我正在尝试为Azure API Management的测试和生产实例运行一些自动化,并正在探索Git配置。基于answer and its comments from this post,我能够使这个PowerShell脚本部分工作:
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName `
-ResourceType 'Microsoft.ApiManagement/service/users' `
-Action 'token' `
-ResourceName "$serviceName/$($user.UserId)" `
-ApiVersion "2016-10-10" `
-Parameters $parameters
## URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl
这失败了:
Cloning into '<servicename>.scm.azure-api.net'...
fatal: unable to access 'https://apim:<pwUrlencoded>@<servicename>.
scm.azure-api.net/': The requested URL returned error: 403
如果我直接从APIM Publisher Portal粘贴密码而不是$ pw.value,则该脚本可以正常工作:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode('<Pasted password from portal>')
所以urlencode和regexing部分不是我的主要嫌疑人。
我在这里做错了什么?
答案 0 :(得分:0)
我在Microsoft Azure Support site也发布了大致相同的问题,在那里我收到了“Sheetal J S”的回复,为我解决了这个问题。
主要问题是这一行:
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
而是获取git访问的用户ID,如下所示:
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
然后在调用Invoke-AzureRmResourceAction时在资源名称中引用该ID,使其按照我的意愿工作。完整的工作脚本就像这样(以防其他人从中受益):
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType 'Microsoft.ApiManagement/service/users' -Action 'token' -ResourceName "$serviceName/$userId" -ApiVersion "2016-10-10" -Parameters $parameters
# URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl