0

I'm using Azure DevOps Pipeline to deploy an infrastructure. One of Terraform modules use local-exec and it is a Powershell script which enables VM SQL Backup. Everything works fine locally from my PC when I'm connected to Azure as a user. The problem appears only in a pipeline where I connect to Azure via Service Principal. I use a built-in Powershell just to run Connect-AzAccount hoping that connection will be kept during all tasks. Unfortunately when it comes to Terraform Apply, during my module deployment, there's an error:

Please provide a valid tenant or a valid subscription.

Resource group 'abcd' could not be found.

Does somebody know how to keep connection with Azure during all tasks? I even tried to run Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx" in a module but it doesn't find my subscription.

This is how Powershell task looks like:

$AzureAADClientKey = "***"
$AzureTenantID = " xxxx-xxxx-xxxx-xxxx "
$AzureSubscriptionName = " xxxx-xxxx-xxxx-xxxx "
$AzureEnv = "AzureCloud"
#Start Connection
$securePassword = ConvertTo-SecureString $AzureAADClientKey -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $AzureAADClientID,$securePassword
$n = Disable-AzContextAutosave -Scope Process
Clear-AzContext -Scope Process
Connect-AzAccount -Credential $credential -TenantId $AzureTenantID -Environment $AzureEnv -ServicePrincipal -SubscriptionId $AzureSubscriptionName

Any help appreciated!

Improve this question
2
  • Can you share the full tf files? I want to reproduce it against my environment Commented Nov 25, 2020 at 10:58
  • When you use the AzurePowerShell@5 task, you don't need to worry about setting the azcontext, it does this automatically for you. It does require a service connection to the azure environment though, but it seems you already have a principal, so adding a service connection should not be a problem. Commented Nov 25, 2020 at 12:43

2 Answers 2

Reset to default
1

try with the following sample task, it worked for me.

# Prepare the Postgres admin password
- task: AzurePowerShell@4
  inputs:
    azureSubscription: '$(subscription)'
    ScriptType: 'FilePath'
    ScriptPath: 'Scripts/PreparePostgresAdminPassword.ps1'
    ScriptArguments: '-ResourceGroupName $(rgName) -KeyVaultName $(kvName) -SecretName $(secretName)'
    errorActionPreference: 'silentlyContinue'
    azurePowerShellVersion: 'LatestVersion'
    timeoutInMinutes: 2
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

Eventually I managed to do it another way. I use Bash task to run 'Terraform Apply' and it contains three commands - Set-AzContext, az account set and terraform apply. Thank you for help, guys!

      - bash: |          
          echo "##vso[task.setvariable variable=AZURE_CLIENT_ID;issecret=true]$(client_id)"
          echo "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$(client_secret)"
          echo "##vso[task.setvariable variable=AZURE_SUBSCRIPTION_ID]$(subscription_id)"
          echo "##vso[task.setvariable variable=AZURE_TENANT_ID;issecret=true]$(tenant_id)" 
        workingDirectory: '$(Build.ArtifactStagingDirectory)/${{parameters.tfExecutionDir}}'
        displayName: 'Set environment variables for Service Principal authentication'

        
      - bash: |
          pwsh -c "Set-AzContext -SubscriptionId "$(AZURE_SUBSCRIPTION_ID)" -Tenant "$(AZURE_TENANT_ID)""
          az account set --subscription "$(AZURE_SUBSCRIPTION_ID)"

          terraform apply $(Build.BuildNumber).tfplan
        workingDirectory: '$(Build.ArtifactStagingDirectory)/${{parameters.tfExecutionDir}}'
        displayName: 'Terraform Apply'
        env:
          ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
          ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
          ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
          ARM_TENANT_ID: $(AZURE_TENANT_ID)
Improve this answer

1 Comment

I can't accept my answer within 24 hrs from posting it :) I need to wait 1hr more.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.