Today I needed to setup a new release pipeline on our Azure DevOps Server installation to deploy some stuff automatically to Azure. The UI (at least on the Azure DevOps Server 2020 (!)) is not really clear about how to connect those two worlds, and thats why I’m writing this short blogpost.
First - under project settings - add a new service connection. Use the Azure Resource Manager-service. Now you should see something like this:
Be aware: You will need to register app inside your Azure AD and need permissions to setup. If you are not able to follow these instructions, you might need to talk to your Azure subscription owner.
Subscription id:
Copy here the id of your subscription. This can be found in the subscription details:
Keep this tab open, because we need it later!
Service prinipal id/key & tenant id:
Now this wording about “Service principal” is technically correct, but really confusing if your are not familar with Azure AD. A “Service prinipal” is like a “service user”/”app” that you need to register to use it. The easiest route is to create an app via the Bash Azure CLI:
az ad sp create-for-rbac --name DevOpsPipeline
If this command succeeds you should see something like this:
{
"appId": "[...GUID..]",
"displayName": "DevOpsPipeline",
"password": "[...PASSWORD...]",
"tenant": "[...Tenant GUID...]"
}
This creates an “Serivce principal” with a random password inside your Azure AD. The next step is to give this “Service principal” a role on your subscription, because it has currently no permissions to do anything (e.g. deploy a service etc.).
Go to the subscription details page and then to Access control (IAM). There you can add your “DevOpsPipeline”-App as “Contributor” (Be aware that this is a “powerful role”!).
After that use the "appId": "[...GUID..]" from the command as Service Principal Id.
Use the "password": "[...PASSWORD...]" as Service principal key and the "tenant": "[...Tenant GUID...]" for the tenant id.
Now you should be able to “Verify” this connection and it should work.
Links: This blogpost helped me a lot. Here you can find the official documentation.
Hope this helps!
