问题描述
我的天蓝色管道创建了天蓝色的sql数据库后,我想执行一些sql.
After my azure pipeline has create an azure sql db I'd like execute some sql.
有问题的sql必须由AAD身份验证的用户执行.
The sql in question must be executed by an AAD authenticated user.
管道的服务连接是数据库的AAD身份验证用户.
The service connection for the pipeline is an AAD authenticated user of the database.
如果我愿意让脚本使用服务主体的秘密,那么我可以构造一个OAuth调用以检索承载令牌,并使用该令牌连接到数据库.
If Im willing for the script to consume the service principals secret, then I can construct an OAuth call to retrieve a bearer token and use that to connect to the database.
但是,由于Powershell脚本是在服务主体的上下文中运行的,所以我有一种直觉,那就是有一种更好的方法可以使用服务主体连接数据库,而无需依赖秘密.
However since the powershell script is running in the context of the service principal I have a gut feeling there is a better way to connect to the db using the service principal without relying on the secret.
有什么想法我该怎么做?
Any ideas how I can do this?
推荐答案
解决方案是:
我添加了一个Azure CLI任务,该任务检索了承载令牌.然后,我将其传递给使用令牌的Azure Powershell任务.
I added an Azure CLI task which retrieved the bearer token. I then passed this to Azure Powershell task which used the token.
$token= & az account get-access-token --resource=https://database.windows.net --query accessToken
Write-Host("##vso[task.setvariable variable=sqlToken]$token")
这篇关于Azure Pipeline使用服务主体连接到SQL DB的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!