为什么使用用户帐户而不使用服务主体?
Why does user account is being used but not the Service Principal?
我已经使用我的帐户“emj”登录并在 Jenkins 上执行了以下 Azure CLI
az account show
az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-123>>
az account show
下面是输出
它显示了预期的用户帐户
+ az account show
{
"environmentName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-123-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-123",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "emj@demo.com",
"type": "user"
}
}
以服务主体身份登录
[Pipeline] sh
+ az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
[
{
"cloudName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-456-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-456",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "servicePrincipalID",
"type": "servicePrincipal"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-789-ID",
"isDefault": false,
"managedByTenants": [
{
"tenantId": "tenantID"
}
],
"name": "Subscription-789",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "servicePrincipalID",
"type": "servicePrincipal"
}
}
]
并设置所需的订阅
[Pipeline] sh
+ az account set -s <<Subscription-456-ID>>
当我期待显示服务主体时,它显示了用户帐户
[Pipeline] sh
+ az account show
{
"environmentName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-456-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-456",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "emj@demo.com",
"type": "user"
}
}
注意:如果不使用“az account set -s <>”设置订阅,则显示服务主体帐户。
为什么它显示用户帐户而不是服务主体? 'az login --service-principal -u <> -p <> -t >' 是什么意思,因为它没有被考虑在内?
嗯,不知道为什么会这样,但是要解决这个问题,您可以在登录用户 account/service 主体之前使用 az account clear
,这样不同的上下文就不会混合了。
例如,您想通过服务主体凭据运行 Azure CLI,它应该是:
az account clear
az login --service-principal -u <<ApplicationId>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-456-ID>>
az account show
那么如果你想通过用户凭证进行操作,只需使用如下命令:
az account clear
az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-123>>
az account show
我已经使用我的帐户“emj”登录并在 Jenkins 上执行了以下 Azure CLI
az account show
az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-123>>
az account show
下面是输出
它显示了预期的用户帐户
+ az account show
{
"environmentName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-123-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-123",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "emj@demo.com",
"type": "user"
}
}
以服务主体身份登录
[Pipeline] sh
+ az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
[
{
"cloudName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-456-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-456",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "servicePrincipalID",
"type": "servicePrincipal"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-789-ID",
"isDefault": false,
"managedByTenants": [
{
"tenantId": "tenantID"
}
],
"name": "Subscription-789",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "servicePrincipalID",
"type": "servicePrincipal"
}
}
]
并设置所需的订阅
[Pipeline] sh
+ az account set -s <<Subscription-456-ID>>
当我期待显示服务主体时,它显示了用户帐户
[Pipeline] sh
+ az account show
{
"environmentName": "AzureCloud",
"homeTenantId": "tenantID",
"id": "Subscription-456-ID",
"isDefault": true,
"managedByTenants": [],
"name": "Subscription-456",
"state": "Enabled",
"tenantId": "tenantID",
"user": {
"name": "emj@demo.com",
"type": "user"
}
}
注意:如果不使用“az account set -s <>”设置订阅,则显示服务主体帐户。
为什么它显示用户帐户而不是服务主体? 'az login --service-principal -u <> -p <> -t >' 是什么意思,因为它没有被考虑在内?
嗯,不知道为什么会这样,但是要解决这个问题,您可以在登录用户 account/service 主体之前使用 az account clear
,这样不同的上下文就不会混合了。
例如,您想通过服务主体凭据运行 Azure CLI,它应该是:
az account clear
az login --service-principal -u <<ApplicationId>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-456-ID>>
az account show
那么如果你想通过用户凭证进行操作,只需使用如下命令:
az account clear
az login --service-principal -u <<UserName>> -p <<Password>> -t <tenantID>>
az account set -s <<Subscription-123>>
az account show