使用来自 Azure 管道的服务连接对 Python 脚本任务进行身份验证

Question

I need to execute a Python script as part of my CICD process that will do some executions on existing files in a data lake gen 2/blob storage.

I don't know how to authenticate the script so that it can perform the actions needed.

Python script task

 task: PythonScript@0
  inputs:
    scriptSource: 'filePath'
    scriptPath: ./script.py
    #arguments: # Optional
    #pythonInterpreter: # Optional
    #workingDirectory: # Optional
    #failOnStderr: false # Optional

An Azure Powershell task has an input option to put in a azureSubscription. Maybe I can pass in an argument?

Answer 1

Based on your requirement, you need to use the Authentication information in the Service Connection.

To meet your requirement, you can choose to use Azure CLI task and enable the option: addSpnToEnvironment: true .

Refer to this doc: Azure CLI task

Adds service principal ID and key of the Azure endpoint you chose to the script's execution environment.

Here is an example:

steps:
- task: AzureCLI@2
  displayName: 'Azure CLI '
  inputs:
    azureSubscription: xx
    scriptType: bash
    scriptLocation: inlineScript
    inlineScript: |
     echo "##vso[task.setvariable variable=ARM_CLIENT_ID]$servicePrincipalId" 
     
     echo "##vso[task.setvariable variable=ARM_CLIENT_SECRET]$servicePrincipalKey"
    
     echo "##vso[task.setvariable variable=ARM_TENANT_ID]$tenantId"
    addSpnToEnvironment: true

In this case, you can set the Authentication information as pipeline variable. Then you can use the pipeline variable in next tasks.

$(ARM_CLIENT_ID)

$(ARM_CLIENT_SECRET)

$(ARM_TENANT_ID)