000-0000-000000000000

examples/resources/powerplatform_environment_git_integration/outputs.tf

@@ -0,0 +1,9 @@
+output "environment_id" {
+  description = "Unique identifier of the example environment."
+  value       = powerplatform_environment.example.id
+}
+
+output "git_integration_id" {
+  description = "Unique identifier of the environment Git integration binding."
+  value       = powerplatform_environment_git_integration.example.id
+}

examples/resources/powerplatform_environment_git_integration/resource.tf

@@ -0,0 +1,41 @@
+terraform {
+  required_providers {
+    powerplatform = {
+      source = "microsoft/power-platform"
+    }
+  }
+}
+
+provider "powerplatform" {
+  use_cli = true
+}
+
+# Known limitation: Dataverse Git integration currently works only with delegated
+# user principal authentication that also has Azure DevOps repository access.
+# Service principal, app-only, and OIDC pipeline identities are not supported.
+
+# Use `scope = "Environment"` to mirror the maker UI environment-level binding.
+# In this mode the provider manages the root Dataverse binding and proactively
+# enables eligible visible unmanaged solutions in the environment. Built-in
+# platform solutions are excluded automatically.
+resource "powerplatform_environment" "example" {
+  display_name     = var.environment_display_name
+  description      = "Example environment for validating Dataverse Git integration."
+  location         = var.location
+  azure_region     = var.azure_region
+  environment_type = "Sandbox"
+  dataverse = {
+    language_code     = "1033"
+    currency_code     = "USD"
+    security_group_id = var.security_group_id
+  }
+}
+
+resource "powerplatform_environment_git_integration" "example" {
+  environment_id    = powerplatform_environment.example.id
+  git_provider      = var.git_provider
+  scope             = var.scope
+  organization_name = var.organization_name
+  project_name      = var.project_name
+  repository_name   = var.repository_name
+}

examples/resources/powerplatform_environment_git_integration/variables.tf

@@ -0,0 +1,53 @@
+variable "environment_display_name" {
+  default     = "example-git-integration-environment"
+  description = "Display name of the example environment."
+  type        = string
+}
+
+variable "location" {
+  default     = "europe"
+  description = "Power Platform geography for the example environment."
+  type        = string
+}
+
+variable "azure_region" {
+  default     = "northeurope"
+  description = "Azure region for the Dataverse-backed example environment."
+  type        = string
+}
+
+variable "security_group_id" {
+  default     = "00000000-0000-0000-0000-000000000000"
+  description = "Security group ID for Dataverse provisioning. Use the zero GUID to disable."
+  type        = string
+}
+
+variable "git_provider" {
+  default     = "AzureDevOps"
+  description = "Git provider to bind. Supported value is AzureDevOps."
+  type        = string
+}
+
+variable "scope" {
+  default     = "Environment"
+  description = "Source control integration scope. Use Environment for environment-scoped bindings or Solution when pairing with powerplatform_solution_git_branch."
+  type        = string
+}
+
+variable "organization_name" {
+  default     = "example-org"
+  description = "Git organization or owner name."
+  type        = string
+}
+
+variable "project_name" {
+  default     = "example-project"
+  description = "Git project name used for Azure DevOps bindings."
+  type        = string
+}
+
+variable "repository_name" {
+  default     = "example-repo"
+  description = "Git repository name to bind to the environment."
+  type        = string
+}

examples/resources/powerplatform_solution_git_branch/import.sh

@@ -0,0 +1,3 @@
+# Solution Git branch resources can be imported using environment_id/git_integration_id/solution_id
+# The final segment can be either the raw Dataverse solution id or the provider-formatted powerplatform_solution.id
+terraform import powerplatform_solution_git_branch.example 00000000-0000-0000-0000-000000000000/11111111-1111-1111-1111-111111111111/00000000-0000-0000-0000-000000000000_22222222-2222-2222-2222-222222222222

examples/resources/powerplatform_solution_git_branch/outputs.tf

@@ -0,0 +1,19 @@
+output "environment_id" {
+  description = "Unique identifier of the example environment."
+  value       = powerplatform_environment.example.id
+}
+
+output "solution_id" {
+  description = "Provider-formatted ID of the example unmanaged solution."
+  value       = powerplatform_solution.example.id
+}
+
+output "git_integration_id" {
+  description = "Unique identifier of the environment Git integration binding, if enabled."
+  value       = try(powerplatform_environment_git_integration.example[0].id, null)
+}
+
+output "solution_git_branch_id" {
+  description = "Unique identifier of the solution Git branch binding, if enabled."
+  value       = try(powerplatform_solution_git_branch.example[0].id, null)
+}