Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
Creates a service connection for a subscription
Please ensure you are already logged to azure using az login
# Azure DevOps Personal Access Token (PAT) for the '[ORG]' Azure DevOps tenancy
# The Azure DevOps organisation to create the service connection in, available from System.TeamFoundationCollectionUri if running from pipeline.
$TeamFoundationCollectionUri = $($Env:System_TeamFoundationCollectionUri -replace '%20', ' '),
# The name of the project to which this build or release belongs, available from $(System.TeamProject) if running from pipeline
$TeamProject = $Env:System_TeamProject,
$ErrorActionPreference = 'Stop'
$InformationPreference = 'Continue'
$account = az account show | ConvertFrom-Json
#Clearing default.
az configure --defaults group=
$Env:AZURE_DEVOPS_EXT_PAT = $PersonalAccessToken
Write-Information -MessageData:"Adding Azure DevOps Extension..."
az extension add --name azure-devops
Write-Information -MessageData "Configure defaults Organization:$TeamFoundationCollectionUri ..."
az devops configure --defaults organization="$TeamFoundationCollectionUri"
Write-Information -MessageData "Getting App Registration: $AppRegistrationName..."
$AppReg = az ad app list --all --query "[?displayName == '$AppRegistrationName']" | ConvertFrom-Json
Write-Information -MessageData "Give App Registration Contributor access to Subscription..."
az role assignment create --role 'Contributor' --assignee $($AppReg.appId)
Write-Information -MessageData "Checking if $TeamProject project exists..."
$ProjectDetails = az devops project list --query "value[?name == '$TeamProject']" | ConvertFrom-Json
if(-not $ProjectDetails){
Write-Information -MessageData "Creating $TeamProject project..."
$ProjectDetails = az devops project create --name $TeamProject
Write-Information -MessageData "Checking if service endpoint already exists..."
$ServiceEndpoint = az devops service-endpoint list --project "$TeamProject" --query "[?name == '$($AppReg.DisplayName)-Subscription']" | Select-Object -First 1 | ConvertFrom-Json
if(-not $ServiceEndpoint){
Write-Information -MessageData "Creating Service Connection name:$($AppReg.DisplayName)-Subscription for project $TeamProject..."
$Env:AZURE_DEVOPS_EXT_AZURE_RM_SERVICE_PRINCIPAL_KEY = $(ConvertFrom-SecureString -SecureString:$AppPassword -AsPlainText)
$ServiceEndpoint = az devops service-endpoint azurerm create --project "$TeamProject" --name "$($AppReg.DisplayName)-Subscription" --azure-rm-service-principal-id "$($AppReg.appId)" --azure-rm-subscription-id "$($" --azure-rm-subscription-name "$($" --azure-rm-tenant-id "$($Account.tenantId)" | ConvertFrom-Json
Write-Information -MessageData "Updating Service Connection to be enabled for all pipelines..."
az devops service-endpoint update --project "$TeamProject" --id "$($" --enable-for-all true | Out-Null
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment