azure - 在 Azure DevOps Powershell 管道任务中获取自己的服务主体名称
问题描述
在带有 system.debug=true 的 Azure DevOps Release Pipeline 中运行 Azure Powershell 任务时,您将获得类似于以下内容的输出:
# anonymized
...
2019-09-05T12:19:41.8983585Z ##[debug]INPUT_CONNECTEDSERVICENAMEARM: '7dd40b2a-1c37-4c0a-803e-9b0044a8b54e'
2019-09-05T12:19:41.9156487Z ##[debug]ENDPOINT_URL_7dd40b2a-1c37-4c0a-803e-9b0044a8b54e: 'https://management.azure.com/'
2019-09-05T12:19:41.9188051Z ##[debug]ENDPOINT_AUTH_7dd40b2a-1c37-4c0a-803e-9b0044a8b54e: '********'
2019-09-05T12:19:41.9221892Z ##[debug]ENDPOINT_DATA_7dd40b2a-1c37-4c0a-803e-9b0044a8b54e: '{"subscriptionId":"b855f753-d5b3-48f4-b7cd-5beb58fb5508","subscriptionName":"Entenhausen","environment":"AzureCloud","creationMode":"Automatic","azureSpnRoleAssignmentId":"5ddcc3fe-f93c-4771-8041-50b49f76b828","azureSpnPermissions":"[{\"roleAssignmentId\":\"5ddcc3fe-f93c-4771-8041-50b49f76b828\",\"resourceProvider\":\"Microsoft.RoleAssignment\",\"provisioned\":true}]","spnObjectId":"76055cb6-3b75-4191-9309-306b32dad443","appObjectId":"e4b90b9d-7a73-42a3-ae6e-4daec910def4","environmentUrl":"https://management.azure.com/","galleryUrl":"https://gallery.azure.com/","serviceManagementUrl":"https://management.core.windows.net/","resourceManagerUrl":"https://management.azure.com/","activeDirectoryAuthority":"https://login.microsoftonline.com/","environmentAuthorityUrl":"https://login.windows.net/","graphUrl":"https://graph.windows.net/","managementPortalUrl":"https://manage.windowsazure.com/","armManagementPortalUrl":"https://portal.azure.com/","activeDirectoryServiceEndpointResourceId":"https://management.core.windows.net/","sqlDatabaseDnsSuffix":".database.windows.net","AzureKeyVaultDnsSuffix":"vault.azure.net","AzureKeyVaultServiceEndpointResourceId":"https://vault.azure.net","StorageEndpointSuffix":"core.windows.net","EnableAdfsAuthentication":"false"}'
2019-09-05T12:19:41.9284444Z ##[debug]AuthScheme ServicePrincipal
...
我需要将 Azure DevOps 连接的 SPN 添加到资源。更改订阅或管道时,SPN 也会更改,我不想硬编码该值。由于该值打印在 system.debug=true 输出中,我想知道如何在管道任务中访问我自己的 SPN。spnObjectId":"76055cb6-3b75-4191-9309-306b32dad443"是否可以使用 Powershell 以某种方式读出?
解决方案
可以使用 Get-AzureRmContext 访问有关服务主体的信息,但信息有限,并且某些信息在日志中被混淆,因此您需要再次调用 Get-AzureRmServicePrincipal 以访问 ObjectId
$Context = Get-AzureRmContext
$AzureDevOpsServicePrincipal = Get-AzureRmADServicePrincipal -ApplicationId $Context.Account.Id
$ObjectId = $AzureDevOpsServicePrincipal.Id
暴露的 Id$Context.Account.Id是服务主体 ApplicationId
推荐阅读
- speech-recognition - 匹配 JSGF 语法中的所有子字符串
- python - Keras:编码器的部分反向传播
- rust - How do I get Cargo to save the name/version of a package to the "[dependencies]" section of my "Cargo.toml" file?
- javascript - 缩放到选定的功能
- apache-spark-sql - 无法使用 pyspark 将数据帧写入 Hive 分区镶木地板表
- php - 模态仅在数据库中显示最后
- types - Can a trait have a supertrait that is parameterized by a generic?
- python - 将逻辑曲线拟合到数据
- excel-formula - 有没有办法创建一个公式,我可以更改变量但保持所有其他不变?包括总金额
- php - 通过电子邮件显示输出但不更新数据库中的记录的用户批准