0

I'm trying to automate Azure resource creation using out-of-the-box Terraform via Azure DevOps, but for some parts I need Powershell. That's fine, as there is this local-exec thing I can use.

The Powershell scripts work fine when I run them locally on Terraform, but running everything from Azure DevOps I get this login error: Run Connect-AzAccount to login

I have a DevOps service principal running the release definition, but it seems the context of the Terraform process is not propagated to the execution of the Powershell script?

I don't want to extract the Powershell stuff from the Terraform script, to run it as a separate DevOps task as this is one of the sequence steps of my deployment.

What can I do to make this work?

Improve this question

1 Answer 1

Reset to default
1

I'm not sure whose task you are using for Terraform, but I am able to do the following in my externally called PowerShell script:

$subscriptionId = $env:ARM_SUBSCRIPTION_ID
$tenantId = $env:ARM_TENANT_ID
$clientId = $env:ARM_CLIENT_ID
$secret = $env:ARM_CLIENT_SECRET

I'm using the az cli, so I then run this command

az.cmd login --service-principal --username $clientId --password $secret --tenant $tenantId --output none

But you should be able to also run:

$securesecret = ConvertTo-SecureString -String $secret -AsPlainText -Force
$Credential = New-Object pscredential($clientId,$securesecret)
Connect-AzAccount -Credential $Credential -Tenant $tenantId -ServicePrincipal
Select-AzSubscription $subscriptionId
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks a lot, this indeed works! To make it not too easy for me you added a typo in ConvertTo-SecureString ;-)
@Jean-PaulSmit Doh!! : ) Fixed.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.