Reputation: 951
How to run a VSTS build or release Task under another user and not the Build service account?
I'm setting up a build and release pipeline and part of the requirement is for some Powershell and Batch commands to be run on the target server(s).
In most cases, all build and release definitions are run by our dedicated Build service account which usually is sufficient, however in this particular case, the Batch command should be run on the target server(s) by another service account or user with the required privileges on the server(s).
Unfortunately, our dedicated Build service account does not have the required privileges for the target server(s), as they are restricted environments and there are no plans for those restrictions to be removed.
Likewise, only a limited number of service accounts have the privileges to perform the desired tasks on the target server(s), but neither of these has the privileges to run build tasks and there are no plans to change this.
My challenge therefore is to run the build/release definitions under the build service account as usual, however for the specific Batch command operations, those tasks should be run by the target server(s) designated service accounts. How can I achieve this?
Upvotes: 1
Views: 2556
Answers (1)
Reputation: 30432
We can not change the build service account during the build or release process.
However you can try below ways to run the Batch commands with other account on target server(s):
- If you can convert the Batch commands to a PowerShell script, then you can use the task Deploy: PowerShell on Target Machines directly to run the PowerShell script on the target machines with the specific credential.
- You can also try creating a PowerShell script (See below sample) to call the
cmd.exeto run the batch script with the specific credential. Then Add a Utility: PowerShell task to run the script.
Param(
[string]$computerName = "v-tinmo-12r2",
)
$Username = "username"
$Password = ConvertTo-SecureString "pasword" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($Username,$password)
Invoke-Command -ComputerName $computerName -Credential $cred -ErrorAction Stop -ScriptBlock {Invoke-Expression -Command:"cmd.exe /c 'C:\Scripts\Test.bat'"}
Please note that for both of them you have to copy the batch script or PowerShell script which you want to be ran to the target server(s) first.
Upvotes: 2
Related Questions
- Run Azure devops pipeline as a azure AD user user
- which user do Azure devops pipelines run as?
- Run a Azure DevOps job with different user
- Azure Pipelines: How to give the build service account contribue access to a repo
- VSTS: Why are pipelines appear to be triggered by the same user?
- Is it possible to run all or part of a Hosted Linux VSTS Pipeline as a non-root user?
- VSTS Build Agent with sudo
- Vsts deny access to tasks board
- Running as a windows user in Visual Studio Team Services
- "Service user" for Visual studio Team Services