如何在Azure DevOps发布管道中建立连接帐户 [英] How to connect-azaccount in Azure DevOps release pipeline
问题描述
在发布管道中,我尝试使用Connect-Azaccount连接到Azure AD,以便我可以运行Get-AzADgroup来检索某些Az AD组名称及其guid并将其输出到变量.
In the release pipeline, I am trying to connect to Azure AD by using Connect-Azaccount so I can run Get-AzADgroup to retrieve some Az AD group names and their guid and output to variables.
我使用以下嵌入式脚本创建了Azure Powershell任务.
I created Azure Powershell task with the following inline script.
(Get-AzADGroup -DisplayName"group-name").起源
(Get-AzADGroup -DisplayName "group-name").origin
推荐答案
似乎您需要使用非交互式登录,请按照以下步骤操作.
It seems you need to use a non-interactive login, follow the steps as below.
1.Create an Azure Active Directory application and create a secret for the app, save the secret and get values for signing in.
2.在AD App中-> API permissions-> Add a permission->选择Azure Active Directory Graph-> Application permissions-> Directory.Read.All->单击Add permissions->单击 Grant admin consent for xxx ,请参阅屏幕截图.
2.In your AD App -> API permissions -> Add a permission -> select Azure Active Directory Graph -> Application permissions -> Directory.Read.All -> click Add permissions -> click Grant admin consent for xxx, refer to the screenshot.
3.尝试以下脚本,使用在第1步中获得的值,对我而言效果很好.
3.Try the script as below, use the values which you get in step 1, it works fine on my side.
注意:使用Az powershell模块时,需要将Task version与4.*(preview)一起使用.
Note: You need to use the Task version with 4.*(preview) when you use Az powershell module.
$azureAplicationId ="<your ad app application id>"
$azureTenantId= "<your tenant id>"
$azurePassword = ConvertTo-SecureString "<the secret of your ad app>" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
#I just test to get all groups, you could do other operations
Get-AzADGroup
这篇关于如何在Azure DevOps发布管道中建立连接帐户的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
