Create Azure DevOps Service Connection to Azure with Azure DevOps REST API and Powershell.
With a recent project, i ran into an interesting challenge. I needed to create a service connection for multiple environments, in the same project with a separate service principal account.
Ofcourse you can do this manually, but what if you can automate that and use it for your automation flow?
Why?
to be able to automatically create an service connection in Azure DevOps and use it for your automation flow.
If you are not familiar yet with how to create a service connection, please see this blog page of Barbara Forbes. Many thanks to Barbara Forbes, because of her blog post it inspired me to write a blog about this.
How ?
Using the Azure DevOps REST API , you will be able to create a service endpoint(Service Connection). In this article we will create an service connection that connects with Azure Resource Manager and using authentication method Service Principal, with focus on how and what to call and i wil use Powershell for this.
The script snippets and examples in this article you can find in my GitHub repository.
Step 1.
Starting with examining the Azure DevOps REST API endpoint — service endpoint, using the powershell invoke-restmethod cmd.
To be able to call and use the Azure DevOps REST API you will need to have a PAT(personal access token). If you are not familiar with that, you can find it here.
With this link above you can get all existing endpoints(service connections) in your Azure DevOps environment.
In this example i have already an existing, manually created service connection ,that points to Azure Resource Manager
As you can see in the output of the GET call we get a lot of information. The object shown in the illustration above, shows an existing Service Connection that points to Azure Resource Manager.
Let’s get to the next step and dive a bit into it.
Step 2 .
Before we continue, i want to point out a few things to understand the json pay-load body request for the service endpoint that we want to create.
Below you find a basic json pay-load example
For the call we need to know the type that points to the service connection type, Azure Resource Manager and the scheme that points to the authentication method ServicePrincipal.
For Authorization you need to specify parameters, as we will use Service principal authentication method, we need to define a serviceprincipalID and the serviceprincipalKey(client secret of your azure service principal account)
Here we see that the type of our service connection is “azurerm” and the scheme it uses is “serviceprincipal”.
For more detailed information about the available types and schemes of the service-endpoint , you can find here on the Microsoft Docs.
So now we know the important elements, we can go to the next step.
Step 3.
Let’s create the pay-load body for the POST call, to create a service connection.
with the above pay-load example, we will create the rest post call.
And now we have created automatically a Service Connection that points to Azure Resource Manager with serviceprincipal authentication method.
Summary
as now you know how to do the call to the service-endpoint and what values you need for the Azure Resource Manager endpoint in the pay-load.
You can automatically create a service connection and integrate this step with your automation flow or your pipelines.
In my next article i will show how you can use this step with Azure Pipelines.
