小贝子编程

本地exec中的Powershell(Azure DevOps Pipelines)



我正在使用Azure DevOps管道来部署基础设施。Terraform模块之一使用本地exec,它是一个Powershell脚本,可以启用VM SQL备份。当我以用户身份连接到Azure时,我的电脑在本地一切都很好。该问题仅出现在我通过服务主体连接到Azure的管道中。我使用内置的Powershell来运行Connect-AzAccount,希望在所有任务中都能保持连接。不幸的是,当谈到Terraform Apply时,在我的模块部署过程中,出现了一个错误:

请提供有效的租户或有效的订阅

找不到资源组"abcd">

有人知道如何在所有任务中保持与Azure的连接吗?我甚至尝试在模块中运行Set-AzContext -SubscriptionId "xxxx-xxxx-xxxx-xxxx",但它找不到我的订阅。

这就是Powershell任务的样子:

$AzureAADClientKey = "***"
$AzureTenantID = " xxxx-xxxx-xxxx-xxxx "
$AzureSubscriptionName = " xxxx-xxxx-xxxx-xxxx "
$AzureEnv = "AzureCloud"
#Start Connection
$securePassword = ConvertTo-SecureString $AzureAADClientKey -AsPlainText -Force
$credential = New-Object -TypeName System.Management.Automation.PSCredential -argumentlist $AzureAADClientID,$securePassword
$n = Disable-AzContextAutosave -Scope Process
Clear-AzContext -Scope Process
Connect-AzAccount -Credential $credential -TenantId $AzureTenantID -Environment $AzureEnv -ServicePrincipal -SubscriptionId $AzureSubscriptionName

感谢您的帮助!

尝试以下示例任务,它对我有效。

# Prepare the Postgres admin password
- task: AzurePowerShell@4
inputs:
azureSubscription: '$(subscription)'
ScriptType: 'FilePath'
ScriptPath: 'Scripts/PreparePostgresAdminPassword.ps1'
ScriptArguments: '-ResourceGroupName $(rgName) -KeyVaultName $(kvName) -SecretName $(secretName)'
errorActionPreference: 'silentlyContinue'
azurePowerShellVersion: 'LatestVersion'
timeoutInMinutes: 2

最终我设法用另一种方式完成了这项工作。我使用Bash任务来运行"Terraform Apply",它包含三个命令-Set AzContext、az account Set和Terraform Apply。谢谢你们的帮助,伙计们!

- bash: |          
echo "##vso[task.setvariable variable=AZURE_CLIENT_ID;issecret=true]$(client_id)"
echo "##vso[task.setvariable variable=AZURE_CLIENT_SECRET;issecret=true]$(client_secret)"
echo "##vso[task.setvariable variable=AZURE_SUBSCRIPTION_ID]$(subscription_id)"
echo "##vso[task.setvariable variable=AZURE_TENANT_ID;issecret=true]$(tenant_id)" 
workingDirectory: '$(Build.ArtifactStagingDirectory)/${{parameters.tfExecutionDir}}'
displayName: 'Set environment variables for Service Principal authentication'

- bash: |
pwsh -c "Set-AzContext -SubscriptionId "$(AZURE_SUBSCRIPTION_ID)" -Tenant "$(AZURE_TENANT_ID)""
az account set --subscription "$(AZURE_SUBSCRIPTION_ID)"
terraform apply $(Build.BuildNumber).tfplan
workingDirectory: '$(Build.ArtifactStagingDirectory)/${{parameters.tfExecutionDir}}'
displayName: 'Terraform Apply'
env:
ARM_CLIENT_ID: $(AZURE_CLIENT_ID)
ARM_CLIENT_SECRET: $(AZURE_CLIENT_SECRET)
ARM_SUBSCRIPTION_ID: $(AZURE_SUBSCRIPTION_ID)
ARM_TENANT_ID: $(AZURE_TENANT_ID)

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium