Επεξεργασία

Κοινή χρήση μέσω


Create and configure a project by using the Azure CLI

This quickstart guide shows you how to create a project in Azure Deployment Environments. Then, you associate the project with the dev center you created in Create and configure a dev center by using the Azure CLI.

A platform engineering team typically creates projects and provides project access to development teams. Development teams then create environments by using environment definitions, connect to individual resources, and deploy applications.

Prerequisites

  • An Azure account with an active subscription. Create an account for free.
  • Azure role-based access control role with permissions to create and manage resources in the subscription, such as Contributor or Owner.

Create a project

To create a project in your dev center:

  1. Sign in to the Azure CLI:

    az login
    
  2. Install the Azure CLI devcenter extension.

    az extension add --name devcenter --upgrade
    
  3. Configure the default subscription as the subscription where your dev center resides:

    az account set --subscription <subscriptionName>
    
  4. Configure the default resource group as the resource group where your dev center resides:

    az configure --defaults group=<resourceGroupName>
    
  5. Configure the default location as the location where your dev center resides. Location of project must match the location of dev center:

    az configure --defaults location=eastus
    
  6. Retrieve dev center resource ID:

    DEVCID=$(az devcenter admin devcenter show -n <devcenterName> --query id -o tsv)
    echo $DEVCID
    
  7. Create project in dev center:

    az devcenter admin project create -n <projectName> \
    --description "My first project." \
    --dev-center-id $DEVCID
    
  8. Confirm that the project was successfully created:

    az devcenter admin project show -n <projectName>
    

Assign the Owner role to a managed identity

Before you can create environment types, you must give the managed identity that represents your dev center access to the subscriptions where you configure the project environment types.

In this quickstart, you assign the Owner role to the system-assigned managed identity that you configured previously: Attach a system-assigned managed identity.

  1. Retrieve Subscription ID:

    SUBID=$(az account show --name <subscriptionName> --query id -o tsv)
    echo $SUBID
    
  2. Retrieve the Object ID of the dev center's identity using the name of the dev center resource:

    OID=$(az ad sp list --display-name <devcenterName> --query [].id -o tsv)
    echo $OID
    
  3. Assign the role of Owner to the dev center on the subscription:

    az role assignment create --assignee $OID \
    --role "Owner" \
    --scope "/subscriptions/$SUBID"
    

Configure a project

To configure a project, add a project environment type:

  1. Retrieve the Role ID for the Owner of the subscription:

    # Remove group default scope for next command. Leave blank for group.
    az configure --defaults group=
    
    ROID=$(az role definition list -n "Owner" --scope /subscriptions/$SUBID --query [].name -o tsv)
    echo $ROID
    
    # Set default resource group again
    az configure --defaults group=<resourceGroupName>
    
  2. Show allowed environment type for the project:

    az devcenter admin project-allowed-environment-type list --project <projectName> --query [].name
    
  3. Choose an environment type and create it for the project:

    az devcenter admin project-environment-type create -n <availableEnvironmentType> \
    --project <projectName> \
    --identity-type "SystemAssigned" \
    --roles "{\"${ROID}\":{}}" \
    --deployment-target-id "/subscriptions/${SUBID}" \
    --status Enabled
    

Note

At least one identity (system-assigned or user-assigned) must be enabled for deployment identity. The identity is used to perform the environment deployment on behalf of the developer. Additionally, the identity attached to the dev center should be assigned the Owner role for access to the deployment subscription for each environment type.

Assign environment access

In this quickstart, you give access to your own ID. Optionally, you can replace the value of --assignee for the following commands with another member's object ID.

  1. Retrieve your own Object ID:

    MYOID=$(az ad signed-in-user show --query id -o tsv)
    echo $MYOID
    
  2. Assign admin access:

    az role assignment create --assignee $MYOID \
    --role "DevCenter Project Admin" \
    --scope "/subscriptions/$SUBID"
    
  3. Optionally, you can assign the Dev Environment User role:

    az role assignment create --assignee $MYOID \
    --role "Deployment Environments User" \
    --scope "/subscriptions/$SUBID"
    

Note

Only users who have the Deployment Environments User role, the DevCenter Project Admin role, or a built-in role that has appropriate permissions can create an environment. Users who have the Deployment Environments Reader role can view their own environments, and environments created by others.

Next steps

In this quickstart, you created a project and granted project access to your development team. To learn how your development team members can create environments, advance to the next quickstart.