You can specify your Azure subscription directly in the release pipeline task, or you can use an organizational account or a Service Principal and configure a Service connection in Azure DevOps. In this post will see how Service Principal can be created.
Tools which can be used to create Service Principal in Azure:
- Using Azure PowerShell
- Using Azure Portal
- Using Azure CLI 2.0 Portal
Irrespective of the tool choice commands remain same. There are two types of authentication available for service principals: Password-based authentication, and certificate-based authentication. This post we will be looking at Password-based authentication.
Steps
- Log into Azure by running the below command. When prompted, open the browser and login with Microsoft credentials.
az login
2. Create a Service Principal by running the following command. The output displayed will be similar to the screenshot below.
az ad sp create-for-rbac — name <http://AzureDevOps>
Note: AppId and Password from this step which will be used in future steps
3. Role assignment for the Service Principal. The output displayed will be similar to the screenshot below. Output should display the role definition what we have provided.
az role assignment create — assignee <AppId> — role Contributor
If you are receiving null information back after running this command, you can also check in the azure Portal by logging into your azure subscription and in the Azure Portal going to Subscriptions > Access control (IAM).
4. Log in with the Service Principal to verify if the access is working fine by running the following command. Use the values from Step 2 for AppId, Password and Tenant_ID.
az login — service-principal — username <App_Id> — password <Password> — tenant <TENANT_ID>
