Azure-pipelines-tasks: Add support for custom certificates when creating new Azure Cloud Service

Created on 13 Feb 2018  路  8Comments  路  Source: microsoft/azure-pipelines-tasks

Troubleshooting

A new feature: Allow for certificates to be specified in the AzureCloudPowerShellDeployment task settings (in the "Advanced Options For Creating New Service" section, similar to the "Diagnostic storage account keys" setting) in a Release definition.

Environment

  • Server - VSTS or TFS on-premises?
    Does NOT depend on the cloud/on-premise environment.

  • Agent - Hosted or Private:
    Does not depend on the Agent type.

Issue Description

Task AzureCloudPowerShellDeployment should be able to support certificates for creating a new Azure Cloud Service instance. Without the support for certificates, the task fails when it tries to create a new ACS and then deploy the ACS which does use custom certificates.

Error logs

2018-02-13T08:55:01.4184581Z ##[error] BadRequest: The certificate with thumbprint 58e54ffab7...........a5 was not found.

new-acs

Release
Source
picture ross-bohr

All 8 comments

I am willing to implement this if the feature is accepted.

ross-bohr picture ross-bohr on 13 Feb 2018

@ross-bohr

It refers to certificate within the cspkg. Can you please check if certificate is valid.

Also, can you please share debug logs at [email protected] . Debug logs you can enable by adding RD variable System.debug = true

Ajay-MS picture Ajay-MS on 14 Feb 2018

@Ajay-MS , the error shown above is related to a certificate that the ACS is using. It is listed in the ACS Cloud config as:
acs_using_custom_certificate

This is a certificate which the ACS starts using as soon as it boots up. It must be present in the ACS definition (in the certificates list) , otherwise the deployment of the ASC roles fails with the above error.

Effectively, this makes the procedure to deploy a new ACS as follows:

  1. Run the Release (it creates the ACS definition and then fails upon deployment due to the missing cert(s) )
  2. Manually upload the cert(s) (using PS or Portal blades)
  3. Run the Release again (redeploy)

This is not the optimal experience as one would like to automate the ACS creation end-to-end. Thus, I'm proposing this new feature to allow for the VSTS/TFS task to include the list of required cert(s) (by the ACS) as a string of ["base64StringOfCertPfx":"securedVariableForCertPassword"]

ross-bohr picture ross-bohr on 14 Feb 2018

Sounds good to me. I will discuss this with PM and will update you by tomorrow on this.

Ajay-MS picture Ajay-MS on 14 Feb 2018
👍1

@ross-bohr

We will be happy to have a contribution from you. Let me know as soon as you are done with your PR for this feature.

Thanks in advance.

Ajay-MS picture Ajay-MS on 16 Feb 2018
👍1

@Ajay-MS

Please find my PR for this feature here https://github.com/Microsoft/vsts-tasks/pull/6467

Please advise how to provide the translations for the other languages besides en-US.

Thanks in advance.

ross-bohr picture ross-bohr on 19 Feb 2018

@ross-bohr Thanks for your contribution. You dont need worry for translation, our system will take care of it.
@Ajay-MS to proceed with PR

chshrikh picture chshrikh on 1 Mar 2018
👍1

@ross-bohr thanks for your contribution. @Ajay-MS has taken care to merge this.

The changes will be available with next deployment

chshrikh picture chshrikh on 12 Mar 2018
👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

MikahB picture MikahB  路  3Comments
montebhoover picture montebhoover  路  3Comments
jabbera picture jabbera  路  3Comments
MichaelWhiteCodingForFun picture MichaelWhiteCodingForFun  路  3Comments
timfish picture timfish  路  3Comments