无法在流水线中使用PAT。

huangapple go评论103阅读模式
英文:

Cannot use PAT in pipeline

问题

我正在尝试在流水线中使用个人访问令牌(PAT)登录到DevOps,但我遇到了这个错误:

警告:使用钥匙环存储PAT失败;退回到文件存储。
警告:您可以通过运行az devops logout来清除存储的凭据。
警告:请参阅https://aka.ms/azure-devops-cli-auth以了解有关使用PAT登录的更多信息。

YAML文件如下所示:

name: 管理 Azure Devops

trigger: none

pool:
  vmImage: "ubuntu-latest"

variables:
  - group: Azure_Devops_Management
  - name: ado_organization
    value: "https://dev.azure.com/org-name/"

steps:
  - script: |
            echo $(ACCESS_TOKEN) | az devops login --organization $(ado_organization)
    displayName: 登录并设置默认值
    env:
      ADO_PAT_TOKEN: $(ACCESS_TOKEN)

  - script: |
            az devops user list
    displayName: 列出用户

当我在自己的计算机上运行时,它正常工作:

echo "####" | az devops login --organization "https://dev.azure.com/org-name/"

我已经尝试以明文方式添加PAT,仅仅是为了验证它与变量组无关,但这也没有帮助。

我已经阅读了几个关于这个问题的帖子,但找不到任何有帮助的信息。
感谢任何帮助。

英文:

I'm trying to use a PAT to login to devops in a pipeline but I get this error:

WARNING: Failed to store PAT using keyring; falling back to file storage.
WARNING: You can clear the stored credential by running az devops logout.
WARNING: Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.

The yaml file looks like this:

name: Manage Azure Devops

trigger: none

pool:
  vmImage: "ubuntu-latest"

variables:
  - group: Azure_Devops_Management
  - name: ado_organization
    value: "https://dev.azure.com/org-name/"

steps:
  - script: |
      echo $(ACCESS_TOKEN) | az devops login --organization $(ado_organization)
    displayName: Login and set defaults
    env:
      ADO_PAT_TOKEN: $(ACCESS_TOKEN)

  - script: |
      az devops user list
    displayName: List users

When I run this on my own computer it works fine:

echo "####" | az devops login --organization "https://dev.azure.com/org-name/"

I've tried to add the PAT in clear test, just to verify that it's not a problem with the variable group, but that didn't help either.

I've read several threads about this but can't find anything that have helped.
Any help appriciated.

答案1

得分: 1

感谢指导我走在正确的方向,@KrzysztofMadej。

https://github.com/kmadof/devops-manual/blob/b0c8b2a9afc71829e62e9640f8c49c61e44c9057/stackoverflow/56-print-variables/build.yaml#L20 处的流程不起作用。我猜这是因为这一行将等待输入PAT以继续:

az devops login --organization $org

但由于我们将PAT存储在AZURE_DEVOPS_EXT_PAT中,因此我们不需要运行登录命令(更多信息:https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable)。

由于我需要比$(System.AccessToken)提供的权限更多,我也可以使用自己的PAT。

因此,这是使用自定义PAT运行az devops命令的最终YAML:

name: 管理Azure Devops

trigger: none

pool:
  vmImage: "ubuntu-latest"

variables:
  - group: Azure_Devops_Management

steps:
  - bash: env | sort
  - task: AzureCLI@2
    displayName: Azure CLI
    inputs:
      azureSubscription: "service_connection_name"
      scriptType: "pscore"
      scriptLocation: "scriptPath"
      scriptPath: "./AdoManageInactiveUsers.ps1"
    env:
      AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)

如果您不想使用AzureCLI@2任务,这也可以工作:

steps:
  - script: |
     az devops configure --defaults organization=$(ado_organization)
     az devops user list     
    displayName: 列出用户
    env:
     AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)

因此,我的第一个YAML的解决方案基本上是使用AZURE_DEVOPS_EXT_PAT,并且不运行az devops login。

英文:

Thanks for pointing me in the right direction, @KrzysztofMadej.

The pipeline at https://github.com/kmadof/devops-manual/blob/b0c8b2a9afc71829e62e9640f8c49c61e44c9057/stackoverflow/56-print-variables/build.yaml#L20 didn't work as is. I guess it's because this line will wait for input of the PAT to proceed:

az devops login --organization $org

But since we store the PAT in AZURE_DEVOPS_EXT_PAT we don't need to run the login command (more info: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable).

Since I need more permissions than what $(System.AccessToken) gives me I could also use my own PAT.

So this is the final YAML to run az devops commands with a custom PAT:

name: Manage Azure Devops

trigger: none

pool:
  vmImage: "ubuntu-latest"

variables:
  - group: Azure_Devops_Management

steps:
  - bash: env | sort
  - task: AzureCLI@2
    displayName: Azure CLI
    inputs:
      azureSubscription: "service_connection_name"
      scriptType: "pscore"
      scriptLocation: "scriptPath"
      scriptPath: "./AdoManageInactiveUsers.ps1"
    env:
      AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)

And if you don't want to use AzureCLI@2 task this works as well:

 steps:
  - script: |
     az devops configure --defaults organization=$(ado_organization)
     az devops user list
    displayName: List users
    env:
     AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)

So the solution from my first YAML is basically to use AZURE_DEVOPS_EXT_PAT and dont run az devops login

huangapple
  • 本文由 发表于 2023年8月9日 16:12:14
  • 转载请务必保留本文链接:https://go.coder-hub.com/76865794-2.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定