I am trying to create a custom extension that will script my PostgreSql database. I found a utility that already works.
<code>- task: AzureCLI@2
displayName: 'Connect PostgreSQL Server'
inputs:
azureSubscription: '$(ArmConnection)'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
echo "Generate an access token to access PostgreSQL Server."
accessToken=$(az account get-access-token
--resource https://ossrdbms-aad.database.windows.net
--query "accessToken"
-o tsv)
echo "Connecting to PostgreSQL Server..."
az postgres flexible-server connect
--name '$(ServerName)'
--admin-user '$(AdminUserName)'
--admin-password $accessToken
--database-name '$(dbName)'
</code>
<code>- task: AzureCLI@2
displayName: 'Connect PostgreSQL Server'
inputs:
azureSubscription: '$(ArmConnection)'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
echo "Generate an access token to access PostgreSQL Server."
accessToken=$(az account get-access-token
--resource https://ossrdbms-aad.database.windows.net
--query "accessToken"
-o tsv)
echo "Connecting to PostgreSQL Server..."
az postgres flexible-server connect
--name '$(ServerName)'
--admin-user '$(AdminUserName)'
--admin-password $accessToken
--database-name '$(dbName)'
</code>
- task: AzureCLI@2
displayName: 'Connect PostgreSQL Server'
inputs:
azureSubscription: '$(ArmConnection)'
scriptType: 'bash'
scriptLocation: 'inlineScript'
inlineScript: |
echo "Generate an access token to access PostgreSQL Server."
accessToken=$(az account get-access-token
--resource https://ossrdbms-aad.database.windows.net
--query "accessToken"
-o tsv)
echo "Connecting to PostgreSQL Server..."
az postgres flexible-server connect
--name '$(ServerName)'
--admin-user '$(AdminUserName)'
--admin-password $accessToken
--database-name '$(dbName)'
However, I want to write my extension task for easier use. I went ahead and got stuck on generating an access token. It’s not entirely clear to me what I’m missing to add to the federated-token.
Unfortunately it’s not clear to me what exactly should be used, as I can’t really find information on that.
The goal is to generate an access token that will allow me to generate an access token to postgresql.
<code>import tl = require('azure-pipelines-task-lib/task');
import { execSync } from 'child_process';
async function run() {
try {
console.log('Logging into Azure...');
const subscription = tl.getInput('subscription', true)!;
const serverName: string = tl.getInput('serverName', true)!;
const adminUser: string = tl.getInput('adminUser', true)!;
console.log("Working with subscription: " + subscription);
const servicePrincipalId: string = tl.getEndpointAuthorizationParameter(subscription, 'serviceprincipalid', false)!;
console.log("Service principal id: " + servicePrincipalId);
const tenantId: string = tl.getEndpointAuthorizationParameter(subscription, 'tenantid', false)!;
console.log("Tenant id: " + tenantId);
const federatedTokenPath = process.env['AZURE_FEDERATED_TOKEN_FILE'];
console.log("Federated: " + federatedTokenPath);
// Undefined and not working
console.log(`Reading federated token from: ${federatedTokenPath}`);
const federatedToken = execSync(`cat ${federatedTokenPath}`, { encoding: 'utf-8' }).trim();
process.env['AZURE_CONFIG_DIR'] = tl.getVariable('Agent.TempDirectory') || '/tmp/.azclitask';
console.log(`Setting AZURE_CONFIG_DIR env variable to: ${process.env['AZURE_CONFIG_DIR']}`);
console.log('Setting active cloud to: AzureCloud');
execSync('az cloud set -n AzureCloud', { stdio: 'inherit' });
console.log('Logging into Azure with service principal...');
execSync(`az login --service-principal -u ${servicePrincipalId} --tenant ${tenantId} --allow-no-subscriptions --federated-token ${federatedToken}`, { stdio: 'inherit' });
console.log(`Setting subscription to: ${subscription}`);
execSync(`az account set --subscription ${subscription}`, { stdio: 'inherit' });
console.log('Generating access token...');
const accessToken = execSync(
`az account get-access-token --resource https://ossrdbms-aad.database.windows.net --query "accessToken" -o tsv`,
{ encoding: 'utf-8' }
).trim();
console.log('Access token generated.');
console.log('Connecting to PostgreSQL Server...');
execSync(
`az postgres flexible-server connect --name "${serverName}" --admin-user "${adminUser}" --admin-password "${accessToken}"`,
{ stdio: 'inherit' }
);
console.log('Connection successful.');
console.log('Clearing Azure account...');
execSync('az account clear', { stdio: 'inherit' });
console.log('Task completed successfully.');
} catch (err: any) {
tl.setResult(tl.TaskResult.Failed, err.message);
}
}
run();
</code>
<code>import tl = require('azure-pipelines-task-lib/task');
import { execSync } from 'child_process';
async function run() {
try {
console.log('Logging into Azure...');
const subscription = tl.getInput('subscription', true)!;
const serverName: string = tl.getInput('serverName', true)!;
const adminUser: string = tl.getInput('adminUser', true)!;
console.log("Working with subscription: " + subscription);
const servicePrincipalId: string = tl.getEndpointAuthorizationParameter(subscription, 'serviceprincipalid', false)!;
console.log("Service principal id: " + servicePrincipalId);
const tenantId: string = tl.getEndpointAuthorizationParameter(subscription, 'tenantid', false)!;
console.log("Tenant id: " + tenantId);
const federatedTokenPath = process.env['AZURE_FEDERATED_TOKEN_FILE'];
console.log("Federated: " + federatedTokenPath);
// Undefined and not working
console.log(`Reading federated token from: ${federatedTokenPath}`);
const federatedToken = execSync(`cat ${federatedTokenPath}`, { encoding: 'utf-8' }).trim();
process.env['AZURE_CONFIG_DIR'] = tl.getVariable('Agent.TempDirectory') || '/tmp/.azclitask';
console.log(`Setting AZURE_CONFIG_DIR env variable to: ${process.env['AZURE_CONFIG_DIR']}`);
console.log('Setting active cloud to: AzureCloud');
execSync('az cloud set -n AzureCloud', { stdio: 'inherit' });
console.log('Logging into Azure with service principal...');
execSync(`az login --service-principal -u ${servicePrincipalId} --tenant ${tenantId} --allow-no-subscriptions --federated-token ${federatedToken}`, { stdio: 'inherit' });
console.log(`Setting subscription to: ${subscription}`);
execSync(`az account set --subscription ${subscription}`, { stdio: 'inherit' });
console.log('Generating access token...');
const accessToken = execSync(
`az account get-access-token --resource https://ossrdbms-aad.database.windows.net --query "accessToken" -o tsv`,
{ encoding: 'utf-8' }
).trim();
console.log('Access token generated.');
console.log('Connecting to PostgreSQL Server...');
execSync(
`az postgres flexible-server connect --name "${serverName}" --admin-user "${adminUser}" --admin-password "${accessToken}"`,
{ stdio: 'inherit' }
);
console.log('Connection successful.');
console.log('Clearing Azure account...');
execSync('az account clear', { stdio: 'inherit' });
console.log('Task completed successfully.');
} catch (err: any) {
tl.setResult(tl.TaskResult.Failed, err.message);
}
}
run();
</code>
import tl = require('azure-pipelines-task-lib/task');
import { execSync } from 'child_process';
async function run() {
try {
console.log('Logging into Azure...');
const subscription = tl.getInput('subscription', true)!;
const serverName: string = tl.getInput('serverName', true)!;
const adminUser: string = tl.getInput('adminUser', true)!;
console.log("Working with subscription: " + subscription);
const servicePrincipalId: string = tl.getEndpointAuthorizationParameter(subscription, 'serviceprincipalid', false)!;
console.log("Service principal id: " + servicePrincipalId);
const tenantId: string = tl.getEndpointAuthorizationParameter(subscription, 'tenantid', false)!;
console.log("Tenant id: " + tenantId);
const federatedTokenPath = process.env['AZURE_FEDERATED_TOKEN_FILE'];
console.log("Federated: " + federatedTokenPath);
// Undefined and not working
console.log(`Reading federated token from: ${federatedTokenPath}`);
const federatedToken = execSync(`cat ${federatedTokenPath}`, { encoding: 'utf-8' }).trim();
process.env['AZURE_CONFIG_DIR'] = tl.getVariable('Agent.TempDirectory') || '/tmp/.azclitask';
console.log(`Setting AZURE_CONFIG_DIR env variable to: ${process.env['AZURE_CONFIG_DIR']}`);
console.log('Setting active cloud to: AzureCloud');
execSync('az cloud set -n AzureCloud', { stdio: 'inherit' });
console.log('Logging into Azure with service principal...');
execSync(`az login --service-principal -u ${servicePrincipalId} --tenant ${tenantId} --allow-no-subscriptions --federated-token ${federatedToken}`, { stdio: 'inherit' });
console.log(`Setting subscription to: ${subscription}`);
execSync(`az account set --subscription ${subscription}`, { stdio: 'inherit' });
console.log('Generating access token...');
const accessToken = execSync(
`az account get-access-token --resource https://ossrdbms-aad.database.windows.net --query "accessToken" -o tsv`,
{ encoding: 'utf-8' }
).trim();
console.log('Access token generated.');
console.log('Connecting to PostgreSQL Server...');
execSync(
`az postgres flexible-server connect --name "${serverName}" --admin-user "${adminUser}" --admin-password "${accessToken}"`,
{ stdio: 'inherit' }
);
console.log('Connection successful.');
console.log('Clearing Azure account...');
execSync('az account clear', { stdio: 'inherit' });
console.log('Task completed successfully.');
} catch (err: any) {
tl.setResult(tl.TaskResult.Failed, err.message);
}
}
run();
Thanks