我需要自动创建Azure Batch帐户。部分原因是从现有Azure密钥保管库向帐户添加证书。我想我拥有自己需要的所有东西,但我无法将它们全部融合在一起;我有一个KeyVault.Models.CertificateBundle
对象和一个Management.Batch.Models.BatchAccount
对象,但我不知道如何让一个到另一个。
我的代码看起来像这样:
// Create Batch account
var storageAccount = new Models.AutoStorageBaseProperties(storageAccountId);
mgmtClient.BatchAccount.Create(resourceGroupName, accountName,
new Models.BatchAccountCreateParameters()
{
Location = clusterZone,
AutoStorage = storageAccount
});
string certName;
Models.CertificateCreateOrUpdateParameters certParams;
// Add certificate
using (KeyVaultClient kvClient = new KeyVaultClient(new KeyVaultClient.AuthenticationCallback(GetKeyVaultToken)))
{
var cert = kvClient.GetCertificateAsync(certId).GetAwaiter().GetResult();
string thumbprint = Convert.ToBase64String(cert.X509Thumbprint);
string cer = Convert.ToBase64String(cert.Cer);
certParams = new Models.CertificateCreateOrUpdateParameters(Convert.ToBase64String(cert.Cer), cert.Id, thumbprint: thumbprint, format: Models.CertificateFormat.Cer, type: cert.ContentType);
certName = $"SHA1-{thumbprint}"; // not sure about this one
}
// failing with a complaint about the cert name
mgmtClient.Certificate.Create(resourceGroupName, accountName, certName, certParams);
我用这段代码得到的确切错误是:
'certificateName' does not match expected pattern '^[\\w]+-[\\w]+$'.
certName
看起来像SHA1-XXXXXXXXXXXXXXXXXXXXXX+XXXX=
。指纹中有一些非字母数字字符。我只是猜测这是SHA1,但除此之外这个名字看起来对我来说。我不确定我错过了什么。
我也很乐意接受某人更容易解决这一特定问题。
'certificateName'与预期模式'^ [\ w] + - [\ w] + $'不匹配。
您可以调试代码并从Azure keyvault检查指纹。在您的代码中,您从代码中获得的指纹与认证指纹不同。我使用以下代码获得了认证指纹。
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
以下是我用于将证书添加到Azure批处理帐户的演示代码。
var credentials = SdkContext.AzureCredentialsFactory.FromFile(@"cred file path");
var resourceGroup = "resourceGroup";
var accountName = "batchAccountName";
var subscriptionId = "subscriptionName";
var certificateIdentifier = "https://keyvaultName.vault.azure.net/certificates/certName/xxxxx";
var batchManagementClient = new BatchManagementClient(credentials)
{
SubscriptionId = subscriptionId
};
var azureServiceTokenProvider = new AzureServiceTokenProvider();
var keyVaultClient =
new KeyVaultClient(
new KeyVaultClient.AuthenticationCallback(azureServiceTokenProvider.KeyVaultTokenCallback));
var cert = keyVaultClient.GetCertificateAsync(certificateIdentifier).Result;
X509Certificate2 x509 = new X509Certificate2();
x509.Import(cert.Cer);
var thumbprint = x509.Thumbprint;
var certConent = Convert.ToBase64String(cert.Cer);
var certName = $"SHA1-{thumbprint}";
var result= batchManagementClient.Certificate.CreateAsync(resourceGroup, accountName, certName, new CertificateCreateOrUpdateParametersInner
{
Thumbprint = thumbprint,
Data = certConent,
ThumbprintAlgorithm = "SHA1",
Format = CertificateFormat.Cer,
}).Result;
测试结果: