如何使AzureCLI @ 2忽略“ az keyvault证书删除”的结果?

问题描述 投票:0回答:2

在每晚构建的Azure管道中,我正在执行以下步骤:

  • 通过ARM模板部署密钥库,
  • 然后尝试删除其中的自签名证书,
  • 然后再次导入证书-
  • 最后使用指纹的证书通过另一个ARM模板部署服务结构。

这里是管道的摘录:

# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    continueOnError: true
    failOnStandardError: false
    powerShellErrorActionPreference: 'silentlyContinue'
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'

# import the self-signed certificate my-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    ScriptType: 'InlineScript'
    azurePowerShellVersion: '3.1.0'
    Inline: |
      $Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
      $Base64 = 'MIIKqQI__3000_CHARS_HERE____HP1ICAgfQ=='
      $Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
      echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"

起初,上面的代码适用于此功能,但是后来我在ARM模板中为keyvault禁用了soft delete功能:

"properties": {
    "enableSoftDelete": false,
    "enabledForDeployment": true,
    "enabledForDiskEncryption": false,
    "enabledForTemplateDeployment": true,

或者也许是我的问题的触发因素只是手动删除了密钥库...

无论如何,我现在收到重复的管道错误:

pipeline screenshot

我想知道即使设置了failOnStandardError: falsepowerShellErrorActionPreference: 'silentlyContinue',为什么也不能忽略“ az”故障?

而且,我尝试用“ try / catch”将两个“ az”命令包围起来,但错误仍然存​​在:

##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]scriptType=pscore
##[debug]scriptLocation=inlineScript
##[debug]scriptArguments=null
##[debug]powerShellErrorActionPreference=silentlyContinue
##[debug]Agent.Version=2.169.0
##[debug]Agent.TempDirectory=d:\a\_temp
##[debug]scriptPath=d:\a\1\s
##[debug]inlineScript=az keyvault certificate delete --vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/certificates/my-self-signed-cert'
 --vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/deletedcertificates/my-self-signed-cert'
##[debug]powerShellIgnoreLASTEXITCODE=false

...lines skipped...

A certificate with (name/id) my-self-signed-cert was not found in this key vault. If you recently deleted this certificate you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182
Operation "purge" is not enabled for this vault.
##[debug]$LASTEXITCODE: 1
##[debug]Exit code 1 received from tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]STDIO streams have closed for tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]task result: Failed
##[error]Script failed with exit code: 1
##[debug]Processed: ##vso[task.issue type=error;]Script failed with exit code: 1
##[debug]Processed: ##vso[task.complete result=Failed;]Script failed with exit code: 1
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg:  account clear
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg:  account clear
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]arguments:
##[debug]arguments:
##[debug]   account
##[debug]   account
##[debug]   clear
##[debug]   clear
[command]C:\windows\system32\cmd.exe /D /S /C ""C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd" account clear"
##[section]Finishing: AzureCLI
azure azure-pipelines azure-keyvault arm-template azure-cli
2个回答
1
投票

检查您的Yaml格式。 continueOnError不是任务的输入,而是任务本身的一个属性。因此,您的任务应该是:

0
投票

作为解决方法,添加exit 0对我有所帮助-

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.