Azure devops 使用Azure Devops管道将AAD组添加到SQL Azure

我想使用Azure Devops将广告组添加到SQL Azure。广告组包含webapp的MSI

我们在AAD中添加了一个名为DemoSqlAdmin的组，其中包含Azure DevOps管道中使用的SPN。此组已设置为SQL Server-Active Directory管理员

运行Azure Devops任务时：身份验证类型为“Active Directory-Integrated”的Azure SQL数据库部署出现以下错误：

2019-05-08T17:44:56.3763560Z ##[debug]Run-InlineSql -authenticationType aadAuthenticationIntegrated -serverName demoserver.database.windows.net -databaseName demodatabase -sqlUserName  -sqlPassword  -sqlInline "select getdate()" -connectionString  -ErrorVariable errors -ConnectionTimeout 120 | Out-String
2019-05-08T17:44:56.3903602Z Temporary inline SQL file: C:\Users\VssAdministrator\AppData\Local\Temp\tmp6824.tmp
2019-05-08T17:44:56.4094244Z Invoke-Sqlcmd -connectionString "Data Source=demoserver.database.windows.net; Initial Catalog=demodatabase; Authentication=Active Directory Integrated;"  -Inputfile "C:\Users\VssAdministrator\AppData\Local\Temp\tmp6824.tmp" 
2019-05-08T17:45:01.3106772Z ##[debug]Removing File C:\Users\VssAdministrator\AppData\Local\Temp\tmp6824.tmp
2019-05-08T17:45:01.3177919Z ##[debug]Failed to reach SQL server demoserver.database.windows.net. One or more errors occurred.
2019-05-08T17:45:01.3256036Z ##[debug]Error Message : System.Management.Automation.ActionPreferenceStopException: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: One or more errors occurred.
2019-05-08T17:45:01.3268924Z ##[debug]   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
2019-05-08T17:45:01.3282131Z ##[debug]   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3294469Z ##[debug]   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3306333Z ##[debug]   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3323803Z ##[debug]Message To Parse: System.Management.Automation.ActionPreferenceStopException: The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: One or more errors occurred.
2019-05-08T17:45:01.3336914Z ##[debug]   at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)
2019-05-08T17:45:01.3348860Z ##[debug]   at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3360481Z ##[debug]   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3373282Z ##[debug]   at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)
2019-05-08T17:45:01.3461566Z ##[debug]
2019-05-08T17:45:01.3658976Z Temporary inline SQL file: C:\Users\VssAdministrator\AppData\Local\Temp\tmp7B8E.tmp
2019-05-08T17:45:01.3678332Z Invoke-Sqlcmd -connectionString "Data Source=demoserver.database.windows.net; Initial Catalog=demodatabase; Authentication=Active Directory Integrated;"  -Inputfile "C:\Users\VssAdministrator\AppData\Local\Temp\tmp7B8E.tmp" 
2019-05-08T17:45:01.5110410Z ##[debug]Removing File C:\Users\VssAdministrator\AppData\Local\Temp\tmp7B8E.tmp
2019-05-08T17:45:01.5186309Z ##[debug]No Firewall Rule was added
2019-05-08T17:45:01.5410661Z ##[debug]Caught exception from task script.
2019-05-08T17:45:01.5440006Z ##[debug]Error record:
2019-05-08T17:45:01.6073859Z ##[debug]One or more errors occurred.Check out how to troubleshoot failures at https://aka.ms/sqlazuredeployreadme#troubleshooting-
2019-05-08T17:45:01.6087196Z ##[debug]At D:\a\_tasks\SqlAzureDacpacDeployment_ce85a08b-a538-4d2b-8589-1d37a9ab970f\1.3.16\DeploySqlAzure.ps1:202 char:5
2019-05-08T17:45:01.6100074Z ##[debug]+     throw $errorMessage
2019-05-08T17:45:01.6113872Z ##[debug]+     ~~~~~~~~~~~~~~~~~~~
2019-05-08T17:45:01.6126477Z ##[debug]    + CategoryInfo          : OperationStopped: (One or more err...roubleshooting-:String) [], RuntimeException
2019-05-08T17:45:01.6137940Z ##[debug]    + FullyQualifiedErrorId : One or more errors occurred.Check out how to troubleshoot failures at https://aka.ms/sql    azuredeployreadme#troubleshooting-
2019-05-08T17:45:01.6149271Z ##[debug] 
2019-05-08T17:45:01.6166593Z ##[debug]Script stack trace:
2019-05-08T17:45:01.6202488Z ##[debug]at <ScriptBlock>, D:\a\_tasks\SqlAzureDacpacDeployment_ce85a08b-a538-4d2b-8589-1d37a9ab970f\1.3.16\DeploySqlAzure.ps1: line 202
2019-05-08T17:45:01.6213523Z ##[debug]at <ScriptBlock>, <No file>: line 1
2019-05-08T17:45:01.6225421Z ##[debug]at <ScriptBlock>, <No file>: line 22
2019-05-08T17:45:01.6237258Z ##[debug]at <ScriptBlock>, <No file>: line 18
2019-05-08T17:45:01.6250995Z ##[debug]at <ScriptBlock>, <No file>: line 1
2019-05-08T17:45:01.6269245Z ##[debug]Exception:
2019-05-08T17:45:01.6310341Z ##[debug]System.Management.Automation.RuntimeException: One or more errors occurred.Check out how to troubleshoot failures at https://aka.ms/sqlazuredeployreadme#troubleshooting-
2019-05-08T17:45:01.6521044Z ##[error]One or more errors occurred.Check out how to troubleshoot failures at https://aka.ms/sqlazuredeployreadme#troubleshooting-

看看这个

---

身份验证类型数据库身份验证的必需类型，可以是SQL Server身份验证、Active Directory-集成、Active Directory-密码或连接字符串。集成身份验证意味着代理将使用其当前的Active Directory帐户上下文访问数据库。

我想你是对的，我认为选择SPN也是选择运行方式帐户，但我想我们只是连接构建代理的帐户。让我进一步调查。@luuk你有没有弄清楚那是不是真的？ie:是使用Build Agent帐户而不是服务连接的SPN吗？@CDerrig我们公司的另一个团队也试图修复此问题，但他们无法修复。可能是因为我们使用Azure DevOps的托管代理。@luk啊，谢谢！最后，我通过使用Azure CLI任务为与Azure服务连接关联的服务主体生成accessToken，然后将该令牌传递给SqlPackage arguments/at:$令牌，并使用连接字符串身份验证类型，而不指定用户名/密码或身份验证=。基于这些：和@JoshGallagher非常抱歉，我直到现在才看到这一点，这可能为时已晚，但如果我没记错的话，AzureCLI返回的标记用双引号括起来。实际上我写了一篇文章描述了整个过程。