如何从DevOps管道安全登录Az CLI [英] How to securely login in Az CLI from a DevOps Pipeline

问题描述

我想从我的Azure DevOps管道执行AZ cli命令.在我的YAML文件中，我有这个:

I want to execute AZ cli commands from my Azure DevOps Pipeline. In my YAML file I have this:

trigger:
- master

pool:
  vmImage: 'ubuntu-latest'

variables:
  buildConfiguration: 'Release'

steps:
- task: UsePythonVersion@0
  inputs:
    versionSpec: '3.x'
    architecture: 'x64'

# Updating pip to latest
- script: python -m pip install --upgrade pip
  displayName: 'Upgrade pip'

# Updating to latest Azure CLI version.
- script: pip install --pre azure-cli --extra-index-url https://azurecliprod.blob.core.windows.net/edge
  displayName: 'upgrade azure cli'

- script: az --version
  displayName: 'Show Azure CLI version'

- script: az extension add -n azure-devops
  displayName: 'Install Azure DevOps Extension'

- script: echo ${AZURE_DEVOPS_CLI_PAT} | az devops login
  env:
    AZURE_DEVOPS_CLI_PAT: $(System.AccessToken)
  displayName: 'Login Azure DevOps Extension'

- script: az aks show --name census-k8s  --resource-group Census
  displayName: 'Show AKS'

回显$ {AZURE_DEVOPS_CLI_PAT} |az devops登录步骤完成(显然成功)，并显示警告消息

The echo ${AZURE_DEVOPS_CLI_PAT} | az devops login step is completed (with success apparently) with a warning message

Failed to store PAT using keyring; falling back to file storage.
You can clear the stored credential by running az devops logout.
Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.

az aks show 步骤失败:

Please run 'az login' to setup account.

我有点迷路了. az devops login 命令应启用为使用az cli，对吗?如果没有，我是否应该使用 az登录而不是 az devops登录?如果我应该使用 az登录，如何在Azure DevOps管道中的执行代理中以安全的方式传递我的凭据?

I am a little bit lost. The az devops login command should enable be to use the az cli, right? If not, Am I supposed to use az login instead of az devops login? And if I am supposed to use az login, how can I pass my credentials in a secure way in the executing agent in Azure DevOps pipeline?

推荐答案

不，您不需要 az devops登录.您需要的是Azure CLI任务:

No, you don't need az devops login. What you need is Azure CLI Task:

- task: AzureCLI@2
  displayName: Azure CLI
  inputs:
    azureSubscription: <Name of the Azure Resource Manager service connection>
    scriptType: ps
    scriptLocation: inlineScript
    inlineScript: |
      az --version
      az account show

，但是您不必进行任何登录.请在此处调用您的 az aks show --name census-k8s --resource-group Census

but then you don't have to do any login. Please call there your az aks show --name census-k8s --resource-group Census

这篇关于如何从DevOps管道安全登录Az CLI的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！