在 DevOps 中删除 Azure Analysis Services 防火墙规则
[英]Remove Azure Analysis Services Firewall Rule in DevOps
问题描述
During a deployment, Azure DevOps creates a firewall rule when deploying to Azure Analysis Services (AAS), like so:
在部署过程中,Azure DevOps 在部署到 Azure Analysis Services (AAS) 时会创建防火墙规则,如下所示:
There is an option in the 'Azure Analysis Service Deployment' task to not delete the firewall once deployed: “Azure 分析服务部署”任务中有一个选项可以在部署后不删除防火墙:
I uncheck this as it allows me to run Powershell against the AAS database after the deployment task (to amend the AD groups inside roles per environment, for example).我取消选中它,因为它允许我在部署任务之后针对 AAS 数据库运行 Powershell(例如,修改每个环境角色内的 AD 组)。 DevOps has a whole host of dynamic IPs that change weekly and don't appear to match IP lists they send out in the weekly file either (that I've seen, plus amending firewall ranges weekly really is overly cumbersome), so I let the rule sit there whilst I complete my subsequent Powershell scripts. DevOps 拥有大量动态 IP,它们每周更改一次,并且似乎与它们在每周文件中发送的 IP 列表不匹配(我已经看到,加上每周修改防火墙范围确实过于繁琐),所以我让规则坐在那里,而我完成我随后的 Powershell 脚本。
There is a Powershell cmdlet to create a rule in the AAS firewall called 'New-AzAnalysisServicesFirewallRule'.有一个 Powershell cmdlet 可以在 AAS 防火墙中创建一个名为“New-AzAnalysisServicesFirewallRule”的规则。
However, true to their remarkably consistent form for in only giving us the tools we really need, there does not appear to be a 'Remove' equivalent which obviously I would like to run to clean it up at the end.然而,对于它们非常一致的形式,只为我们提供了我们真正需要的工具,似乎没有一个“删除”等价物,显然我想在最后运行它来清理它。 I can't see anything in the Azure REST APIs for it either.我在 Azure REST API 中也看不到它的任何内容。 Consequently, I am manually deleting the rule in the admin portal post-deployment.因此,我在部署后手动删除管理门户中的规则。
There must be some functionality to do it, hence there is a checkbox for me to re-enable should I so choose.必须有一些功能才能做到这一点,因此如果我选择重新启用,有一个复选框可供我重新启用。 I wonder if anyone has uncovered the secret to programatically removing an AAS firewall rule (specifically of the vsts-release-aas-rule variety) that they could share?我想知道是否有人发现了以编程方式删除他们可以共享的 AAS 防火墙规则(特别是 vsts-release-aas-rule 种类)的秘密?
1 个解决方案
解决方案1
2 已采纳 2020-02-08 02:28:48
Looking at the code in the task .查看任务中的代码。 The strategy used is:使用的策略是:
- Retrieve the Analysis Services server object, then the firewall config property using the Get-AzureRmAnalysisServicesServer cmdlet.使用Get-AzureRmAnalysisServicesServer cmdlet 检索 Analysis Services 服务器对象,然后检索防火墙配置属性。
- get the firewall rules from the retrieved Firewall config从检索到的防火墙配置中获取防火墙规则
- remove the firewall rule named
vsts-release-aas-rulefrom the firewall rules从防火墙规则中删除名为vsts-release-aas-rule的防火墙规则 - create a new firewall config using the new New-AzureRmAnalysisServicesFirewallConfig with the new updated Firewall rules (minus the
vsts-release-aas-ruleFirewall rule)使用新的New-AzureRmAnalysisServicesFirewallConfig和新更新的防火墙规则(减去vsts-release-aas-rule防火墙规则)创建新的防火墙配置 - update the Analysis server with the Set-AzureRmAnalysisServicesServer using the new firewall config使用新的防火墙配置使用Set-AzureRmAnalysisServicesServer更新分析服务器
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.