脚本如何访问服务连接?(Azure Devops 管道) [英] How can a script access Service Connections? (Azure Devops Pipelines)

查看:19
本文介绍了脚本如何访问服务连接?(Azure Devops 管道)的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

根据 https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints 有丰富的服务连接类型.我可以轻松地在项目级别管理一组服务连接,并设置权限以限制哪些用户能够查看/编辑它们——这一切都很好.

According to https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints there's a rich array of Service Connection types. I can easily manage a set of service connections at the project level and set permissions to limit which users are able to view/edit them -- this is all good.

但我不知道如何使用构建管道中的脚本步骤访问服务连接.例如,假设我有一个代表 Azure 服务主体凭据的服务连接.我想在脚本步骤中访问这些凭据.

But I can't figure out how to access a Service Connection with a script step in my build pipeline. For example, let's say I have a Service Connection representing credentials for an Azure Service Principal. I'd like to access those credentials in a script step.

如何编写使用它们的脚本步骤?

How can I write a script step that makes use of them?

推荐答案

因为服务连接涉及专门为连接的服务(通用服务连接 是证明规则的例外......),您将无法在 Bash 任务中使用强类型属性.相反,您可能希望检查环境变量并手动处理服务连接数据.

Because a Service Connection involves data shaped specifically to the connected service (the Generic Service Connection being the exception that proves the rule...), you won't be able to make use of strongly typed properties in your Bash task. Instead, you may want to examine environment variables and process the service connection data manually.

基于对某些任务的调查在 Azure DevOps 存储库中,服务连接及其数据似乎作为运行构建任务的代理上的环境变量填充.在检索结果环境键的值之前,通过以下正则表达式运行给定的 name 字符串的方法检索服务连接:

Based on a survey of some of the tasks in the Azure DevOps repos, it appears that service connections and their data are populated as environment variables on the agent running the build task. The service connections are retrieved via a method that runs a given name string through the following regex before retrieving the resultant environment key's value:

process.env[name.replace(/./g, '_').toUpperCase()];

各种服务端点数据的检索被包裹在vsts-task-lib/task 模块,允许消费任务像这样编写代码:

The retrieval of various Service Endpoint data is wrapped in the vsts-task-lib/task module, allowing consuming tasks to write code like so:

taskLib.getEndpointAuthorization('SYSTEMVSSCONNECTION', false);

taskLib.getEndpointDataParameter('MYSERVICECONNECTION', 'SOME_PARAMETER_NAME', false);

taskLib.getEndpointUrl('MYSERVICECONNECTION', false) // <-- last param indicates required or not

因此,如果您想在 bash 脚本中访问服务连接而不进行任何额外的自定义,我建议您:

Therefore, if you wanted to access service connections in a bash script without any additional customization, I would recommend that you:

a) 通过迭代和编写环境变量、设置system.debug 环境变量来验证构建脚本任务中服务连接信息的可用性.有一些迹象表明构建任务没有播种"它们没有专门请求的连接,因此您可能需要创建一个自定义构建任务,该任务将您要使用的服务连接名称作为其输入之一

a) Validate the availability of service connection information in the build script task by iterating and writing environment variables, setting the system.debug environment variable. There's some indication that build tasks aren't "seeded" with connections they aren't requesting specifically, so you may need to create a custom build task which has as one of its' inputs the service connection name you want to use

b) 从上面概述的 bash 脚本中的变量中读取所需的值.服务连接变量名称的计算方法类似于 这个:

b) read the desired values from variables as outlined above in your bash script. Service connection variable names may be computed similarly to this:

   var dataParam = getVariable('ENDPOINT_DATA_' + id + '_' + key.toUpperCase());  

您可能需要对此进行迭代以确定数据架构/结构.

You may need to iterate against this to determine the data schema/structure.

这篇关于脚本如何访问服务连接?(Azure Devops 管道)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆