Skip to main content Link Menu Expand (external link) Document Search Copy Copied
Azure deployment and configuration

Source

Service Principal View

  • Portal : Navigate to Azure Active Directory / App registrations

  • Powershell :

      Get-AzADServicePrincipal

Create Service Principal for Ansible Automation

  1. Create an application

     New-AzADApplication -DisplayName Ansible-Automation -IdentifierUris http://azure/ansible
 $application = Get-AzADApplication -DisplayName Ansible-Automation

  2. Create a Service Principal

     Add-Type -Assembly System.Web
 $password = [System.Web.Security.Membership]::GeneratePassword(16,3)
 $securePassword = ConvertTo-SecureString -Force -AsPlainText -String $password
 New-AzADServicePrincipal -ApplicationId $application.ApplicationId -Password $securePassword

 $svcPrincipal = Get-AzADServicePrincipal -DisplayName Ansible-Automation
 $svcPrincipal |fl *

  3. Assign Contributor permission to All the subscription

     $subscriptionId=Get-AzSubscription | select-object -ExpandProperty Id
 New-AzRoleAssignment  -ObjectId $svcPrincipal.Id  -RoleDefinitionName Contributor -Scope "/subscriptions/$subscriptionId"
 New-AzRoleAssignment  -ObjectId $svcPrincipal.Id  -RoleDefinitionName "User Access Administrator" -Scope "/subscriptions/$subscriptionId"

  4. Show service principal

     az ad sp list --display-name Ansible-Automation --query [].appId -o tsv

  5. Login with service principal

     az login --service-principal -u <app-id> -p <password-or-cert> --tenant <tenant>

Create Service Principal for Jenkins to Access to ACR

Goal : Have a service principal to allow Jenkins to communicate with ACR

  1. Create an application

     New-AzureRmADApplication -DisplayName Jenkins-ACR -IdentifierUris http://azure/jenkins-acr
 $application = Get-AzureRmADApplication -DisplayName Jenkins-ACR

  2. Create a Service Principal

     Add-Type -Assembly System.Web
 $password = [System.Web.Security.Membership]::GeneratePassword(16,3)
 $securePassword = ConvertTo-SecureString -Force -AsPlainText -String $password
 New-AzureRmADServicePrincipal -ApplicationId $application.ApplicationId -Password $securePassword

 $svcPrincipal = Get-AzureRmADServicePrincipal -DisplayName Jenkins-ACR
 $svcPrincipal |fl *

  3. Retrieve Azure Container Registry

     $registry = Get-AzureRmContainerRegistry -ResourceGroupName "AKS" -Name mesfContainerRegistry

  4. Assign Contributor permission to the registry

     $subscriptionId=Get-AzureRmSubscription | select-object -ExpandProperty Id
 New-AzureRmRoleAssignment  -ObjectId $svcPrincipal.Id  -RoleDefinitionName Contributor -Scope $registry.Id