Azure devops 如何通过ARM模板在Azure CDN的CustomDomain中启用HTTPS
我已经通过CI/CD从Azure DevOps通过ARM模板创建了Azure CDN,遵循以下参考- Azure CDN创建并映射了具有终结点的自定义域。 但不确定如何通过ARM(来自Azure DevOps)模板在自定义域中启用HTTPS(我自己的证书在KeyVault中可用),MS模板参考中不提供选项 希望自动化Azure CDN的整个创建 有没有办法为CustomDomain和DevOps启用HTTPS 这是我的剧本(不是最后的)- 在CI/CD中以及通过PowerShell执行时引发相同问题 问题-Azure devops 如何通过ARM模板在Azure CDN的CustomDomain中启用HTTPS,azure-devops,azure-resource-manager,azure-cdn,Azure Devops,Azure Resource Manager,Azure Cdn,我已经通过CI/CD从Azure DevOps通过ARM模板创建了Azure CDN,遵循以下参考- Azure CDN创建并映射了具有终结点的自定义域。 但不确定如何通过ARM(来自Azure DevOps)模板在自定义域中启用HTTPS(我自己的证书在KeyVault中可用),MS模板参考中不提供选项 希望自动化Azure CDN的整个创建 有没有办法为CustomDomain和DevOps启用HTTPS 这是我的剧本(不是最后的)- 在CI/CD中以及通过PowerShell执行时引发
Invoke-RestMethod : {
"error": {
"code": "NotFound",
"message": "The resource cannot be found."
}
At line:51 char:11
+ $state = (Invoke-RestMethod -Method GET -Uri $StateUri -Headers $hea ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], We
bException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
PS C:\WINDOWS\system32> Get-AzCdnCustomDomain -ResourceGroupName 'XXXXX' -ProfileName 'XXXXX' -EndpointName 'XXXXX' -CustomDomainNa
me 'subdomain.domain.com'
Get-AzCdnCustomDomain : Operation returned an invalid status code 'BadRequest'
At line:1 char:1
+ Get-AzCdnCustomDomain -ResourceGroupName 'XXXXX' -Prof ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzCdnCustomDomain], ErrorResponseException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Cdn.CustomDomain.GetAzureRmCdnCustomDomain
HTTPSPOST https://management.azure.com/subscriptions/{subscription id}/resourcegroups/{resourceGroup name}/providers/Microsoft.Cdn/profiles/{Cdnprofile name)/endpoints/{cdnEndpointName}/customdomains/customDomain/enableCustomHttps?api-version=2018-04-02"
certificateSource希望自动化Azure CDN的整个创建 现在,您应该已经了解了如何启用HTTPS。因此,问题是如何在VSTS中自动创建完整的Azure CDN 步骤1:添加代理作业 步骤2:添加第一个任务
Azure资源组部署Powershell您可以在CI或CD中应用这些步骤,任何人都可以在VSTS中使用。通过PowerShell脚本启用自定义域的HTTPS并调用。至少现在是这样;我无法通过“”执行此操作,未获得--自定义域https参数的正确示例 由于严重的错误,我总是从收到HTTP状态400。原因是我将域名(主机名)而不是友好名称映射传递到端点。(例如,我的域名或主机名是:mysubdomain.domainname.com,友好名称是MyDevDomain;然后Rest API需要MyDevDomain) 我们可以按照@Merlin Liang-MSFT的步骤来自动化这个过程 我遵循的步骤- 参考-
调用之前,请根据博客检查设置状态。谢谢Merlin。是通过PowerShell完成的,现在我面临的问题是:属性“CustomDomainEntityKey.CustomDomainName”无法设置为-(域名),不确定它传播的原因?(API版本为-2019-04-15)@Debasighosh,您现在面临哪些困难?无法将确切的自定义域名传递给它?或者认为它不应该在这里传递域?在RestAPI中传递customDomain值。在Azure DevOps中执行PowerShell脚本时出现此问题。@DebasisGhosh您介意向我显示详细的错误日志吗?也许我可以从中找到一些东西。@Debassghosh,没关系:-0我已经检查了您的脚本和错误,您传递给API的
CustomDomainNamemysubdomain.mydomain.commysubdomain mydomain comPOST https://management.azure.com/subscriptions/{subscription id}/resourcegroups/{resourceGroup name}/providers/Microsoft.Cdn/profiles/{Cdnprofile name)/endpoints/{cdnEndpointName}/customdomains/customDomain/enableCustomHttps?api-version=2018-04-02"
{
"certificateSource": "AzureKeyVault",
"protocolType": "ServerNameIndication",
"certificateSourceParameters": {
"@odata.type": "#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters",
"subscriptionId": "$subId",
"resourceGroupName": "$resourceGroupKv",
"vaultName": "$kvName",
"SecretName": "$secretName",
"SecretVersion": "$version",
"updateRule": "NoAction",
"deleteRule": "NoAction"
}
}
$cdnProfile = Get-AzCdnProfile -ProfileName $cdnProfileName;
$resourceGroup = Get-AzResourceGroup -Name $cdnProfile.ResourceGroupName;
$resourceGroupName = $resourceGroup.ResourceGroupName;
# Get Access Token to invoke in Rest API
$context = Get-AzContext;
$subscriptionId = $context.Subscription.Id;
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile;
if (-not $azProfile.Accounts.Count) {
Write-Error "Error occured!"
Exit 1
}
$profileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($azProfile);
$token = $profileClient.AcquireAccessToken($context.Subscription.TenantId) ;
$accessToken = $token.AccessToken;
if (-not $accessToken) {
Write-Error "Error occured!";
Exit 1
}
# Update certificate values
# ref - https://docs.microsoft.com/en-us/rest/api/cdn/customdomains/enablecustomhttps
$ProvisionUri = "https://management.azure.com/subscriptions/$($subscriptionId)/resourcegroups/$($resourceGroupName)/providers/Microsoft.Cdn/profiles/$($cdnProfileName)/endpoints/$($cdnEndpointName)/customdomains/$($cdnCustomDomainName)/enableCustomHttps?api-version=$($apiVersion)"
$body = $ExecutionContext.InvokeCommand.ExpandString('{"certificateSource":"AzureKeyVault","protocolType":"ServerNameIndication","certificateSourceParameters":{"@odata.type":"#Microsoft.Azure.Cdn.Models.KeyVaultCertificateSourceParameters","subscriptionId":"$subscriptionId","resourceGroupName":"$keyVaultResourceGroupName","vaultName":"$keyVaultName","SecretName":"$secretName","SecretVersion":"$secretVersion","updateRule":"NoAction","deleteRule":"NoAction"}}')
$headers = @{ }
$headers.Add('Authorization', "Bearer $accessToken")
$headers.Add('Content-Type', 'application/json')
write-verbose -verbose "[INF] Provision Uri: $($ProvisionUri)"
write-verbose -verbose "[INF] Headers: $($headers)"
write-verbose -verbose "[INF] Body: $($body)"
Write-Verbose -Verbose "Applying custom certificate to $($cdnProfileName):$($cdnEndpointName)"
Invoke-RestMethod -Method Post -Uri $ProvisionUri -Headers $headers -Body $body
write-verbose -verbose "[INF] Script executed successfully!"