问题描述
我有一个Azure CLI脚本,该脚本在Cloud Shell中运行得很好,但是当我尝试将其包含在devops发布管道中时遇到麻烦.为了进行调试,我将脚本简化为仅以 Service Principal 登录,然后获取版本...
az登录--service-principal -u http://[服务主体名称] -p [服务主体密码] --tenant [服务主体租户GUID]az-版本
...但是仍然会发生相同的错误.
这是我的 Azure CLI 任务的属性:
脚本类型: Shell
脚本位置:内嵌脚本
内联脚本:[ as ]
脚本参数:
访问脚本中的服务主体详细信息: false
使用全局Azure CLI配置: false
工作目录:
出现标准错误失败: false
启用: true
继续出现错误: false
*
环境变量:
错误是:
I was able to authenticate as this Service Principal using the Azure Cloud Shell so I'm puzzled as to why I apparently can't do the same from within the release pipeline.
* I have tried with Continue on error: true and although the task completes the same error appears in the output.
To use the service principal in Azure CLI, no need to login manually.
For the correct way, please follow the steps below.
1.From the error message, the client secret
(i.e. client key
) of your service principal is expired. So you need to check it first, navigate to the azure portal -> Azure Active Directory
-> App registrations
-> All applications
-> find the AD App related to your service principal -> Certificates & secrets
-> check if the secret is expired. If it is expired, just click New client secret
to create a new one and save the value.
2.In devops, navigate to the Project Settings
-> Service connections
-> New service connection
-> Azure Resource Manager
-> Service principal (manual)
.
Then fix the options with your service principal, you can get the values from your AD App in App registration page. The Service Principal Id
is the Application (client) ID
, the Service principal key
is the client secret
.
The Subscription Id
and Subscription Name
is which you want to use Azure CLI to access, you could find them in azure portal.
After input the values -> Verify
-> Verify and save
.
3.In your Azure CLI
task -> Azure Resource Manager connection
-> select the service connection in step 2. In my sample, I test to get a web app in my subscription with az webapp show --name xxxx --resource-group xxxx
(Note: no need to use az login
manually, it will login with the service principal which was configured in the service connection automatically).
Then run it and check the result, it works fine.
这篇关于使用服务主体从发布管道运行Azure CLI脚本-invalid_client的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!