问题
I want to deploy apps to my service fabric using azure ad & powershell.
I've setup the required azure AD apps, but I don't know how to login to an Azure AD account programtically so it can be deployed from CD tool. It seems like this needs to be an AD user and not service principal. The COnnect-ServiceFabric cmdlet requires some sort of security token when using AzureAD and I don't know how to provide it to avoid the popup.
回答1:
Here are steps that you could use to get things up and running -
1. You need to create two app registrations in AD - the one to represent the SF cluster and the second one for the client app. You could follow the instructions here to get it done Set up Azure Active Directory for client authentication
As the result, you should have the next output -
"azureActiveDirectory": { "tenantId":"guid", "clusterApplication":"guid", "clientApplication":"guid" }
2. Now you could set up your SF cluster. You could either put the AD artifacts you've got from the previous step into the rm template or specify the fields in the portal. The choice is yours -
3. Find the app registrations created at the first step in AD, and assign to the user you are going to login with some role there.
4. Finally, use this example to login using AD authentication in a non-interactive mode - Connect to a secure cluster non-interactively using Azure Active Directory.
Here is just the same but in Powershell -
$authority = "https://login.microsoftonline.com/your_tenant_id"
$credentials = [Microsoft.IdentityModel.Clients.ActiveDirectory.UserCredential]::new($UserName, $Password)
$authContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]::new($authority)
$authResult = $authContext.AcquireTokenAsync($clusterApplicationId, $clientApplicationId, $credentials)
$Token = $authResult.Result.AccessToken
Connect-ServiceFabricCluster -AzureActiveDirectory -SecurityToken $Token -ConnectionEndpoint "your_cluster_name.location.cloudapp.azure.com:19000" -ServerCertThumbprint "your_server_cert_thumbprint"
That's basically it.
来源:https://stackoverflow.com/questions/46780978/deploying-servicefabric-apps-using-azuread-authentication