代码之家 › 专栏 › 技术社区 › audunsol

通过powershell获取Azure API Management Git存储库的密码

azure-api-management powershell git

audunsol · 技术社区 · 7 年前

我正在尝试为Azure API管理的测试和生产实例运行一些自动化,并正在探索Git配置。基于 answer and its comments from this post

$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'

$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName

$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1

$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }

$pw = Invoke-AzureRmResourceAction  -ResourceGroupName $resourceGroupName `
                                    -ResourceType 'Microsoft.ApiManagement/service/users' `
                                    -Action 'token' `
                                    -ResourceName "$serviceName/$($user.UserId)" `
                                    -ApiVersion "2016-10-10" `
                                    -Parameters $parameters

## URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)

# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})

$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"

git clone $gitUrl

此操作失败:

Cloning into '<servicename>.scm.azure-api.net'...
fatal: unable to access 'https://apim:<pwUrlencoded>@<servicename>.
scm.azure-api.net/': The requested URL returned error: 403

如果我直接从APIM发布者门户粘贴密码,而不是从$pw粘贴密码,脚本可以正常工作。此行中的值:

$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode('<Pasted password from portal>')

所以urlencode和regexing部分不是我的主要嫌疑犯。

1 回复 | 直到 7 年前

audunsol 7 年前

我也在这里发布了或多或少相同的问题 Microsoft Azure Support site 在那里,我收到了“Sheetal J S”的回复,为我解决了这个问题。

$user = (Get-AzureRmApiManagementUser -Context $apimContext) | Select-Object -First 1

而是像这样获取git访问的用户Id:

$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id

$resourceGroupName = '<My resource group name>'
$serviceName = '<My Azure Api Management instance name>'
$gitUser = '<username for Git found in APIM Publisher Portal>'

$apimContext = New-AzureRmApiManagementContext -ResourceGroupName $resourceGroupName -ServiceName $serviceName

$gitAccess = Get-AzureRmApiManagementTenantGitAccess -Context $apimContext
$userId = $gitAccess.Id

$expiry = Get-Date ((Get-Date).AddDays(29)) -Format "yyyy-MM-ddTHH:mm:ss.000Z"
$parameters = @{ "keyType"= "primary"; "expiry"= "$expiry"; }

$pw = Invoke-AzureRmResourceAction  -ResourceGroupName $resourceGroupName -ResourceType 'Microsoft.ApiManagement/service/users' -Action 'token' -ResourceName "$serviceName/$userId" -ApiVersion "2016-10-10" -Parameters $parameters

# URL-encode password:
$pwUrlencodedLowerCase = [System.Web.HttpUtility]::UrlEncode($pw.value)

# Seems like password has to be URL-encoded with UPPERCASE heximal digits (e.g. %3D instead of %3d) for Git to authenticate properly:
[regex]$regex='(%[0-9a-f][0-9a-f])'
$pwUrlencoded = $regex.Replace($pwUrlencodedLowerCase, {$args[0].Value.ToUpper()})

$gitUrl = "https://${gitUser}:$pwUrlencoded@$serviceName.scm.azure-api.net/"

git clone $gitUrl