search

Dejulia489 / AzurePipelinesPS

A PowerShell module that makes interfacing with Azure Pipelines a little easier
https://www.powershellgallery.com/packages/AzurePipelinesPS
MIT License
53 stars 17 forks source link

Does New-APSession support a managed identity to connect to Azure DevOps? #31

Open BertusV opened 1 year ago

BertusV commented 1 year ago

Now that DevOps support managed identities I would like to use that to automate some tasks rather than using a PAT.

Previously I used this code to connect from an Azure PowerShell function app:

$splat = @{ Collection = 'xxxxxxxxxxxxx' Project = 'Management%20Infrastructure' Instance = 'https://dev.azure.com/' ApiVersion = '7.1-preview' SessionName = 'mySession' PersonalAccessToken = $env:PAT } $session = New-APSession @splat

I hoped the script would work like this but I'm getting Authentication issues. In a separate funtion I can use the same identity to authN to Azure resources.

$splat = @{ Collection = 'xxxxxxxxxxxx' Project = 'Management%20Infrastructure' Instance = 'https://dev.azure.com/' ApiVersion = '7.1-preview' SessionName = 'mySession' } $session = New-APSession @splat

I hope you can point me in the right direction.

Regards, BertusV

Dejulia489 commented 1 year ago

Are you running this in a pipeline?

BertusV commented 1 year ago

No, I'm running this in a Azure Function App (PowerShell). The function app has a managed identity assigned to it. That same identity is configured in Azure DevOps.

Dejulia489 commented 1 year ago

Sounds like you can use the Azure AD token in place of the PAT.

I haven’t had a chance to try it.

Doc:

https://learn.microsoft.com/en-us/azure/devops/integrate/get-started/authentication/service-principal-managed-identity

https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow

BertusV commented 1 year ago

I'll give it a try and get back to you.

Thanks.