Removing an Azure certificate

graemefoster · 5 May 2016 06:51

Hi,

I’m getting an error stopping me from deleting an Azure subscription:
“The account is currently used in the deployment steps of one or more projects”

The problem is, I can’t see the certificate used anywhere in my projects (I only have 3).

Is there a way to find out what exactly is stopping the certificate being deleted?

Thanks,

Graeme

robpearson · 6 May 2016 05:53

Hi Graeme,

Thanks for getting in touch. If you have a small number of projects, I would guess you could look at your project steps to see if you had an Azure step that was using a specific Azure subscription.

If this isn’t possible, I’d suggest using the Octopus API to check your projects. The following steps describe how you can do this. Note: Replace OctopusServerName with your server name as appropriate.

View the Azure accounts and note the Azure account ID you wish to delete. In your web browser, navigate to http://OctopusServeName/api/accounts/all. This should show something like the following. Make note of the Id of the subscription you’d like to delete. In the example below, the Id we note is “azuresubscription-something”.

[
  {
    "AccountType": "AzureSubscription",
    "SubscriptionNumber": "...",
    ...
    "Id": "azuresubscription-something",
    "LastModifiedOn": null,
    "LastModifiedBy": null,
    "Links": {
      "Self": "/api/accounts/azuresubscription-something",
      "PublicKey": "/api/accounts/azuresubscription-something/pk",
      "CloudServices": "/api/accounts/azuresubscription-something/cloudServices",
      "StorageAccounts": "/api/accounts/azuresubscription-something/storageAccounts",
      "WebSites": "/api/accounts/azuresubscription-something/websites"
    }
  }
]

View your project and note the deployment process ids. In your web browser, navigate to http://OctopusServeName/api/projects/all. This should show something like the following. Make note of the deployment project ids as we’ll check them individually for the linked account. In the example below, we note the Ids “deploymentprocess-Projects-1” and “deploymentprocess-Projects-21”.

[
  {
    "Id": "Projects-1",
    "VariableSetId": "variableset-Projects-1",
    "DeploymentProcessId": "deploymentprocess-Projects-1",
    ...
  },
  {
    "Id": "Projects-21",
    "VariableSetId": "variableset-Projects-21",
    "DeploymentProcessId": "deploymentprocess-Projects-21",
    ...
  }
]

View each project deployment process to see if it is linked to the azure subscription. In your web browser, navigate to http://OctopusServeName/api/deploymentprocesses/DeploymentProcessId. Replace DeploymentProcessId with the deployment process Ids from step 2. You should see something like the following. The example below has a property named “Octopus.Action.Azure.AccountId” with the ID of the subscription we noted in Step 1. This tells us which project and action (AKA step) is using the azure subscription. You can then update the project/step appropriately.

{
  "Id": "deploymentprocess-Projects-21",
  "ProjectId": "Projects-21",
  "Steps": [
    {
      "Id": "69d6e909-3f6a-44cc-958e-ced942b1db1f",
      "Name": "asdf",
      "RequiresPackagesToBeAcquired": false,
      "Properties": {},
      "Condition": "Success",
      "StartTrigger": "StartAfterPrevious",
      "Actions": [
        {
          "Id": "08cd49e1-7376-45a9-89cc-3269dbe7ac63",
          "Name": "asdf",
          "ActionType": "Octopus.AzureWebApp",
          "Environments": [],
          "Channels": [],
          "Properties": {
            "Octopus.Action.Package.NuGetFeedId": "feeds-builtin",
            "Octopus.Action.Azure.UseChecksum": "False",
            "Octopus.Action.Azure.AccountId": "azuresubscription-something",
            "Octopus.Action.Azure.WebAppName": "WebsiteName",
            "Octopus.Action.Package.NuGetPackageId": "MultiPack",
            "Octopus.Action.Azure.PhysicalPath": "asdf"
          },
          "Links": {}
        }
      ]
    }
  ],
  "Version": 1,
  "LastSnapshotId": null,
  "Links": {
    "Self": "/api/deploymentprocesses/deploymentprocess-Projects-21",
    "Project": "/api/projects/Projects-21",
    "Template": "/api/deploymentprocesses/deploymentprocess-Projects-21/template{?channel,releaseId}"
  }
}

This could be done in PowerShell or a simple C# program with our Octopus.Client NuGet package but this should be sufficient since you don’t have a lot of projects.

If this doesn’t solve your problem, let me know and we can dig a bit deeper. Hope this helps!

Rob

graemefoster · 9 May 2016 01:17

Hi Rob,

Thanks for this - unfortunately, it didn’t solve my problem.

Looking in the database I noticed that some very old versions of deployment
processes were linked to this subscription (via the JSON). I took a punt,
updated to use one of the subscriptions which is relevant, and was then
able to delete the subscription.

Bit of a pink sparkly cowboy hat moment, but it has solved my issue!

Cheers,

Graeme

robpearson · 9 May 2016 10:07

Hi Graeme,

Thanks for following-up. It’s good to hear you solved your problem but we don’t recommend doing this. If you have any problems like this in the future, please let me know and we can dig in deeper.

Happy deploying!

Rob