如何使AzureCLI @ 2忽略“ az keyvault证书删除”的结果?
在每晚构建的Azure管道中,我正在执行以下步骤:
- 通过ARM模板部署密钥仓库,
- 然后尝试删除其中的自签名证书,
- 然后再次导入证书-
- 最后使用指纹的证书通过另一个ARM模板部署服务结构。
以下是管道的摘录:
# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
continueOnError: true
failOnStandardError: false
powerShellErrorActionPreference: 'silentlyContinue'
inlineScript: |
az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
# import the self-signed certificate my-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
ScriptType: 'InlineScript'
azurePowerShellVersion: '3.1.0'
Inline: |
$Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
$Base64 = 'MIIKqQI__3000_CHARS_HERE____HP1ICAgfQ=='
$Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"
起初,上面的代码适用于该代码,但是后来我在ARM模板中为密钥保险库禁用了 soft delete 功能:
"properties": {
"enableSoftDelete": false,
"enabledForDeployment": true,
"enabledForDiskEncryption": false,
"enabledForTemplateDeployment": true,
也许我的问题的触发因素只是手动删除了密钥库...
无论如何,现在我得到重复的管道错误:
我想知道,尽管我设置了failOnStandardError: false和powerShellErrorActionPreference: 'silentlyContinue',为什么仍然不能忽略“ az”故障?
我还尝试用“ try / catch”将两个“ az”命令包围起来,但错误仍然存在:
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]scriptType=pscore
##[debug]scriptLocation=inlineScript
##[debug]scriptArguments=null
##[debug]powerShellErrorActionPreference=silentlyContinue
##[debug]Agent.Version=2.169.0
##[debug]Agent.TempDirectory=d:\a\_temp
##[debug]scriptPath=d:\a\1\s
##[debug]inlineScript=az keyvault certificate delete --vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/certificates/my-self-signed-cert'
--vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/deletedcertificates/my-self-signed-cert'
##[debug]powerShellIgnoreLASTEXITCODE=false
...lines skipped...
A certificate with (name/id) my-self-signed-cert was not found in this key vault. If you recently deleted this certificate you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182
Operation "purge" is not enabled for this vault.
##[debug]$LASTEXITCODE: 1
##[debug]Exit code 1 received from tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]STDIO streams have closed for tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]task result: Failed
##[error]Script failed with exit code: 1
##[debug]Processed: ##vso[task.issue type=error;]Script failed with exit code: 1
##[debug]Processed: ##vso[task.complete result=Failed;]Script failed with exit code: 1
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg: account clear
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg: account clear
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]arguments:
##[debug]arguments:
##[debug] account
##[debug] account
##[debug] clear
##[debug] clear
[command]C:\windows\system32\cmd.exe /D /S /C ""C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd" account clear"
##[section]Finishing: AzureCLI
2 个答案:
答案 0 :(得分:1)
检查您的Yaml格式。 continueOnError不是任务的输入,而是任务本身的一个属性。所以您的任务应该是:
- task: AzureCLI@2
inputs:
azureSubscription: 'xxx'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
failOnStandardError: false
inlineScript: |
az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
powerShellErrorActionPreference: 'silentlyContinue'
continueOnError: true
如果该属性有效,尽管在Azure CLI task中引发了错误,您的后续任务仍将继续执行:
答案 1 :(得分:1)
作为解决方法,添加exit 0对我有所帮助-
# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
inputs:
azureSubscription: '${{ parameters.ArmConnection }}'
scriptType: 'pscore'
scriptLocation: 'inlineScript'
continueOnError: true
failOnStandardError: false
powerShellErrorActionPreference: 'silentlyContinue'
inlineScript: |
az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
exit 0
然后我有a better answer at Github可以使用ignoreLASTEXITCODE: true或要执行AzureCLI任务(我的情况)是使用powerShellIgnoreLASTEXITCODE: true
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?