脚本如何访问服务连接? (Azure Devops管道) [英] How can a script access Service Connections? (Azure Devops Pipelines)
问题描述
根据 https://docs.microsoft. com/en-us/azure/devops/pipelines/library/service-endpoints 有很多服务连接类型.我可以在项目级别轻松管理一组服务连接,并设置权限以限制哪些用户可以查看/编辑它们-一切都很好.
According to https://docs.microsoft.com/en-us/azure/devops/pipelines/library/service-endpoints there's a rich array of Service Connection types. I can easily manage a set of service connections at the project level and set permissions to limit which users are able to view/edit them -- this is all good.
但是我不知道如何在构建管道中使用脚本步骤访问服务连接.例如,假设我有一个服务连接,代表一个Azure服务主体的凭据.我想在脚本步骤中访问这些凭据.
But I can't figure out how to access a Service Connection with a script step in my build pipeline. For example, let's say I have a Service Connection representing credentials for an Azure Service Principal. I'd like to access those credentials in a script step.
我如何编写一个脚本来利用它们?
How can I write a script step that makes use of them?
推荐答案
Because a Service Connection involves data shaped specifically to the connected service (the Generic Service Connection being the exception that proves the rule...), you won't be able to make use of strongly typed properties in your Bash task. Instead, you may want to examine environment variables and process the service connection data manually.
基于对某些任务中的调查在Azure DevOps存储库中,似乎服务连接及其数据已作为环境变量填充到运行构建任务的代理上.通过以下方法检索服务连接,该方法通过以下正则表达式运行给定的name字符串,然后检索结果环境键的值:
Based on a survey of some of the tasks in the Azure DevOps repos, it appears that service connections and their data are populated as environment variables on the agent running the build task. The service connections are retrieved via a method that runs a given name string through the following regex before retrieving the resultant environment key's value:
process.env[name.replace(/\./g, '_').toUpperCase()];
The retrieval of various Service Endpoint data is wrapped in the vsts-task-lib/task module, allowing consuming tasks to write code like so:
taskLib.getEndpointAuthorization('SYSTEMVSSCONNECTION', false);
taskLib.getEndpointDataParameter('MYSERVICECONNECTION', 'SOME_PARAMETER_NAME', false);
taskLib.getEndpointUrl('MYSERVICECONNECTION', false) // <-- last param indicates required or not
因此,如果您希望在bash脚本中访问服务连接而没有任何其他自定义,我建议您:
Therefore, if you wanted to access service connections in a bash script without any additional customization, I would recommend that you:
a)通过迭代和写入环境变量,设置环境变量system.debug,来验证构建脚本任务中服务连接信息的可用性.有迹象表明,构建任务并未与它们没有特别请求的连接结合"在一起,因此您可能需要创建一个自定义构建任务,该任务的输入之一就是您要使用的服务连接名称
a) Validate the availability of service connection information in the build script task by iterating and writing environment variables, setting the system.debug environment variable. There's some indication that build tasks aren't "seeded" with connections they aren't requesting specifically, so you may need to create a custom build task which has as one of its' inputs the service connection name you want to use
b)从bash脚本中上面概述的变量中读取所需的值.服务连接变量名称的计算方式类似于
b) read the desired values from variables as outlined above in your bash script. Service connection variable names may be computed similarly to this:
var dataParam = getVariable('ENDPOINT_DATA_' + id + '_' + key.toUpperCase());
您可能需要对此进行迭代以确定数据架构/结构.
You may need to iterate against this to determine the data schema/structure.
这篇关于脚本如何访问服务连接? (Azure Devops管道)的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
