通过 powershell 获取 Azure API Management Git 存储库的密码
Get password for Azure API Management Git repository through powershell
我正在尝试 运行 为我们的 Azure API 管理测试和生产实例实现一些自动化,并且正在探索 Git 配置。基于 ,我能够制作部分有效的 powershell 脚本:
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName `
-ResourceType 'Microsoft.ApiManagement/service/users' `
-Action 'token' `
-ResourceName "$serviceName/$($user.UserId)" `
-ApiVersion "2016-10-10" `
-Parameters $parameters
## URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl
这失败了:
Cloning into '<servicename>.scm.azure-api.net'...
fatal: unable to access 'https://apim:<pwUrlencoded>@<servicename>.
scm.azure-api.net/': The requested URL returned error: 403
如果我直接从 APIM Publisher Portal 粘贴密码,而不是在这一行中粘贴 $pw.value,则脚本工作正常:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode('<Pasted password from portal>')
所以 urlencode 和正则表达式部分不是我的主要怀疑对象。
我做错了什么?
我也在 Microsoft Azure Support site 上发布了或多或少相同的问题,"Sheetal J S" 给我的回复解决了我的问题。
主要问题是这一行:
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
而是像这样获取 git 访问的用户 ID:
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
然后在调用 Invoke-AzureRmResourceAction 时在资源名称中引用该 Id 使其按我想要的方式工作。完整的工作脚本是这样的(以防其他人从中受益):
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType 'Microsoft.ApiManagement/service/users' -Action 'token' -ResourceName "$serviceName/$userId" -ApiVersion "2016-10-10" -Parameters $parameters
# URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl
我正在尝试 运行 为我们的 Azure API 管理测试和生产实例实现一些自动化,并且正在探索 Git 配置。基于
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName `
-ResourceType 'Microsoft.ApiManagement/service/users' `
-Action 'token' `
-ResourceName "$serviceName/$($user.UserId)" `
-ApiVersion "2016-10-10" `
-Parameters $parameters
## URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl
这失败了:
Cloning into '<servicename>.scm.azure-api.net'...
fatal: unable to access 'https://apim:<pwUrlencoded>@<servicename>.
scm.azure-api.net/': The requested URL returned error: 403
如果我直接从 APIM Publisher Portal 粘贴密码,而不是在这一行中粘贴 $pw.value,则脚本工作正常:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode('<Pasted password from portal>')
所以 urlencode 和正则表达式部分不是我的主要怀疑对象。
我做错了什么?
我也在 Microsoft Azure Support site 上发布了或多或少相同的问题,"Sheetal J S" 给我的回复解决了我的问题。
主要问题是这一行:
$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1
而是像这样获取 git 访问的用户 ID:
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
然后在调用 Invoke-AzureRmResourceAction 时在资源名称中引用该 Id 使其按我想要的方式工作。完整的工作脚本是这样的(以防其他人从中受益):
$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'
$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName
$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id
$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }
$pw = Invoke-AzureRmResourceAction -ResourceGroupName $resourceGroupName -ResourceType 'Microsoft.ApiManagement/service/users' -Action 'token' -ResourceName "$serviceName/$userId" -ApiVersion "2016-10-10" -Parameters $parameters
# URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)
# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})
$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"
git clone $gitUrl