时间戳

首页 > 解决方案 > 如何在 azure devops 中使用证书实现 Web 连接

azure-devops - 如何在 azure devops 中使用证书实现 Web 连接

问题描述

简而言之,我需要通过 Azure Devops 交付 ADF HTTP 链接服务证书。找不到任何关于它的文章。你能帮助我吗?

我有一个带有使用客户端证书的 HTTP 链接服务的 Azure 数据工厂。我发现本指南工作正常:

{
    "name": "ccee",
    "type": "Microsoft.DataFactory/factories/linkedservices",
    "properties": {
        "description": "Conexão ao CCEE.\n\nBase url estava https://servicos.ccee.org.br:442/",
        "annotations": [],
        "type": "HttpServer",
        "typeProperties": {
            "url": "https://servicos.ccee.org.br",
            "enableServerCertificateValidation": true,
            "authenticationType": "ClientCertificate",
            "password": {
                "type": "AzureKeyVaultSecret",
                "store": {
                    "referenceName": "KeyVault",
                    "type": "LinkedServiceReference"
                },
                "secretName": "my-site-certificate-password"
            },
            "embeddedCertData": {
                "type": "SecureString",
                "value": "**********"
            }
        }
    }
}

现在我正在尝试使用 Devops 管道部署它,但我无法在 ARM 参数中转换 base64 证书“embeddedCertData”。没有提及证书代码。

{
            "name": "[concat(parameters('factoryName'), '/ccee')]",
            "type": "Microsoft.DataFactory/factories/linkedServices",
            "apiVersion": "2018-06-01",
            "properties": {
                "description": "Conexão ao CCEE.\n\nBase url estava https://servicos.ccee.org.br:442/",
                "annotations": [],
                "type": "HttpServer",
                "typeProperties": {
                    "url": "[parameters('ccee_properties_typeProperties_url')]",
                    "enableServerCertificateValidation": true,
                    "authenticationType": "ClientCertificate"
                }
            },
            "dependsOn": [
                "[concat(variables('factoryId'), '/linkedServices/KeyVault')]"
            ]
        },

我什至尝试编辑 ADF“ARM 参数配置”,添加 embeddedCertData 无效。

    "Microsoft.DataFactory/factories/linkedServices": {
        "*": {
            "properties": {
                "typeProperties": {
                    ...
                    "environmentUrl": "=",
                    "aadResourceId": "=",
                    "sasUri": "|:-sasUri:secureString",
                    "sasToken": "|",
                    "connectionString": "|:-connectionString:secureString",
                    "hostKeyFingerprint": "=",
                    "existingClusterId": "=",
                    "domain": "=",
                    "workspaceResourceId": "=",
                    "embeddedCertData": "|:-embeddedCertData:secureString"
                }

标签: azure-devopsazure-data-factoryazure-data-factory-2

解决方案

正如评论中已经提到的,我遇到了同样的问题。但是,在我的情况下,有时它会起作用,并且 HTTP Linked Service 的参数已正确添加到ARMTemplateParameterForFactory.jsonbranch上的文件中adf_publish。但是再次发布后,即使我没有更改相应的链接服务,参数也会被删除。经过一些调查,但没有找到解决方案,我决定通过将以下任务添加到 Azure DevOps 中的 YAML 管道来解决该问题。

- task: PowerShell@2
  displayName: Add HTTPLINKEDSERVICENAME parameters if not yet present (workaround as parameters sometimes get removed during ARM template creation)
  inputs:
    targetType: inline
    script: |
      $armTemplateForFactory = Get-Content $(sourceDataFactoryName)\ARMTemplateForFactory.json | ConvertFrom-Json
      $armTemplateParametersForFactory = Get-Content $(sourceDataFactoryName)\ARMTemplateParametersForFactory.json | ConvertFrom-Json
      $httpLinkedServiceResource = $armTemplateForFactory.resources |? { $_.name -eq "[concat(parameters('factoryName'), '/HTTPLINKEDSERVICENAME')]" }
      if (!$armTemplateForFactory.parameters.HTTPLINKEDSERVICENAME_password) { 
        $armTemplateForFactory.parameters | Add-Member -Name "HTTPLINKEDSERVICENAME_password" -value @{ type = "secureString"; metadata = "Secure string for 'password' of 'HTTPLINKEDSERVICENAME'" } -MemberType NoteProperty
        $httpLinkedServiceResource.properties.typeProperties | Add-Member -Name "password" -value @{ type = "SecureString"; value = "[parameters('HTTPLINKEDSERVICENAME_password')]" } -MemberType NoteProperty
        $armTemplateParametersForFactory.parameters | Add-Member -Name "HTTPLINKEDSERVICENAME_password" -value @{ value = "" } -MemberType NoteProperty
      }
      if (!$armTemplateForFactory.parameters.HTTPLINKEDSERVICENAME_embeddedCertData) {
        $armTemplateForFactory.parameters | Add-Member -Name "HTTPLINKEDSERVICENAME_embeddedCertData" -value @{ type = "secureString"; metadata = "Secure string for 'embeddedCertData' of 'HTTPLINKEDSERVICENAME'" } -MemberType NoteProperty
        $httpLinkedServiceResource.properties.typeProperties | Add-Member -Name "embeddedCertData" -value @{ type = "SecureString"; value = "[parameters('HTTPLINKEDSERVICENAME_embeddedCertData')]" } -MemberType NoteProperty
        $armTemplateParametersForFactory.parameters | Add-Member -Name "HTTPLINKEDSERVICENAME_embeddedCertData" -value @{ value = "" } -MemberType NoteProperty
      }
      $armTemplateForFactory | ConvertTo-Json -Depth 20 | Out-File $(sourceDataFactoryName)\ARMTemplateForFactory.json
      $armTemplateParametersForFactory | ConvertTo-Json -Depth 20 | Out-File $(sourceDataFactoryName)\ARMTemplateParametersForFactory.json

HTTPLINKEDSERVICENAME 必须替换为 HTTP 链接服务的名称!

此任务会将缺少的参数(在我的情况下为passwordembeddedCertData)添加到文件中ARMTemplateForFactory.jsonARMTemplateParametersForFactory.json如果它们尚不存在。

推荐阅读