Hi:
We are on the latest version of Octopus Deploy.
We created Azure Service Principal added it to Octopus deploy accounts.
Azure service principal was given contributor access at the subscription level.
When we execute template deployment step it is able to provision resources with a resource group.
When tried to execute Powershell script using the same service principle.
The script was simple. It was creating 3 resource groups.
This script failed with the following error:
Select-AzureRmSubscription : Unable to retrieve service key for
22:24:03Error
ServicePrincipal account xxxxxx-sssss-fffff. Please log in
22:24:03Error
again to supply the credentials for this service principal. In PowerShell,
22:24:03Error
execute Login-AzureRMAccount for Azure Resource Manager cmdlets or
22:24:03Error
Add-AzureAccount for service management cmdlets.
22:24:03Error
At C:\Octopus\Work\20160519032353-38\Script.ps1:10 char:1
22:24:03Error
- Select-AzureRmSubscription -SubscriptionName $NonProdSubscriptionName
22:24:03Error -
22:24:03Error
+ CategoryInfo : NotSpecified: ( [Set-AzureRmContext], KeyNotFo
22:24:03Error
undException
22:24:03Error
+ FullyQualifiedErrorId : System.Collections.Generic.KeyNotFoundException,
22:24:03Error
Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand
22:24:03Error
22:24:03Fatal
The step failed: The remote script failed with exit code 1
There are 2 possibilities for failure:
- Something is wrong with the PowerShell script.
- There is difference between how Powershell script uses authentication vs how the ARM deployment steps uses the service principal
ServicePrincipal can create resources but PowerShell script cannot.
Let me know if you have any suggestions.