有一段时间,我在 Azure Devops 中创建新的 Azure ARM Manuel 服务连接,但无法验证它们。我收到错误:已添加具有相同密钥的项目。
如果我从 Azure DevOps GUI 将服务主体服务连接的密码更改为其他内容,则会收到密码错误,并且如果我将密码更新为与 REST API 创建密码时使用的密码完全相同的密码,则连接验证OK。
那么从 REST API 创建之后发生了一些事情,导致连接出现错误?
param(
[Parameter(Mandatory)]
[string]$SPKey,
[Parameter(Mandatory)]
[string]$PAT,
[Parameter(Mandatory)]
[string]$TenantID,
[Parameter(Mandatory)]
[string]$AADApplicationID,
[Parameter(Mandatory)]
[string]$subscriptionName,
[Parameter(Mandatory)]
[string]$SubscriptionId
)
#write-host "SPKEY is $SPKEY"
write-host "TenantID is $TenantID"
write-host "AADApplicationID is $AADApplicationID"
write-host "Subname is $subscriptionName"
write-host "SubID $SubscriptionId"
$subscriptionName = $subscriptionName.Replace('Ø','OE')
$subscriptionName = $subscriptionName.Replace('ø','oe')
$subscriptionName = $subscriptionName.Replace('Å','AA')
$subscriptionName = $subscriptionName.Replace('å','aa')
$subscriptionName = $subscriptionName.Replace('Æ','AE')
$subscriptionName = $subscriptionName.Replace('æ','ae')
write-host "Subname is now" $subscriptionName
$PATGetBytes = [System.Text.Encoding]::ASCII.GetBytes(":$PAT")
$Authentication = [System.Convert]::ToBase64String($PATGetBytes)
$Headers = @{Authorization = ("Basic {0}" -f $Authentication) }
$Uri = "https://dev.azure.com/ORG/PROJECT/_apis/serviceendpoint/endpoints?api-version=5.1-preview.2"
$Body = [pscustomobject]@{
data = [pscustomobject]@{
subscriptionId = "$SubscriptionId"
subscriptionName = "$subscriptionName"
CreationMode = 'Manual'
scopeLevel = 'Subscription'
}
authorization = [pscustomobject]@{
scheme = 'ServicePrincipal'
parameters = [pscustomobject]@{
tenantid = "$TenantID"
serviceprincipalid = "$AADApplicationID"
authenticationType = "spnKey"
serviceprincipalkey = "$SPKey"
}
}
isShared = $true
isReady = $True
serviceEndpointProjectReferences = @(
@{
projectReference = @{
id = "9a4bfcab-c7b2-48fb-90c8-efb7461a962f"
name = "CescomIaC"
}
name = "$SubscriptionId"
}
)
name = "$SubscriptionId"
type = 'azurerm'
url = 'https://management.azure.com/'
} | ConvertTo-Json -Depth 10
$serviceendpointAzure = Invoke-RestMethod -Uri $Uri -Method Post -Body $Body -Headers $Headers -ContentType 'application/json'
$serviceendpointAzureid = $serviceendpointAzure.id
$jsonpermitazure = @"
{
"allPipelines": {
"authorized": true,
"authorizedBy": null,
"authorizedOn": null
},
"pipelines": null,
"resource": {
"id": "$serviceendpointAzureid",
"type": "endpoint"
}
}
"@
$authhttpazure = "https://dev.azure.com/ORG/PROJECT/_apis/pipelines/pipelinePermissions/endpoint/" + $serviceendpointAzureid + "?api-version=5.1-preview.1"
Invoke-RestMethod -Method PATCH -Uri $authhttpazure -Headers $Headers -Body $jsonpermitazure -ContentType "application/json"
我尝试使用您的脚本来创建服务连接。当我单击“验证”按钮时,我发现了相同的错误消息。
然后我尝试用以下脚本替换正文,它可以验证成功。请参考以下脚本。
$SPKey=""
$PAT=""
$TenantID=""
$AADApplicationID=""
$subscriptionName=""
$SubscriptionId=""
$orgname=""
#write-host "SPKEY is $SPKEY"
write-host "TenantID is $TenantID"
write-host "AADApplicationID is $AADApplicationID"
write-host "Subname is $subscriptionName"
write-host "SubID $SubscriptionId"
$PATGetBytes = [System.Text.Encoding]::ASCII.GetBytes(":$PAT")
$Authentication = [System.Convert]::ToBase64String($PATGetBytes)
$Headers = @{Authorization = ("Basic {0}" -f $Authentication) }
$Uri = "https://dev.azure.com/"+$orgname+"/_apis/serviceendpoint/endpoints?api-version=7.2-preview.4"
$body = @"
{
`"data`": {
`"subscriptionId`": `"$SubscriptionId`",
`"subscriptionName`": `"$subscriptionName`",
`"environment`": `"AzureCloud`",
`"scopeLevel`": `"Subscription`",
`"creationMode`": `"Manual`"
},
`"name`": `"MyServiceConnection`",
`"type`": `"AzureRM`",
`"url`": `"https://management.azure.com/`",
`"authorization`": {
`"parameters`": {
`"tenantid`": `"$TenantID`",
`"serviceprincipalid`": `"$AADApplicationID`",
`"authenticationType`": `"spnKey`",
`"serviceprincipalkey`": `"$SPKey`"
},
`"scheme`": `"ServicePrincipal`"
},
`"isShared`": false,
`"isReady`": true,
`"serviceEndpointProjectReferences`": [
{
`"projectReference`": {
`"id`": `"17d78674-6c54-4723-9a07-30ceb77e7d84`",
`"name`": `"PROJECT`"
},
`"name`": `"MyServiceConnection`"
}
]
}
"@
$serviceendpointAzure = Invoke-RestMethod -Uri $Uri -Method Post -Body $Body -Headers $Headers -ContentType 'application/json'
$serviceendpointAzure | ConvertTo-Json