[英]Create an automation credential from a yaml pipeline
I am trying to create an automation credential from a YAML pipeline in Azure DevOps.我正在尝试从 Azure DevOps 中的 YAML 管道创建自动化凭据。 I am using an AzurePowerShell@5 task to write (inline) the PowerShell script in the YAML file.
我正在使用 AzurePowerShell@5 任务在 YAML 文件中编写(内联)PowerShell 脚本。 And the username and password of the credential to be created are stored in a variable group in Azure DevOps.
并且要创建的凭据的用户名和密码存储在 Azure DevOps 中的一个变量组中。
In Microsoft documentation, the cmdlet New-AzAutomationCredential contains an example of how to use the cmdlet:在 Microsoft 文档中,cmdlet New-AzAutomationCredential包含如何使用 cmdlet 的示例:
$User = "Contoso\PFuller"
$Password = ConvertTo-SecureString "Password" -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
New-AzAutomationCredential -AutomationAccountName "Contoso17" -Name "ContosoCredential" -Value $Credential -ResourceGroupName "ResourceGroup01"
But if I try to replace the plain text username and password with the two variables in the variable group, the deployment fails:但是如果我尝试用变量组中的两个变量替换纯文本用户名和密码,则部署失败:
$User = $UserVariable
$Password = ConvertTo-SecureString $PasswordVariable -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
New-AzAutomationCredential -AutomationAccountName "Contoso17" -Name "ContosoCredential" -Value $Credential -ResourceGroupName "ResourceGroup01"
Is it possible to use the pipeline variables to create a credential and execute the New-AzAutomationCredential cmdlet?是否可以使用管道变量创建凭据并执行 New-AzAutomationCredential cmdlet?
EDIT: Adding information on at what level I am setting up the variable group:编辑:添加有关我在哪个级别设置变量组的信息:
- stage: devstage
displayName: 'Dev Environment Deployment'
dependsOn: build
condition: succeeded()
variables:
- group: dev-vg
If they are in a variable, then you should reference them from the environment or pass them explicitly to the script as a parameter.如果它们在变量中,那么您应该从环境中引用它们或将它们作为参数显式传递给脚本。 Secrets aren't set in the environment, unless explicitly configured.
除非明确配置,否则不会在环境中设置机密。
AzurePowerShell@v5
- inputs:
script: |
$User = $env:username
$Password = ConvertTo-SecureString $env:password -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
New-AzAutomationCredential -AutomationAccountName "Contoso17" -Name "ContosoCredential" -Value $Credential -ResourceGroupName "ResourceGroup01"
- env:
myuser: $(username)
mypassword: $(password)
Alternatively, pass the variables straight into the script contents (warning, the script, including the secret will be written to disk this way):或者,将变量直接传递到脚本内容中(警告,脚本,包括密码将通过这种方式写入磁盘):
AzurePowerShell@v5
- inputs:
script: |
$User = $(username)
$Password = ConvertTo-SecureString $(password) -AsPlainText -Force
$Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $User, $Password
New-AzAutomationCredential -AutomationAccountName "Contoso17" -Name "ContosoCredential" -Value $Credential -ResourceGroupName "ResourceGroup01"
In YAML pipelines, you can set variables at the root, stage, and job level.
在 YAML 管道中,您可以在根、阶段和作业级别设置变量。 You can also specify variables outside of a YAML pipeline in the UI.
您还可以在 UI 中指定 YAML 管道之外的变量。 When you set a variable in the UI, that variable can be encrypted and set as secret.
当您在 UI 中设置变量时,该变量可以被加密并设置为机密。 Secret variables are not automatically decrypted in YAML pipelines and need to be passed to your YAML file with env: or a variable at the root level.
秘密变量不会在 YAML 管道中自动解密,需要使用 env: 或根级别的变量传递到您的 YAML 文件。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.