How to create Azure devops service connection via code?

Question

I have an azure devops build pipeline and in one of the stages I want to create a service connection. I want "kubernetes" and "dockerregistry" type service connections. How to achieve that?

1. Azure CLI: I see azure CLI commands to create service connection of type "azurerm" and github only. But didn't find any command for "Kubernetes" and "dockerregistry" type. https://learn.microsoft.com/en-us/cli/azure/devops/service-endpoint?view=azure-cli-latest

2. Rest API: Found this rest api way to create service connection, I tried to give type "kubernetes" but not able to figure out the authentication here. Giving me error "invalid client id".

3. Powershell: Did not find anything for this.

Answer 1

Hi there!

As I could see you had not found any way to do it in Powershell, I created some examples for the scenario for you.

• First, we prepare by setting the expected URI for the Azure DevOps organization, as well as building the headers-object

$Organization = "<AzDevOps-Org-Name>"
$PAT = "<PAT>" # <- Should have permissions for Service Connections

$EncodedPAT = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(":$($PAT)"))

$Headers = @{
  Authorization = "Basic " + $EncodedPAT
  "Content-Type" = "application/json"
}

$CreateEndpointsUri = "https://dev.azure.com/$($Organization)/_apis/serviceendpoint/endpoints?api-version=7.1-preview.4"

Others type

• Example body for when creating a service-connection Docker-registry type of Others

# Docker Registry Connection - Others type
$Body = @{
  name = "DockerOthersTest1"
  type = "dockerregistry"
  url = "https://hub.docker.com/"
  authorization = @{
    parameters = @{
      registry = "https://nameofmyregistry.com"
      username = "myusername"
      email = "[email protected]"
    }
    scheme = "UsernamePassword"
  }
  serviceEndpointProjectReferences = @(
    @{
      projectReference = @{
        id = "<GUID-of-your-project>"
        name = "<Name-of-your-project>"
      }
      name = "DockerOthersTest1" # This will be the name seen in the Service Connections for the project 
    }
  )
} | ConvertTo-Json -Depth 10

# Send the request
Invoke-RestMethod -Uri $CreateEndpointsUri -Headers $Headers -Method Post -Body $Body

Azure Container Registry type

• Example body for when creating a service-connection Docker-registry type of Azure Container Registry

$Body = @{
  name = "DockerAcrTest1"
  type = "dockerregistry"
  url = "https://hub.docker.com/"
  authorization = @{
    parameters = @{
      loginServer = "<myACRname>.azurecr.io"
      role = "8311e382-0749-4cb8-b61a-304f252e45ec" # This is AcrPush role
      scope = "<Resource-ID-of-ACR>"
      servicePrincipalId = "<Application-ID-of-SPN>"
      tenantId = "<Tenant-GUID>"
    }
    scheme = "ServicePrincipal"
  }
  data = @{
    appObjectId = "<SPN-App-object-ID>"
    registryId = "<Resource-ID-of-my-ACR>"
    registrytype = "ACR"
    spnObjectId = "<Enterprise-SPN-App-object-ID>"
    subscriptionId = "<GUID-for-subscription>"
    subscriptionName = "<Name-of-my-subscription>"
  }
  serviceEndpointProjectReferences = @(
    @{
      projectReference = @{
        id = "<GUID-of-your-project>"
        name = "<Name-of-your-project>"
      }
      name = "DockerAcrTest1" # This will be the name seen in the Service Connections for the project 
    }
  )
} | ConvertTo-Json -Depth 10

# Send the request
Invoke-RestMethod -Uri $CreateEndpointsUri -Headers $Headers -Method Post -Body $Body

Example results

Others type

ACR type

I hope this helps! Good luck!