NAV Navbar
Switch version:

Pre-requisites

In order to use GoCD’s Microsoft Azure Elastic Agent Plugin, the following pre-requisites must be met:

Go Server

Azure subscription

By default a service principal will have a Contributor role. For more fine grained access control ensure the service principal has the following access:

  
  Microsoft.Compute/virtualMachines/*
  Microsoft.Network/networkInterfaces/*
  Microsoft.Compute/disks/*
  Microsoft.Compute/locations/*
  Microsoft.Resources/subscriptions/resourceGroups/read
  Microsoft.Network/virtualNetworks/read
  Microsoft.Network/virtualNetworks/subnets/read
  Microsoft.Network/virtualNetworks/subnets/join/*
  Microsoft.Network/networkSecurityGroups/read"
  Microsoft.Network/networkSecurityGroups/join/*
  

You can create a custom role using the below template. Ensure this role is assigned to the service principal.

  
  {
    "Actions": [
        "Microsoft.Compute/virtualMachines/*",
        "Microsoft.Network/networkInterfaces/*",
        "Microsoft.Compute/disks/*",
        "Microsoft.Compute/locations/*",
        "Microsoft.Resources/subscriptions/resourceGroups/read",
        "Microsoft.Network/virtualNetworks/read",
        "Microsoft.Network/virtualNetworks/subnets/read",
        "Microsoft.Network/virtualNetworks/subnets/join/*",
        "Microsoft.Network/networkSecurityGroups/read",
        "Microsoft.Network/networkSecurityGroups/join/*",
        "Microsoft.Resources/subscriptions/locations/read"
    ],
    "AssignableScopes": [
        "/subscriptions/{subscriptionId}"
    ],
    "DataActions": [],
    "Description": "Role for service principal used for GoCD Azure elastic agent plugin",
    "IsCustom": true,
    "Name": "gocd-azure-plugin-scope",
    "NotActions": [],
    "NotDataActions": []
}
  
  1. Getting Started with Microsoft Azure
  2. Azure virtual machines
  3. Azure service principal
  4. Custom roles