无法从VSO Build / Release访问Azure Keyvault [英] Unable to Access Azure Keyvault from VSO Build/Release
问题描述
我正在使用AzureServiceTokenProvider调用Azure KeyVault Secrets。我使用下面的代码来获取秘密。
I'm calling Azure KeyVault Secrets using AzureServiceTokenProvider. I have used below code to get the Secrets.
public KeyVaultUtil()
{
var azureServiceTokenProvider = new AzureServiceTokenProvider();
keyVaultClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
}
public static ConcurrentDictionary<string, string> Secrets
{
get;
set;
}
public void LoadSecretsFromAzureKeyVaultStore(string keyVaultBaseUrl)
{
try
{
if (Secrets == null)
Secrets = new ConcurrentDictionary<string, string>();
int maxResults = 10;
var secrets = keyVaultClient.GetSecretsAsync(keyVaultBaseUrl, maxResults).Result;
while (secrets.Count() > 0)
{
secrets.ToList().ForEach((s) =>
{
var secret = keyVaultClient.GetSecretAsync(s.Id).Result;
if (secret.ContentType == null)
{
Secrets.AddOrUpdate(secret.SecretIdentifier.Name, secret.Value, (a, b) => secret.Value);
}
});
if (secrets.NextPageLink == null)
break;
secrets = keyVaultClient.GetSecretsNextAsync(secrets.NextPageLink).GetAwaiter().GetResult();
}
}
catch (AggregateException aggex)
{
throw aggex.InnerException;
}
}
}
最后我能够构建代码,并且在我的本地Syatem中工作正常。
Finally I'm able to build the code and is working Fine in my Local Syatem.
现在我在调用我的FunctionalTests时面临下面的问题VSO Build / Release中的相同代码。
Now I'm facing below issue when I'm calling my FunctionalTests with the same code in VSO Build/Release.
错误:
失败 TestCase_1
2019-02-18T06:22:11.6144933Z错误消息:
2019-02-18T06:22:11.6145937Z TestCleanup方法FunctionalTests.FeatureAutomation.ServiceFeature.ScenarioTearDown抛出异常。 System.Reflection.TargetInvocationException:调用目标抛出了异常。 ---> Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException:
参数:连接字符串:[未指定连接字符串],资源:https://vault.azure.net,Authority:https://login.windows.net/ XXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX。异常消息:尝试了以下4种获取访问令牌的方法,但没有
工作。
2019-02-18T06:22:11.6146913Z参数:连接字符串:[无连接指定字符串],资源:https://vault.azure.net,权限:https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx。异常消息:尝试使用托管服务
身份获取令牌。无法获取访问令牌。 MSI ResponseCode:BadRequest,响应:{" error":" invalid_request"," error_description":" Identity not found'}}
2019-02-18T06:22:11.6147643Z参数:连接字符串:[未指定连接字符串],资源:https://vault.azure.net,Authority:https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx。异常消息:尝试使用Visual Studio获取令牌。
无法获取访问令牌。 Visual Studio令牌提供程序文件未在"C:\ Users \VssAdministrator \ AppData \ Local \.IdentityService \AzureServiceAuth \tokenprovider.json"中找到。
2019-02-18T06 :22:11.6148762Z参数:连接字符串:[未指定连接字符串],资源:https://vault.azure.net,Authority:https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx 。异常消息:尝试使用Azure CLI获取令牌。
无法获取访问令牌。错误:请运行'az login'设置帐户。
2019-02-18T06:22:11.6150982Z
2019-02-18T06:22:11.6151589Z参数:连接字符串:[未指定连接字符串],资源:https://vault.azure.net,权限:https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx。异常消息:尝试使用Active Directory
集成身份验证获取令牌。无法获取访问令牌。 get_user_name_failed:无法获取用户名称内容异常:帐户名和安全ID之间没有映射。
Failed TestCase_1
2019-02-18T06:22:11.6144933Z Error Message:
2019-02-18T06:22:11.6145937Z TestCleanup method FunctionalTests.FeatureAutomation.ServiceFeature.ScenarioTearDown threw exception. System.Reflection.TargetInvocationException: Exception has been thrown by the target of an invocation. ---> Microsoft.Azure.Services.AppAuthentication.AzureServiceTokenProviderException:
Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried the following 4 methods to get an access token, but none
of them worked.
2019-02-18T06:22:11.6146913Z Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Managed Service
Identity. Access token could not be acquired. MSI ResponseCode: BadRequest, Response: {"error":"invalid_request","error_description":"Identity not found"}
2019-02-18T06:22:11.6147643Z Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Visual Studio.
Access token could not be acquired. Visual Studio Token provider file not found at "C:\Users\VssAdministrator\AppData\Local\.IdentityService\AzureServiceAuth\tokenprovider.json"
2019-02-18T06:22:11.6148762Z Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Azure CLI.
Access token could not be acquired. ERROR: Please run 'az login' to setup account.
2019-02-18T06:22:11.6150982Z
2019-02-18T06:22:11.6151589Z Parameters: Connection String: [No connection string specified], Resource: https://vault.azure.net, Authority: https://login.windows.net/XXXXXXX-xxxx-xxxx-xxxx-xxxxxxxxxxxx. Exception Message: Tried to get token using Active Directory
Integrated Authentication. Access token could not be acquired. get_user_name_failed: Failed to get user nameInner Exception : No mapping between account names and security IDs was done.
请帮我解决此问题。
推荐答案
您可以检查一下是否配置了"Azure服务身份验证"。为您的项目正确,它使用正确的帐户。 请转到 工具 - >选项 - >
Azure服务身份验证。 请参阅下图 -
Can you check if you have configured "Azure Service Authentication" for your project correctly and it is using the correct account. Please Go to Tools->Options-> Azure Service Authentication. Refer to below image -
这篇关于无法从VSO Build / Release访问Azure Keyvault的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!