stackoom
  简体   繁体   中英

Accessing Azure Service Prinicpal details from a VSTS release

 原文  2017-03-17 08:00:36       powershell/ security/ azure/ azure-pipelines-release-pipeline/ azure-devops-rest-api

Question

Whilst we're able to use the Powershell Azure task in VSTS for a release, we also sometimes run F# scripts for releases, and as part of that, we want to deploy assets to Azure using a service principal. We already have the SP registered in VSTS, and Powershell can get to it - but is there a way for eg raw command line etc. to get to the Tenant Id etc. etc. so that we can manually use them? For example, as environment variables?

The only other alternative we have is to manually copy the tenant id etc. across to the release as build variables but this looks like a workaround to me.

1 answers

solution1
 2 ACCPTED  2017-03-17 09:26:01

Yes, you can get the related information (eg Tenant Id) in a custom build/release step/task.

More information about build extension, you can refer to: Add a build task .

If you don't know how to achieve it, you can refer to these steps to get all source code of Azure PowerShell step/task.

  1. Set up a on premise build agent: Deploy an agent on Windows
  2. Create a build/release definition
  3. Add Azure PowerShell step/task and config it
  4. Queue this build/release
  5. Log on your build agent machine, check the Azure PowerShell step/task in [agent folder]\\tasks\\AzurePowerShell

The simple build/release step/task extension:

Files: 

 AzureCustomTask

    Ps_modules (can be found in the Azure PowerShell step/task folder, refer to previous steps)

    Test.ps1

    Icon.png

    Task.json

Test.ps1 code: 

$serviceNameInput = Get-VstsInput -Name ConnectedServiceNameSelector -Default 'ConnectedServiceName'
 Write-Host $serviceNameInput
 $serviceName = Get-VstsInput -Name $serviceNameInput -Default (Get-VstsInput -Name DeploymentEnvironmentName)

 Write-Host $serviceName
        if (!$serviceName) {
            # Let the task SDK throw an error message if the input isn't defined.
            Get-VstsInput -Name $serviceNameInput -Require
        }

        $endpoint = Get-VstsEndpoint -Name $serviceName -Require

        Write-Host $endpoint.Auth.Parameters.TenantId

Part code in task.json (input box to select subscription): 

"inputs": [
    {
      "name": "ConnectedServiceName",
      "type": "connectedService:AzureRM",
      "label": "Azure RM Subscription",
      "defaultValue": "",
      "required": true,
      "helpMarkDown": "Select the Azure Resource Manager subscription for the deployment."
    },
....

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use Service Principal in Azure CLI in VSTS Release Definition Modify Azure AppService ipsecurity during release from VSTS Building a release flow in VSTS for a micro service architecture Getting the Secret of a Service Prinicpal in YAML Pipeline (Terraform) VSTS get the user's group from a release Runspaces and Jobs in VSTS hosted agent release Azure Powershell script VSTS Release Azure Powershell task fails when calling New-AzureStorageTable cmdlet How can one use Azure Service Connection in Azure DevOps Server 2019 (on-prem) to run terraform from a script running in a release stage? Azure KeyVault Access Policies - Adding App Service using Powershell and VSTS How might I assign a service principal to an AAD group in my hosted VSTS release pipeline using PowerShell?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM