4

I need to execute a Python script as part of my CICD process that will do some executions on existing files in a data lake gen 2/blob storage.

I don't know how to authenticate the script so that it can perform the actions needed.

Python script task

 task: PythonScript@0
  inputs:
    scriptSource: 'filePath'
    scriptPath: ./script.py
    #arguments: # Optional
    #pythonInterpreter: # Optional
    #workingDirectory: # Optional
    #failOnStderr: false # Optional

An Azure Powershell task has an input option to put in a azureSubscription. Maybe I can pass in an argument?

Improve this question

1 Answer 1

Reset to default
2

Based on your requirement, you need to use the Authentication information in the Service Connection.

To meet your requirement, you can choose to use Azure CLI task and enable the option: addSpnToEnvironment: true.

Refer to this doc: Azure CLI task

Adds service principal ID and key of the Azure endpoint you chose to the script's execution environment.

Here is an example:

steps:
- task: AzureCLI@2
  displayName: 'Azure CLI '
  inputs:
    azureSubscription: xx
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
     echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId" 
     
     echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]$servicePrincipalKey"
    
     echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
    addSpnToEnvironment: true

In this case, you can set the Authentication information as pipeline variable. Then you can use the pipeline variable in next tasks.

$(ARM_CLIENT_ID)

$(ARM_CLIENT_SECRET)

$(ARM_TENANT_ID)
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Please note that this works only if your service connection is connected to a service principal, providing a key. If connected to a managed identity, no key will be provided.
With this answer I still have no idea how can actually get service account dependent scripts to run, e.g. having a kubernetes service account, I have no idea what todo with these variables to get kubectl to work....

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.