I have already created a service connection between existing subscription and ADO.
Problem statement 1:
I am running a simple ADO job which has just one Azure cli step. In the step I have checked the option to "Access service principal details in script". The inline script has just one statement
echo $servicePrincipalId
This works fine when I run in an ubuntu Agent but fails when I run using vs2017-win2016 server. Since we need to use windows agent could someone advice how to get this working?
Problem statement 2:
Once I get the service principal ie $servicePrincipalId I need to set this as an environmental variable so as to use this in my application (next step in pipeline) which reads of environmental variables.
Please could someone help?
Thanks.
Related
I have been trying for a few days on how to use an environment secret variable set in azure pipelines.
Here is source code where I get the environment variable value.
Here is the .env file I used with the value
Below is the TEST word successfully shown when I try to run in vscode via yarn start.
I setup environment variable and set variable as secret in the azure pipeline.
I followed some microsoft tutorial as well as some other answers here in stackoverflow.
I setup powershell task in azure pipelines to get secret variable.
All task run successfully. All task for IIS Deployment also run successfully.
But when I open the web app in the II Server, the result is TEST is not displayed at all.
Heading
If I use the pipeline variable as plaintext instead of secret, TEST is successfully displayed.
Did someone encountered this before and solved it?
I've created a task group which deploys an Azure Function App which normally in a normal release pipeline (not a task group), it gives you the option of naming this variable on the panel which opens on the right hand side:
output variable
But when an azure function app task is contained within a task group, it gives you no option to create an output variable.
I was wondering if theres a way I can capture that output variable so I can later use it as a variable in a later task within the same task group?
You will find your variable but under slightly different name.
Assuming you have one FunctionApp in yout ask group you will get it via this variable
AZUREFUNCTIONAPP_APPSERVICEAPPLICATIONURL
To be sure please display all env variables. For Ubuntu you can add bash script with this command
env | sort
For more information please check this GitHub issue.
I have a powershell script in order to make a backup of a SQL Database. I run the script locally, i run the script on TFS release phase with Powershell Script (not the azure powershell task), and everything went well.
Now, i want it to run it with the Azure PowerShell script: InlineScript because i want to remove the login part from my powershell. I saved the username \ password in the variables in order to login and i want to get rid of that
This is the script :
Please notice that i put the Login-AzureRmAccount because of the error. After this, i'm still getting it.
Error message:
[error]Showing a modal dialog box or form when the application is not running in UserInteractive mode is not a valid operation. Specify the ServiceNotification or DefaultDesktopOnly style to display a notification from a service application.
[error]Run Login-AzureRmAccount to login.
As mentioned above please change the dropdown to "Azure Resource Manager" because in Azure classic this command will translate to Start-AzureSqlDatabaseCopy which does not have all the options available
https://learn.microsoft.com/en-us/powershell/module/servicemanagement/azure/start-azuresqldatabasecopy?view=azuresmps-4.0.0
Am working on Azure Resource Manager Templates(ARM Templates) and VSTS CI&CD. With the help of ARM Templates, I want to deploy AKS (Azure kubernete Service). So before going to deploy, I need to validate my ARM Template in the CI-Build by applying a PowerShell task. But here, at the time of validating my ARM Template “It’s not stopping CI-Build even when the validation fails”. Its giving output as “Validation Completed” as shown in the below picture . Is there any solution to resolve this issue, i.e. I wanted to stop my CI-Build running if any validation fails.
Not sure how does your powershell script look like. But according to the screenshot, the powershell script is executed successfully without any error code return. You can update your powershell script to check the validate result and set the exit code to "1" if the result is "InvalidTemplate". This will make the powershell task fail when the template is valid.
Looks like the resource is defined multiple times in the template. You can remove it and its always a good practice from the PowerShell script to use Test-AzureRmResourceGroupDeployment and validate if the template is valid and has obtained all its parameters and then deploy using New-AzureRmResourceGroupDeployment
Like Eddie said you can try this inside a try{} catch block and return an exception or an exit code to make the VSTS Build pipeline fail, if the script fails.
I'm trying to deploy an HDInsight cluster using an ARM template via Visual Studio. I've created an Azure Resource Group project in Visual Studio 2015, and added my resource definitions to the template JSON files.
However when I've gone to deploy it (by right-clicking the project, choosing Deploy -> New Deployment, entering my parameters), the output of Visual Studio shows (I've snipped out some boring stuff):
17:19:23 - Build started.
17:19:23 - Project "LaunchHdInsightCluster.deployproj" (StageArtifacts target(s)):
[snip]
17:20:27 - [VERBOSE] 17:20:27 - Resource Microsoft.HDInsight/clusters 'groupbhdinsight' provisioning status is running
17:31:06 - [ERROR] New-AzureRmResourceGroupDeployment : ExpiredAuthenticationToken: The access token expiry UTC time '3/14/2016 5:31:06 PM' is earlier than current UTC time '3/14/2016 5:31:07 PM'.
Note that the deploy only ran for 12 minutes before the access token expired - obviously for deploying an HDInsight cluster this is a problem (takes on average 20 minutes).
I'm just trying to understand what's going on under the hood here, as I can't find documentation for this. i.e:
What creates the access token and how? How long does it last for? I wasn't asked for any Azure creds when deploying - I'm assuming it must be the fact that I'm signed into Visual Studio using the same account I use in Azure, and it 'borrows' the authentication session, but this is just a guess
What determines the expiry time of the access token so I can prevent this happening again?
How do I refresh my authentication token?
What's happening here is that the Azure Resource Group deployment in VS uses the PowerShell Script in the project to do deployment (even though the output is hosted in VS, we use that PS script to do the work). The PowerShell script is authenticated by using the token from your VS sign in. That token is only good for an hour and then VS will refresh it. Once it's handed off to PowerShell though, PowerShell doesn't automatically refresh it. So if you have the token for 59 minutes, it's going to expire soon after you start the deployment. The token could last for an hour, or anything less than that. We're working on a fix for this (i.e. have PowerShell automatically refresh the token) but that's a month or so out yet. See: https://github.com/Azure/azure-powershell/issues/1068
Workarounds: Unfortunately there's no good work around from VS. But...
As observed the deployment will continue just fine in Azure, it's just that VS/PS can no longer poll for status. You can monitor the deployment via the portal or PowerShell.
If you drop to PowerShell and run the script, PowerShell will automatically refresh the token when you login with credentials - you can get the exact command that VS runs by sifting through the output window - this doc also gives an overview of running the script manually: https://azure.microsoft.com/en-us/documentation/articles/vs-azure-tools-resource-groups-how-script-works/
Hope that helps...
I bet it was a transient issue. I retried deployment (needed to modify my ARM template) and now it succeeded.
Please check your Azure Resource Group in the portal. You will likely have your resources up and running.
#Cleverguy25 provided an explanation of how I believe the deployment process work.
I am not sure, but I believe that the New-AzureRmResourceGroupDeployment uploads your template file and sets up a deployment to happen in the cloud. Then it queries the deployment to see if it is done and outputs the resources as they are created. Obviously those queries error when the token expires. But the deployment should continue.
You could ignore this error and query the deployment or resource group yourself, to see when it is done.
I follow this post, and simply execute 'Clear-AzureRmContext' this command, then reconnect to Azure, using 'connect-AzAccount', the issue resolved.
https://github.com/Azure/azure-powershell/issues/6585
Open a new powershell and get the current metadata used to authenticate Azure Resource Manager requests using Clear-AzureRmContext.
This worked the magic for me.