问题
In the release pipeline, I am trying to connect to Azure AD by using Connect-Azaccount so I can run Get-AzADgroup to retrieve some Az AD group names and their guid and output to variables.
I created Azure Powershell task with the following inline script.
(Get-AzADGroup -DisplayName "group-name").origin
回答1:
It seems you need to use a non-interactive login, follow the steps as below.
1.Create an Azure Active Directory application and create a secret for the app, save the secret and get values for signing in.
2.In your AD App -> API permissions -> Add a permission -> select Azure Active Directory Graph -> Application permissions -> Directory.Read.All -> click Add permissions -> click Grant admin consent for xxx, refer to the screenshot.
3.Try the script as below, use the values which you get in step 1, it works fine on my side.
Note: You need to use the Task version with 4.*(preview) when you use Az powershell module.
$azureAplicationId ="<your ad app application id>"
$azureTenantId= "<your tenant id>"
$azurePassword = ConvertTo-SecureString "<the secret of your ad app>" -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAplicationId , $azurePassword)
Connect-AzAccount -Credential $psCred -TenantId $azureTenantId -ServicePrincipal
#I just test to get all groups, you could do other operations
Get-AzADGroup
来源:https://stackoverflow.com/questions/56350960/how-to-connect-azaccount-in-azure-devops-release-pipeline