Setting up Octopus Deploy with a Service Principal - Azure CLI

I just was chatting to my mate Rob Pearson who was giving me some tips on setting up Azure with Octopus Deploy. In my case I was trying to set up a service account to do some deployments. I had already created a service account within my Active Directory with the relevant permissions. Rob pointed me to the Octopus Deploy docoumentation but I was struggling with the Azure Portal.

Then I remembered an old blog post I had done on setting up Let's Encrypt for Azure Web Sites. I felt rather daft not thinking of the post earlier. It has the steps required to create a service principal. So here we go again, no PowerShell this time.

First get yourself an install of the Azure CLI. The 2.0 release changed the cmd from azure noun verb to az noun verb.

First let's set some variables.

export APP_URI=https://my-octo-instance.com/  
export APP_NAME=octopusdeploy  

Then login to Azure, and configure the cli. (I like to use JSON for automation tasks)

az login  
...

az configure  
...
What default output format would you like?  
 [1] json - JSON formatted output that most closely matches API responses

Then create an app, with a password of your choosing.

az ad app create \  
    --homepage $APP_URI \
    --identifier-uris $APP_URI \
    --password my_super_secret_password \
    --display-name $APP_NAME

Get the details of the recently created app, in particular the App ID.

export APP_ID=$(az ad app list | jq --arg name "${APP_NAME}" '.[] | select(.displayName==$name)' | jq --raw-output .appId) 

Create a service principal using the app Id.

az ad sp create -a $APP_ID  

Get the object id and create a role assignment for a contributor.

export APP_OBJECT_ID=$(az ad sp list  | jq --arg name "${APP_NAME}" '.[] | select(.displayName==$name)' | jq --raw-output .objectId)

az role assignment create \  
   --assignee $APP_OBJECT_ID \
   --role Contributor  

Finally grab your tenant and your subscription, you are going to need them later.

# Assuming you only have one subscription setup.
export SUBSCRIPTION_ID=$(az account list | jq --raw-output .[].id)  
export TENANT_ID=$(az account list | jq --raw-output .[].tenantId)

Print out the bits to the console

echo "App Name: $APP_NAME"  
echo "App ID: $APP_ID"  
echo "Tenant ID: $TENANT_ID"  
echo "Subscription ID: $SUBSCRIPTION_ID"  

Now jump over to your Octopus Setup.

  • Go to Environments then Accounts then Add Account.
  • Use the variables above, along with the password used to create the app (above)

Finally give it a test and hope for Kermit.

Get Amongst It

Author image
An Aussie software guy. Husband, Dad, loves sport!
Brisbane, Australia Website
top