英文:
Cannot use PAT in pipeline
问题
我正在尝试在流水线中使用个人访问令牌(PAT)登录到DevOps,但是我遇到了以下错误:
警告:使用密钥环存储PAT失败;回退到文件存储。
警告:您可以通过运行az devops logout来清除存储的凭据。
警告:请参阅https://aka.ms/azure-devops-cli-auth了解有关使用PAT登录的更多信息。
YAML文件如下所示:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
- name: ado_organization
value: "https://dev.azure.com/org-name/"
steps:
- script: |
echo $(ACCESS_TOKEN) | az devops login --organization $(ado_organization)
displayName: Login and set defaults
env:
ADO_PAT_TOKEN: $(ACCESS_TOKEN)
- script: |
az devops user list
displayName: List users
当我在自己的计算机上运行时,它可以正常工作:
echo "####" | az devops login --organization "https://dev.azure.com/org-name/"
我尝试了将PAT以明文形式添加,只是为了验证它不是与变量组相关的问题,但也没有帮助。
我已经阅读了几个关于此问题的帖子,但没有找到任何有用的信息。
感谢任何帮助。
英文:
I'm trying to use a PAT to login to devops in a pipeline but I get this error:
WARNING: Failed to store PAT using keyring; falling back to file storage.
WARNING: You can clear the stored credential by running az devops logout.
WARNING: Refer https://aka.ms/azure-devops-cli-auth to know more on sign in with PAT.
The yaml file looks like this:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
- name: ado_organization
value: "https://dev.azure.com/org-name/"
steps:
- script: |
echo $(ACCESS_TOKEN) | az devops login --organization $(ado_organization)
displayName: Login and set defaults
env:
ADO_PAT_TOKEN: $(ACCESS_TOKEN)
- script: |
az devops user list
displayName: List users
When I run this on my own computer it works fine:
echo "####" | az devops login --organization "https://dev.azure.com/org-name/"
I've tried to add the PAT in clear test, just to verify that it's not a problem with the variable group, but that didn't help either.
I've read several threads about this but can't find anything that have helped.
Any help appriciated.
答案1
得分: 1
感谢您指引我正确的方向,@KrzysztofMadej。
https://github.com/kmadof/devops-manual/blob/b0c8b2a9afc71829e62e9640f8c49c61e44c9057/stackoverflow/56-print-variables/build.yaml#L20 上的流水线无法正常工作。我猜这是因为这一行代码需要等待输入PAT才能继续执行:
az devops login --organization $org
但是由于我们将PAT存储在AZURE_DEVOPS_EXT_PAT中,所以我们不需要运行登录命令(更多信息请参考:https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable)。
由于我需要比$(System.AccessToken)提供的权限更多,我也可以使用自己的PAT。
因此,这是使用自定义PAT运行az devops命令的最终YAML代码:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
steps:
- bash: env | sort
- task: AzureCLI@2
displayName: Azure CLI
inputs:
azureSubscription: "service_connection_name"
scriptType: "pscore"
scriptLocation: "scriptPath"
scriptPath: "./AdoManageInactiveUsers.ps1"
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
如果您不想使用AzureCLI@2任务,也可以使用以下代码:
steps:
- script: |
az devops configure --defaults organization=$(ado_organization)
az devops user list
displayName: List users
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
因此,我第一个YAML的解决方案基本上是使用AZURE_DEVOPS_EXT_PAT,并且不运行az devops login命令。
英文:
Thanks for pointing me in the right direction, @KrzysztofMadej.
The pipeline at https://github.com/kmadof/devops-manual/blob/b0c8b2a9afc71829e62e9640f8c49c61e44c9057/stackoverflow/56-print-variables/build.yaml#L20 didn't work as is. I guess it's because this line will wait for input of the PAT to proceed:
az devops login --organization $org
But since we store the PAT in AZURE_DEVOPS_EXT_PAT we don't need to run the login command (more info: https://learn.microsoft.com/en-us/azure/devops/cli/log-in-via-pat?view=azure-devops&tabs=windows#use-the-azure_devops_ext_pat-environment-variable).
Since I need more permissions than what $(System.AccessToken) gives me I could also use my own PAT.
So this is the final YAML to run az devops commands with a custom PAT:
name: Manage Azure Devops
trigger: none
pool:
vmImage: "ubuntu-latest"
variables:
- group: Azure_Devops_Management
steps:
- bash: env | sort
- task: AzureCLI@2
displayName: Azure CLI
inputs:
azureSubscription: "service_connection_name"
scriptType: "pscore"
scriptLocation: "scriptPath"
scriptPath: "./AdoManageInactiveUsers.ps1"
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
And if you don't want to use AzureCLI@2 task this works as well:
steps:
- script: |
az devops configure --defaults organization=$(ado_organization)
az devops user list
displayName: List users
env:
AZURE_DEVOPS_EXT_PAT: $(ACCESS_TOKEN)
So the solution from my first YAML is basically to use AZURE_DEVOPS_EXT_PAT and dont run az devops login
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论