如何在Azure DevOps发布管道中建立连接帐户 [英] How to connect-azaccount in Azure DevOps release pipeline
问题描述
在发布管道中,我尝试使用Connect-Azaccount连接到Azure AD,以便我可以运行Get-AzADgroup来检索某些Az AD组名称及其guid并将其输出到变量.
In the release pipeline, I am trying to connect to Azure AD by using Connect-Azaccount so I can run Get-AzADgroup to retrieve some Az AD group names and their guid and output to variables.
我使用以下嵌入式脚本创建了Azure Powershell任务.
I created Azure Powershell task with the following inline script.
(Get-AzADGroup -DisplayName"group-name").起源
(Get-AzADGroup -DisplayName "group-name").origin
推荐答案
似乎您需要使用非交互式登录,请按照以下步骤操作.
It seems you need to use a non-interactive login, follow the steps as below.
1.为应用创建密码,保存该密码并
1.Create an Azure Active Directory application and create a secret for the app, save the secret and get values for signing in.
2.在AD App中-> API permissions
-> Add a permission
->选择Azure Active Directory Graph
-> Application permissions
-> Directory.Read.All
->单击Add permissions
->单击 Grant admin consent for xxx
,请参阅屏幕截图.
2.In your AD App -> API permissions
-> Add a permission
-> select Azure Active Directory Graph
-> Application permissions
-> Directory.Read.All
-> click Add permissions
-> click Grant admin consent for xxx
, refer to the screenshot.
3.尝试以下脚本,使用在第1步中获得的值,对我而言效果很好.
3.Try the script as below, use the values which you get in step 1, it works fine on my side.
注意:使用Az
powershell模块时,需要将Task version
与4.*(preview)
一起使用.
Note: You need to use the Task version
with 4.*(preview)
when you use Az
powershell module.
$azureAplicationId ="<your ad app application id>"
$azureTenantId= "<your tenant id>"
$azurePassword = ConvertTo-SecureString "<the secret of your ad app>" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
#I just test to get all groups, you could do other operations
Get-AzADGroup
这篇关于如何在Azure DevOps发布管道中建立连接帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!