创建服务端点是否有效? REST 方法失败,CLI 挂起

Does create service endpoint work? REST method fails, CLI Hangs

我正在尝试在 Azure DevOps 中创建一个服务端点(又名服务连接)。我首先尝试使用 DevOps CLI,但此方法挂起。使用 az devops 如下所示。

az devops service-endpoint azurerm create --name “Azure subscription 1 endpoint” --azure-rm-service-principal-id $serviceprincipleid --azure-rm-subscription-id $subscriptionid --azure-rm-tenant-id $tenantid --azure-rm-subscription-name $serviceprinciplename --organization $organization --project $project

挂起,直到我重新启动 PowerShell

我怀疑登录的帐户没有权限?? IDK。并且无法指定我需要的个人访问令牌。

然后我将注意力转向使用个人访问令牌 (PAT) 调用 DevOps REST 方法进行身份验证。我正在使用 sample

中的文档

这是 PowerShell 中的基本代码

$body = '{
  "data": {
    "subscriptionId": "1272a66f-e2e8-4e88-ab43-487409186c3f",
    "subscriptionName": "subscriptionName",
    "environment": "AzureCloud",
    "scopeLevel": "Subscription",
    "creationMode": "Manual"
  },
  "name": "MyNewARMServiceEndpoint",
  "type": "AzureRM",
  "url": "https://management.azure.com/",
  "authorization": {
    "parameters": {
      "tenantid": "1272a66f-e2e8-4e88-ab43-487409186c3f",
      "serviceprincipalid": "1272a66f-e2e8-4e88-ab43-487409186c3f",
      "authenticationType": "spnKey",
      "serviceprincipalkey": "SomePassword"
    },
    "scheme": "ServicePrincipal"
  },
  "isShared": false,
  "isReady": true,
  "serviceEndpointProjectReferences": [
    {
      "projectReference": {
        "id": "c7e5f0b3-71fa-4429-9fb3-3321963a7c06",
        "name": "TestProject"
      },
      "name": "MyNewARMServiceEndpoint"
    }
  ]
}' | convertto-json | convertfrom-json

$bo = $body | convertfrom-json
$bo.data.subscriptionId = $subscriptionid
$bo.data.subscriptionName = "subscription name"
$bo.name = $serviceprinciplename
$bo.authorization.parameters.tenantid = $tenantid
$bo.authorization.parameters.serviceprincipalid = $serviceprincipalid
$bo.authorization.parameters.serviceprincipalkey = $serviceprincipalkey
$bo.serviceEndpointProjectReferences = @{}

$readybody = $bo | convertto-json -Depth 100

#POST https://dev.azure.com/{organization}/_apis/serviceendpoint/endpoints?api-version=6.0-preview.4
function createazurermserviceendpoint($body, $pat, $org, $project)
{
    #POST https://dev.azure.com/{organization}/_apis/serviceendpoint/endpoints?api-version=6.0-preview.4
    $requestpath = "/_apis/serviceendpoint/endpoints?api-version=6.0-preview.4"
    $token = [System.Convert]::ToBase64String([System.Text.Encoding]::UTF8.GetBytes(":$pat"))
    $uribase = "https://dev.azure.com/" + $org
    $uri = $uribase+$requestpath
    $authheader = "Authorization=Basic " + $token

    $result = az rest --method post --uri $uri --headers "Content-Type=application/json" $authheader --body $body | convertfrom-json
    return $result
}

$result = createazurermserviceendpoint $readybody $pat $org $project 

该方法抛出 Bad Request 异常,如下所示

az : Bad Request({"$id":"1","innerException":null,"message":"TF400898: An Internal Error Occurred. Activity Id: 
10a098a9-b4b5-4def-8356-307a5cad0579.","typeName":"Newtonsoft.Json.JsonReaderException, 
Newtonsoft.Json","typeKey":"JsonReaderException","errorCode":0,"eventId":0})

因此,我使用 fiddler 进入 UI 并捕获了一个自动和手动创建的服务端点,认为合同是相同的。我不确定是不是。 API 生成的 json 正文如下所示。当我尝试通过脚本传递它时,我得到了与上面完全相同的错误。 json 的 None 和另一个一样;我从上面提到的文章中的示例 json 结构开始。现在我完全不确定是什么问题。

   #hack a version from fiddler to try it
    
    #fiddler body capture from automated service connection

    $readybody = '{"authorization":{"parameters":{"tenantid":"xxxxxxxx-34e9-4306-ac1a-5f28c1d08fb1","serviceprincipalid":"","serviceprincipalkey":"","authenticationType":"spnKey"},"scheme":"ServicePrincipal"},"createdBy":{},"data":{"environment":"AzureCloud","scopeLevel":"Subscription","subscriptionId":"yyyyyyyy-75c4-4dfd-bdd5-c8c42d1a5dd0","subscriptionName":"Azure subscription 1.1","creationMode":"Automatic","appObjectId":"","azureSpnPermissions":"","azureSpnRoleAssignmentId":"","spnObjectId":""},"isShared":false,"name":"Azure sub 1.1 test","owner":"library","type":"azurerm","url":"https://management.azure.com/","administratorsGroup":null,"description":"","groupScopeId":null,"operationStatus":null,"readersGroup":null,"serviceEndpointProjectReferences":[{"description":"","name":"Azure sub 1 test","projectReference":{"id":"zzzzzzzz-fad9-427f-ad6c-21f4ae2d311f","name":"Connected2someone"}}]}'

$result = createazurermserviceendpoint $readybody $pat $org $project 

以同样的方式失败

    #fiddler body capture from manual service connection

    $readybody = '{"dataSourceDetails":{"dataSourceName":"TestConnection","dataSourceUrl":"","headers":null,"resourceUrl":"","requestContent":null,"requestVerb":null,"parameters":null,"resultSelector":"","initialContextTemplate":""},"resultTransformationDetails":{"callbackContextTemplate":"","callbackRequiredTemplate":"","resultTemplate":""},"serviceEndpointDetails":{"administratorsGroup":null,"authorization":{"scheme":"ServicePrincipal","parameters":{"serviceprincipalid":"xxxxxxxx-65b2-470d-adc7-c811fc993014","authenticationType":"spnKey","serviceprincipalkey":"{a key}","tenantid":"yyyyyyy-34e9-4306-ac1a-5f28c1d08fb1"}},"createdBy":null,"data":{"environment":"AzureCloud","scopeLevel":"Subscription","subscriptionId":"zzzzzzzz-75c4-4dfd-bdd5-c8c42d1a5dd3","subscriptionName":"azure test 2 ","creationMode":"Manual"},"description":"","groupScopeId":null,"name":"azure test 2 connection","operationStatus":null,"readersGroup":null,"serviceEndpointProjectReferences":null,"type":"azurerm","url":"https://management.azure.com/","isShared":false,"owner":"library"}}'

$result = createazurermserviceendpoint $readybody $pat $org $project 

以同样的方式失败。

有人可以确认 REST API 有效吗? API 的版本是什么?正文 json 看起来像我发布的吗?

我用你的 PowerShell 脚本做了一个测试,得到了和你一样的错误。

然后我切换到另一个具有相同主体的 PowerShell 脚本,它成功了。

这是我的脚本:

$pat = "{PAT}"
$pat = [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes(":$($pat)"))
$url="https://dev.azure.com/{organization}/_apis/serviceendpoint/endpoints?api-version=6.0-preview.4"
$body = @'
{
    body
}
'@

$head = @{ Authorization =" Basic $pat" }
Invoke-RestMethod -Uri $url -Method Post -Headers $head -Body $body -ContentType application/json

所以错误的原因可能是您的 PowerShell 脚本(可能是 az rest)而不是 REST API 请求正文。您可以试用我提供的 PowerShell 脚本。

顺便说一句:

您可以使用 PAT 登录 Azure DevOps CLI。请点击this document查看详细信息。