在CI服务器上使用Azure Powershell cmdlet
[英]Use Azure powershell cmdlets on CI server
问题描述
I have some powershell scripts in my CI server to check the state of some WebJobs. 
我的CI服务器中有一些Powershell脚本,用于检查某些WebJob的状态。
But I have few problems. 但是我没什么问题。
I'm using publish settings file, but it expires and my build starts to fail. 我正在使用发布设置文件,但是它过期了,我的构建开始失败。
I don't want to use a Management Certificate that will expose all management features. 我不想使用将公开所有管理功能的管理证书。
And I don't want to put my user credentials on the CI server that will also expose all management features. 而且我不想将我的用户凭据放在也会暴露所有管理功能的CI服务器上。
There is any way to create a CI user or credential with restricted permissions? 有什么方法可以创建具有受限权限的CI用户或凭据?
Thanks! 谢谢!
1 个解决方案
解决方案1
0 2016-07-30 12:37:00
Azure Functions provides a good solution to this problem. Azure Functions为该问题提供了很好的解决方案。 You can create a Service Principle account, with certificate login and then restrict that account to whatever actions you need it to allow (via RBAC) 您可以创建一个使用证书登录的“服务主体”帐户,然后将该帐户限制为需要其允许的任何操作(通过RBAC)
You can then have an Azure PowerShell script running in Functions, that is called from a webhook from your CI engine. 然后,您可以在Functions中运行一个Azure PowerShell脚本,该脚本从CI引擎的Webhook调用。 That way the only credentials that are stored on your CI are the webhook secret, and if your CI engine has a static IP you can verify that commands only come from that address, and drop anything else. 这样,存储在CI中的唯一凭据就是webhook机密,如果CI引擎具有静态IP,则可以验证命令仅来自该地址,然后丢弃其他任何内容。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.