We are on the latest version of Octopus Deploy.
We created Azure Service Principal added it to Octopus deploy accounts.
Azure service principal was given contributor access at the subscription level.
When we execute template deployment step it is able to provision resources with a resource group.
When tried to execute Powershell script using the same service principle.
The script was simple. It was creating 3 resource groups.
This script failed with the following error:
Select-AzureRmSubscription : Unable to retrieve service key for
ServicePrincipal account xxxxxx-sssss-fffff. Please log in
again to supply the credentials for this service principal. In PowerShell,
execute Login-AzureRMAccount for Azure Resource Manager cmdlets or
Add-AzureAccount for service management cmdlets.
At C:\Octopus\Work\20160519032353-38\Script.ps1:10 char:1
- Select-AzureRmSubscription -SubscriptionName $NonProdSubscriptionName
+ CategoryInfo : NotSpecified: ( [Set-AzureRmContext], KeyNotFo
+ FullyQualifiedErrorId : System.Collections.Generic.KeyNotFoundException,
The step failed: The remote script failed with exit code 1
There are 2 possibilities for failure:
- Something is wrong with the PowerShell script.
- There is difference between how Powershell script uses authentication vs how the ARM deployment steps uses the service principal
ServicePrincipal can create resources but PowerShell script cannot.
Let me know if you have any suggestions.