From Visual Studio Team Services (VSTS) it’s possible to deploy to an Azure Subscription using an Active Directory Service Principal.
The Microsoft documentation refers to a blog post which describes a 3-clicks and a manual way to setup this principal.
For both the suggested ways (3-clicks or manual), there are some concerns from my side about the principal setup, which I think they could be improved:
- The principal which is created during the process gets the “Contributor” role granted on the whole Azure subscription, and using the manual powershell script, the default role is even “Owner” (this can be modified).
- The name of the Active Directory Application/Principal is some random guid which is difficult to be identified, see this picture:
Continue reading “A better way (and script) to add a Service Principal in Azure for VSTS”
For the quick answer jump directly to the conclusion
Yesterday I was setting up the build for an ASP .NET Core (Web API) application I wrote, this application was using a package from the VSTS Package Management repository.
To setup this build I was using the new dotnet Core tooling (in preview) which is available when creating a new Build Definition:
Continue reading “Solve 401 (Unauthorized) error when restoring packages using VSTS Package Management and .NET Core”
In this post I want to show you what I think it’s the best way to setup VSTS working with Azure Resource Manager Templates.
At the customer I am currently working for, we are setting up a new Azure Big Data ingestion environment and we wanted to do it using the Infrastructure as Code approach. With Azure this obviously goes with ARM Templates.
For source control, build and deployment we use Visual Studio Team Services (VSTS).
About VSTS, Build and Release Management
I have seen different setups with VSTS, some of them where the deployment take place from the build, or directly in Release Management without a build.
My approach is to have a clear separation of concerns between the Build and the Release Management.
The Build is for compiling, (Unit) Testing and creating artifacts for the deployment.
The Release Management’s responsibility is for deploying the artifacts created during the Build process. Continue reading “Setting up VSTS with ARM Templates”
When testing deployments of Azure RM resources (ie. using the Test-AzureRmResourceGroupDeployment powershell cmdlet) an empty Resource Group is created. This Resource Group is often not needed at this point and can be deleted after you are done testing the deployment of the resources. For deleting the Resource Group you can use the VSTS task delete resource group if empty. This tasks deletes the Resource Group only if it does not contains any resources.