如何从私有azure devops feed中还原nuget包? [英] How to restore nuget packages from a private azure devops feed?
问题描述
我在azure devops的私有nuget提要中有nuget包,我尝试从本地TFS中使用它们.
I have nuget packages in a private nuget feed on azure devops and I try to consume them from on-prem TFS.
在天蓝色的开发人员中,我导航到工件->连接到提要",然后单击链接下载NuGet +凭据提供程序".当运行CredentialProvider.VSS.exe -U URL_TO_FEED时,我得到了一个jwt令牌.
In azure devops, I navigated to Artifacts -> Connect to feed and clicked the link "Download NuGet + Credential Provider". When running CredentialProvider.VSS.exe -U URL_TO_FEED I got a jwt token.
在本地tfs中,我导航到构建定义中的"NuGet恢复"步骤.在提要和身份验证"中,我选择在我的NuGet.config中的提要",在此帐户/集合之外的提要的凭据"中,单击管理".在添加新的Team Foundation Server/团队服务连接"对话框中,选择基于令牌的身份验证"并填写值.我将从CredentialProvider.VSS.exe获得的令牌放在个人访问令牌"字段中.
In tfs on-prem, I navigated to the "NuGet restore" step in the build definition. At "Feeds and authentication" I selected "Feeds in my NuGet.config" and at "Credentials for feeds outside this account/collection" I clicked "Manage". In the "Add new Team Foundation Server/Team Services Connection" dialog box I selected "Token Based Authentication" and filled in the values. I put the token I got from CredentialProvider.VSS.exe in the field "Personal Access Token".
还原了nuget软件包,因此一切似乎都很好,但是第二天它不再起作用了,因为令牌仅有效了几个小时(我将其解码以进行验证).
The nuget packages were restored so everything seemed good, but the next day it didn't work any longer since the token was only valid for a few hours (I decoded it to verify).
我应该如何进行这项工作?使用个人访问令牌"似乎很奇怪,因为它不应该与我个人相关(例如,如果我离开组织). CredentialProvider.VSS.exe生成的令牌的用户名是VssSessionToken,这可能表明它不是与我相关的个人令牌,但我不知道.
How am I supposed to make this work? It seems strange to use a "Personal Access Token" since it shouldn't be related to me as a person (in case I leave the organization for example). The username for the token generated by CredentialProvider.VSS.exe was VssSessionToken which might indicate that it's not a personal token related to me, but I don't know.
推荐答案
PAT(个人访问令牌)几乎是Azure Artifacts提要的一种方式,因为它们是通用的,可提供对Azure DevOps不同部分的访问.
The PAT (Personal Access Token) are pretty much the way to go for Azure Artifacts feeds as they are the generic to provide access to different parts of Azure DevOps.
如果您担心它们是私人的事实,则可以使用服务帐户生成令牌.
If you are worried about the fact that they are personal it might be a solution to use a service account to generate the tokens.
如果您希望PAT的寿命更长,那么自己创建一个PAT可能会更容易(请参见
If you want a PAT that has a longer lifetime it might be easier to create one yourself (see https://docs.microsoft.com/en-us/azure/devops/artifacts/nuget/nuget-exe?view=azure-devops&tabs=new-nav#add-a-feed-to-nuget-2 for instructions)
简而言之,您将创建一个具有包装(读取)"权限的PAT,以限制滥用的可能性.
In short you will create a PAT with the 'Packaging (read)' permission, as to limit the possibility of abuse.
要考虑的两件事:
- PAT总是有一个过期日期,因此您需要保持该日期.
- PAT授予创建它们的用户访问Azure DevOps Api的权限,因此请确保它们不可访问并尽可能限制权限.
这篇关于如何从私有azure devops feed中还原nuget包?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
