tag:help.appveyor.com,2012-11-13:/discussions/problems/3738-add-azureaccount-serviceprincipal-tenant-id-credential-credsAppVeyor: Discussion 2016-08-11T02:26:07Ztag:help.appveyor.com,2012-11-13:Comment/386181962015-12-04T00:31:30Z2015-12-04T00:31:30ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>I've never used Azure accounts in CI environment (though I use
this authentication locally, but it invokes a dialog box with
login), but all Azure automation scripts I ever seen were using
importing certificate.</p>
<p>Btw, if it creates <code>AzureDataCollectionProfile.json</code>
file after you answer "yes" why wouldn't you just fake that file
during the build?</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/386181962015-12-04T00:40:38Z2015-12-04T00:40:38ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Found few guides on this topic:<br>
<a href="https://www.sapien.com/blog/2014/10/23/saving-passwords-for-add-azureaccount/">
https://www.sapien.com/blog/2014/10/23/saving-passwords-for-add-azu...</a><br>
<a href="http://johnyassa.com/tag/add-azureaccount/">http://johnyassa.com/tag/add-azureaccount/</a></p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/386181962015-12-04T01:20:08Z2015-12-04T01:20:08ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Thanks. I'll have a look later tonight or tomorrow.</p>
<p>Sent from Outlook<a href="http://aka.ms/Ox5hz3">http://aka.ms/Ox5hz3</a></p></div>kevintag:help.appveyor.com,2012-11-13:Comment/386181962015-12-06T22:16:00Z2015-12-06T22:17:26ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>I had a look at the links, unfortunately nothing new here to
help with this problem.</p>
<p>I spent a bit of time working from the appveyor build server
(rdp)</p>
<p>What is working:</p>
<ul>
<li>MS LiveID that is the primary account holder. (not tested a
MsLiveId admin of the subscription)</li>
<li>publish-settings for the Azure Account. (<a href="https://manage.windowsazure.com/publishsettings">https://manage.windowsazure.com/publishsettings</a>)</li>
</ul>
<p>What is Not working:</p>
<ul>
<li>account that are on your Azzure Account Default Subscription's
AD usually ending in
<code>{AzureAccountUserName}.onmicrosoft.com</code></li>
<li>application (service principle) accounts</li>
</ul>
<p>resources:<br>
<a href="https://azure.microsoft.com/en-us/documentation/articles/web-sites-staged-publishing/">
https://azure.microsoft.com/en-us/documentation/articles/web-sites-...</a><br>
<a href="http://blog.davidebbo.com/2014/12/azure-service-principal.html">http://blog.davidebbo.com/2014/12/azure-service-principal.html</a><br>
<a href="https://azure.microsoft.com/en-us/documentation/articles/resource-group-authenticate-service-principal/">
https://azure.microsoft.com/en-us/documentation/articles/resource-g...</a></p>
<p>I was thinking of putting in a support ticket in with Azure.
Wondering what they have to say about an Azure VMs access to
Subscription AD's.</p>
<p>I may use publishsettings file. not thrilled with it, but it
will have to do for now.</p>
<p>Thanks.</p></div>kevintag:help.appveyor.com,2012-11-13:Comment/386181962015-12-07T19:09:41Z2015-12-07T19:09:41ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>We currently don't run builds on Azure - it's either Hyper-V
(Pro environment) or Google Compute Engine (OSS). I agree it might
be better submitting an issue with Azure.</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/386181962015-12-08T19:58:41Z2015-12-08T19:58:41ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Is there a proxy in between the build VM and the internet?<br>
Any outgoing port restrictions, whitelist?</p></div>kevintag:help.appveyor.com,2012-11-13:Comment/386181962015-12-08T20:00:09Z2015-12-08T20:00:09ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Nope.</p></div>Feodor Fitsnertag:help.appveyor.com,2012-11-13:Comment/386181962015-12-09T22:58:53Z2015-12-09T23:00:57ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Ok found the problem, it was a breaking change from Azure
PowerShell 0.9.7 to 1.0.x.<br>
new cmdlet for resource management:<br>
<code>Add-AzureRmAccount</code>
<code>Invoke-AzureRmResourceAction</code></p>
<p>The new method to connect with service principle.<br></p>
<pre>
<code>$uid = <servicePrinciple GUID>;
$pwd = <servicePrinciple Key>;
$tenantId = <tenant GUID>
$secPwd = ConvertTo-SecureString $pwd -AsPlainText -Force;
$credentials = New-Object System.Management.Automation.PSCredential ($uid, $secPwd);<br><br>
<br>Add-AzureRmAccount -ServicePrincipal -Tenant $tenantId -Credential $credentials;<br><br>
<br>$ParametersObject = @{
targetSlot = "Production"
};<br><br>
<br>Invoke-AzureRmResourceAction -ResourceGroupName <resourceGroupName> -ResourceType 'Microsoft.Web/sites/slots' -ResourceName "<websiteName>/<slotName>" -Action slotsswap -Parameters $ParametersObject -ApiVersion 2015-07-01 -Force</code>
</pre></div>kevintag:help.appveyor.com,2012-11-13:Comment/386181962015-12-09T23:31:02Z2015-12-09T23:31:02ZAdd-AzureAccount -ServicePrincipal -Tenant $id -Credential $creds<div><p>Nice, thanks for sharing the final solution!<br>
Looking at the script I've got a feeling that it's getting more and
more<br>
challenging to manage Azure resources.</p>
<p>-Feodor</p></div>Feodor Fitsner