I recently learned that VSTS Build & Release tasks have a built-in way to leverage Azure Powershell – cool! I needed to automate a bunch of steps in Azure and already have a VSTS pipeline so it was easy to add in a few additional Powershell scripts and off I go! There’s already documentation to do this, there’s a great walkthrough located here:
https://azure.microsoft.com/en-us/documentation/articles/vs-azure-tools-resource-groups-ci-in-vsts/
After I completed the walkthrough I could call Azure Powershell Commandlets without a problem! (NOTE: I’m focusing on the Azure Resource Manager commandlets & Rest APIs in this article) Unfortunately, I still got stuck because there isn’t an Azure Powershell Commandlet for creating a custom image in a Dev/Test Lab. Since we didn’t have a readily available commandlet to call, the ‘next level down’ is calling the Azure REST APIs directly. It’s uncommon to find a particular activity or task in Azure that isn’t already wrapped in a Powershell Commandlet, but it happens. We just need to jump to the Azure Rest APIs.
Here comes the issue: When we’re writing Azure Powershell scripts in the VSTS Build/Release pipeline we don’t have access to the authentication token, security credentials or service principle details. This means we can’t use the regular method of “Invoke-WebRequest” or “Invoke-RestMethod” and construct the headers with the appropriate authentication because we don’t have access to it.
The “OK” Solution: We can make this work by passing in (via parameters to the powershell scripts) all the details we need to re-authenticate as the Service Principle via Rest APIs. This involves creating additional variables in the VSTS pipeline (Auth URL, Resource URL, Client Id, Client Secret) and piping those through to the powershell script. Unfortunately this adds a lot of complexity to the pipeline and I like to go as simple as possible (easier to maintain!). The Azure team helped me with a better approach!
The “Better” Solution: As it turns out, there are a set of Azure Powershell Commandlets that help commandlet authors not have to worry about handling the Rest API calls directly. We can use these commandlets too! These Commandlets are ‘wrappers’ on the Rest APIs and take care of the authentication headers for us! Just run a quick Powershell command to get the list of Commandlets:
help *azurermresource
We can map these Azure Powershell Commandlets to the respective Azure REST API calls in this way:
Azure Commandlet |
Azure REST API Request Type |
GET |
|
DELETE |
|
PUT or PATCH |
|
PUT |
|
GET |
To understand how the Azure Commandlets work, jump to the source! The Azure Powershell Commandlets are checked into GitHub here!
Now that we have a mechanism to call the Rest APIs, the tricky part is getting the parameters correct. Here are two great resources for figuring this out:
- https://azure.github.io/projects/apis/ : On this site, you can find all the available Azure REST APIs, their parameters and return values
- https://resources.azure.com/: Here you can find example Azure Powershell commands that map to the existing resources and providers in your Azure Subscriptions
I’ll go more in-depth on my approach to figuring out the parameters for Dev/Test Labs in my next post. If you have any questions or comments – leave a note below, thanks!