For me I had to run a project .net project (Core.Db.dll) during pipeline and it need connection string to seed specific data after deploying my database.
Service Principal as SQL User
add the service principal name as an User in you database.
-- Run as SQL admin
CREATE USER [service-principal-name] FROM EXTERNAL PROVIDER;
ALTER ROLE db_datareader ADD MEMBER [service-principal-name];
ALTER ROLE db_datawriter ADD MEMBER [service-principal-name];
ALTER ROLE db_ddladmin ADD MEMBER [service-principal-name];
ConnectionString by environnemnt
You need to set authentication like: **Active Directory Default **
Server=sql-server.database.windows.net,1433; Authentication=Active Directory Default; Database=mydb; Encrypt=True;
Task AzureCLI@2
You need to set the addSpnToEnvironment: true
steps:
- task: AzureCLI@2
displayName: 'Azure CLI '
inputs:
azureSubscription: 'Azure Database (Service Principal)'
scriptType: ps
scriptLocation: inlineScript
inlineScript: |
# Set environment variables for DefaultAzureCredential to use WIF
$env:AZURE_CLIENT_ID = $env:servicePrincipalId
$env:AZURE_TENANT_ID = $env:tenantId
$env:AZURE_FEDERATED_TOKEN_FILE = $env:AZURE_FEDERATED_TOKEN_FILE
# Run the static data initialization with DbContext
dotnet exec Core.Db.dll
addSpnToEnvironment: true
visibleAzLogin: false