This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <# | |
| .SYNOPSIS | |
| Creates a service connection for a subscription | |
| Please ensure you are already logged to azure using az login | |
| #> | |
| param( | |
| # Azure DevOps Personal Access Token (PAT) for the 'https://dev.azure.com/[ORG]' Azure DevOps tenancy | |
| [Parameter(Mandatory)] | |
| [string] | |
| $PersonalAccessToken, | |
| # The Azure DevOps organisation to create the service connection in, available from System.TeamFoundationCollectionUri if running from pipeline. | |
| [string] | |
| $TeamFoundationCollectionUri = $($Env:System_TeamFoundationCollectionUri -replace '%20', ' '), | |
| # The name of the project to which this build or release belongs, available from $(System.TeamProject) if running from pipeline | |
| [string] | |
| $TeamProject = $Env:System_TeamProject, | |
| [string] | |
| $AppRegistrationName, | |
| [securestring] | |
| $AppPassword | |
| ) | |
| $ErrorActionPreference = 'Stop' | |
| $InformationPreference = 'Continue' | |
| $account = az account show | ConvertFrom-Json | |
| #Clearing default. | |
| az configure --defaults group= | |
| $Env:AZURE_DEVOPS_EXT_PAT = $PersonalAccessToken | |
| Write-Information -MessageData:"Adding Azure DevOps Extension..." | |
| az extension add --name azure-devops | |
| Write-Information -MessageData "Configure defaults Organization:$TeamFoundationCollectionUri ..." | |
| az devops configure --defaults organization="$TeamFoundationCollectionUri" | |
| Write-Information -MessageData "Getting App Registration: $AppRegistrationName..." | |
| $AppReg = az ad app list --all --query "[?displayName == '$AppRegistrationName']" | ConvertFrom-Json | |
| Write-Information -MessageData "Give App Registration Contributor access to Subscription..." | |
| az role assignment create --role 'Contributor' --assignee $($AppReg.appId) | |
| Write-Information -MessageData "Checking if $TeamProject project exists..." | |
| $ProjectDetails = az devops project list --query "value[?name == '$TeamProject']" | ConvertFrom-Json | |
| if(-not $ProjectDetails){ | |
| Write-Information -MessageData "Creating $TeamProject project..." | |
| $ProjectDetails = az devops project create --name $TeamProject | |
| } | |
| Write-Information -MessageData "Checking if service endpoint already exists..." | |
| $ServiceEndpoint = az devops service-endpoint list --project "$TeamProject" --query "[?name == '$($AppReg.DisplayName)-Subscription']" | Select-Object -First 1 | ConvertFrom-Json | |
| if(-not $ServiceEndpoint){ | |
| Write-Information -MessageData "Creating Service Connection name:$($AppReg.DisplayName)-Subscription for project $TeamProject..." | |
| $Env:AZURE_DEVOPS_EXT_AZURE_RM_SERVICE_PRINCIPAL_KEY = $(ConvertFrom-SecureString -SecureString:$AppPassword -AsPlainText) | |
| $ServiceEndpoint = az devops service-endpoint azurerm create --project "$TeamProject" --name "$($AppReg.DisplayName)-Subscription" --azure-rm-service-principal-id "$($AppReg.appId)" --azure-rm-subscription-id "$($Account.id)" --azure-rm-subscription-name "$($Account.name)" --azure-rm-tenant-id "$($Account.tenantId)" | ConvertFrom-Json | |
| } | |
| Write-Information -MessageData "Updating Service Connection to be enabled for all pipelines..." | |
| az devops service-endpoint update --project "$TeamProject" --id "$($ServiceEndpoint.id)" --enable-for-all true | Out-Null |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment