如何从DevOps管道安全登录Az CLI

时间:2020-10-23 14:41:46

标签: azure azure-devops azure-cli

我想从我的Azure DevOps管道执行AZ cli命令。在我的YAML文件中,我有这个:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

variables:
  buildConfiguration: 'Release'

steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.x'
    architecture: 'x64'

# Updating pip to latest
- script: python -m pip install --upgrade pip
  displayName: 'Upgrade pip'

# Updating to latest Azure CLI version.
- script: pip install --pre azure-cli --extra-index-url https://azurecliprod.blob.core.windows.net/edge
  displayName: 'upgrade azure cli'

- script: az --version
  displayName: 'Show Azure CLI version'

- script: az extension add -n azure-devops
  displayName: 'Install Azure DevOps Extension'

- script: echo ${AZURE_DEVOPS_CLI_PAT} | az devops login
  env:
    AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
  displayName: 'Login Azure DevOps Extension'

- script: az aks show --name census-k8s  --resource-group Census
  displayName: 'Show AKS'

回显$ {AZURE_DEVOPS_CLI_PAT} | az devops登录步骤完成(显然成功),并显示警告消息

Failed to store PAT using keyring; falling back to file storage.
You can clear the stored credential by running az devops logout.
Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.

az aks show 步骤失败:

Please run 'az login' to setup account.

我有点迷路了。 az devops login 命令应启用为使用az cli,对吗?如果不是,我应该使用 az登录代替 az devops登录吗?如果应该使用 az登录,如何在Azure DevOps管道中的执行代理中以安全的方式传递我的凭据?

3 个答案:

答案 0 :(得分:1)

否,您不需要az devops login。您需要的是Azure CLI Task

- task: AzureCLI@2
  displayName: Azure CLI
  inputs:
    azureSubscription: <Name of the Azure Resource Manager service connection>
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
      az --version
      az account show

,但是您不必进行任何登录。请致电您的az aks show --name census-k8s --resource-group Census

答案 1 :(得分:0)

只是添加到 Krzysztof 的回答(以及评论中的 jeromerg 问题):在 Azure CLI 步骤中,您还可以使用其他工具,然后是 az,这需要使用 AzureCLI 登录:

- task: AzureCLI@2
  displayName: Publish Function
  inputs:
    azureSubscription: <Name of the Azure Resource Manager service connection>
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
      func azure publish <function-name>

答案 2 :(得分:0)

如果您的 scriptLocation 是 scriptPath,请使用以下示例

  - task: AzureCLI@2
    displayName: 'update function appsettings'
    inputs:
    azureSubscription: 'MY-AzureSubscriptionName'
    scriptType: ps
    scriptLocation: 'scriptPath'
    scriptPath: '$(System.DefaultWorkingDirectory)/Scripts/updateSettings.ps1'
    arguments:
        -ResourceGroupName 'MY-ResourceGroupName' `
        -FunctionAppName 'MY-FunctionAppName'

updateSettings.ps1

param (
    [string]$ResourceGroupName,
    [string]$FunctionAppName)
)
.
. script body here
.
相关问题
最新问题