Integrate Jenkins with Azure Active Directory and Service Principal - Day Three

Introduction

This article series will explain using Jenkins for CI and CD of an ASP.NET Core web application on the local development environment, publishing the web application to Azure Web App Service, and configuring Jenkins on Azure for continuous integration and continuous deployment of the hosted application. GitHub will DevOps as a source control repository. We’ll create a pipeline using Jenkins that fetches the code from GitHub, builds the code, runs the tests, and deploys the package. This will be a repetitive task on each commit to the code located on GitHub.

In the first article of the series, we learned about the concepts, terminology, and technologies involved, installing Jenkins, creating ASP.NET Core application, and continuous integration of Asp.Net Core application using Jenkins via two approaches i.e. pipeline approach and freestyle project approach. In the second article, we published the ASP.Net core application to Azure App Service and Configured Jenkins on Azure.

In this article, we’ll focus on Azure Active Directory and Service Principal and integrate Jenkins with Azure Service Principal before we move on to CI/CD of ASP.NET Core application on Azure using Jenkins Azure Pipeline.

Roadmap

Following is the roadmap we would be following to completely learn end-to-end development and configurations of Continuous Integration and Deployment (CI/CD) of Asp.Net Core Application on Azure Web App using Jenkins.

• Day 1: Continuous Integration of ASP.NET Core application using Jenkins.
• Day 2: Publish the ASP.Net core application to Azure App Service and Configure Jenkins on Azure.
• Day 3: Integrate Jenkins with Azure Active Directory and Service Principal.
• Day 4: CI/CD of ASP.NET Core application on Azure using Jenkins Azure Pipeline.

Prerequisites

Go through the first two articles of the series before starting this article.

The following are the prerequisites for the developers to have on their machines before getting started.

1. Visual Studio 2017/2019.
2. Dotnet 2.1 SDK installed.
3. Azure Subscription Free/Paid.
4. Java 1.5 or higher.
5. Git account
6. Git for Windows

Azure active directory and service principal

The next step is to create an identity for our application as it needs access to our Azure web app. This identity will serve as a service principal that could be assigned certain permissions to operate on the app.

Create an Azure active directory and service principal

1. In the Azure portal, click on “Azure Active Directory” and then on “App Registration” as shown below.
   
2. Click on “New Registration” to create a new app registration.
   
3. Provide a meaningful name. E.g. I provided “jenkins_sp” and selected the first option for the supported account types i.e. “Account in this organizational directory only”.
   
4. Click on “Register” to create this new Azure AD and service principal.
5. Navigate to the newly created application i.e. “Jenkins_sp”.
   

Integrate the application to a role

To get access to the Azure resources, the application needs to be assigned to a role. For, If in the Azure subscription, we assign the role to a resource group, then all the resources in that resource group will inherit that role and its permissions.

1. Navigate to the Subscriptions in the Azure portal. Select the subscription. E.g. I have only one subscription, and if I select that all the resources in that subscription will inherit the role and permissions assigned.
2. Once selected, the subscription page will open to the right.
   
3. Select Access Control (IAM).
   
4. Select “Add role assignment”.
   
5. In the “Add role assignment” form, select Role as “Contributor”, and Assign access to as “Azure AD user, group, or service principal”. In the Select options, search by typing Jenkins and we see our jeninks_sp e. our service principal. Choose that and save.
   
6. Click on the newly created app registration and the overview page, and copy the following values to a notepad as they would be used while assigning a service principal to Jenkins.
   • Application (client) ID
   • Directory (tenant) ID
7. Click on “Certificates & secrets” and add “New client secret”. Provide it a name and copy the value of the client secret created.
   

Now, we need to provide this service principal to the Jenkins running on the URL to have access to Azure resources on the selected subscription.

Integrate Jenkins with Azure service principal

Time to integrate Jenkins to the service principal created on the Azure portal.

1. On the running Jenkins URL. Navigate to Credentials -> System -> Global credentials and click on “Add Credentials”.
   
2. Select Kind as “Microsoft Azure Service Principal” and fill in the following fields.
   • Scope: Global.
   • Subscription ID: Your Azure subscription ID.
   • Client ID: The copied Application (client) ID from the service principal app.
   • Client secret: The copied value of the secret certificate.
   • Tenant ID: The copied Directory (tenant) ID from the service principal app.
   • Azure environment: Azure
     

   Click on the “verify service principal” button to verify the details and connection. Once it says, “Successfully verified…”, click OK.

Conclusion

In this article, we focused on Azure Active Directory and Service Principal and integrating Jenkins with Azure Service Principal. In the next and last article of the series, we’ll see how to enable CI/CD of ASP.NET Core applications on Azure using Jenkins Azure Pipeline.