如何制作AzureCLI@2忽略“的结果”；az keyvault证书是否删除；？_Azure_Azure Pipelines_Azure Keyvault_Arm Template_Azure Cli

如何制作AzureCLI@2忽略“的结果”；az keyvault证书是否删除；？

azure

如何制作AzureCLI@2忽略“的结果”；az keyvault证书是否删除；？,azure,azure-pipelines,azure-keyvault,arm-template,azure-cli,Azure,Azure Pipelines,Azure Keyvault,Arm Template,Azure Cli,在用于夜间构建的Azure管道中，我正在执行以下步骤：通过ARM模板部署keyvault 然后尝试删除其中的自签名证书然后再次导入证书- 最后通过另一个ARM模板部署一个服务结构，通过指纹使用证书以下是管道的摘录： # purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?) - task: AzureCLI@2 inputs: azure

在用于夜间构建的Azure管道中，我正在执行以下步骤：

通过ARM模板部署keyvault
然后尝试删除其中的自签名证书
然后再次导入证书-
最后通过另一个ARM模板部署一个服务结构，通过指纹使用证书

以下是管道的摘录：

# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    continueOnError: true
    failOnStandardError: false
    powerShellErrorActionPreference: 'silentlyContinue'
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'

# import the self-signed certificate my-self-signed-cert into the Keyvault
- task: AzurePowerShell@5
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    ScriptType: 'InlineScript'
    azurePowerShellVersion: '3.1.0'
    Inline: |
      $Pwd = ConvertTo-SecureString -String 'MyPassword' -Force -AsPlainText
      $Base64 = 'MIIKqQI__3000_CHARS_HERE____HP1ICAgfQ=='
      $Cert = Import-AzKeyVaultCertificate -VaultName $(KeyVaultName) -Name my-self-signed-cert -CertificateString $Base64 -Password $Pwd
      echo "##vso[task.setvariable variable=Thumbprint;isOutput=true]$Cert.Thumbprint"

起初，上述代码适用于，但后来我在keyvault的ARM模板中禁用了软删除功能：

"properties": {
    "enableSoftDelete": false,
    "enabledForDeployment": true,
    "enabledForDiskEncryption": false,
    "enabledForTemplateDeployment": true,

或者我的问题的导火索就是手动删除钥匙库

无论如何，现在我得到了重复的管道错误：

我想知道，尽管我设置了

failOnStandardError:false

和

powerShellErrorActionPreference:“silentlyContinue”

，为什么“az”故障没有被忽略

此外，我尝试用“try/catch”来包围这两个“az”命令，但错误仍然存在：

##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]scriptType=pscore
##[debug]scriptLocation=inlineScript
##[debug]scriptArguments=null
##[debug]powerShellErrorActionPreference=silentlyContinue
##[debug]Agent.Version=2.169.0
##[debug]Agent.TempDirectory=d:\a\_temp
##[debug]scriptPath=d:\a\1\s
##[debug]inlineScript=az keyvault certificate delete --vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/certificates/my-self-signed-cert'
 --vault-name my-nightly-my-keyvault --id 'https://my-nightly-my-keyvault.vault.azure.net/deletedcertificates/my-self-signed-cert'
##[debug]powerShellIgnoreLASTEXITCODE=false

...lines skipped...

A certificate with (name/id) my-self-signed-cert was not found in this key vault. If you recently deleted this certificate you may be able to recover it using the correct recovery command. For help resolving this issue, please see https://go.microsoft.com/fwlink/?linkid=2125182
Operation "purge" is not enabled for this vault.
##[debug]$LASTEXITCODE: 1
##[debug]Exit code 1 received from tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]STDIO streams have closed for tool 'C:\Program Files\PowerShell\7\pwsh.exe'
##[debug]task result: Failed
##[error]Script failed with exit code: 1
##[debug]Processed: ##vso[task.issue type=error;]Script failed with exit code: 1
##[debug]Processed: ##vso[task.complete result=Failed;]Script failed with exit code: 1
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]which 'az'
##[debug]found: 'C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd'
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg:  account clear
##[debug]C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd arg:  account clear
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]exec tool: C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd
##[debug]arguments:
##[debug]arguments:
##[debug]   account
##[debug]   account
##[debug]   clear
##[debug]   clear
[command]C:\windows\system32\cmd.exe /D /S /C ""C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.cmd" account clear"
##[section]Finishing: AzureCLI

检查您的yaml格式

continueOnError

不是任务的输入，而是任务本身的一个属性。因此，您的任务应该是：

- task: AzureCLI@2
  inputs:
    azureSubscription: 'xxx'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    failOnStandardError: false
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
    powerShellErrorActionPreference: 'silentlyContinue'
  continueOnError: true

如果该属性起作用，则后续任务将继续执行，尽管在

Azure CLI任务中抛出了错误

：

检查您的yaml格式

continueOnError

不是任务的输入，而是任务本身的一个属性。因此，您的任务应该是：

- task: AzureCLI@2
  inputs:
    azureSubscription: 'xxx'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    failOnStandardError: false
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
    powerShellErrorActionPreference: 'silentlyContinue'
  continueOnError: true

如果该属性起作用，则后续任务将继续执行，尽管在

Azure CLI任务中抛出了错误

：

作为一种解决方法，添加

退出0

对我有帮助-

# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    continueOnError: true
    failOnStandardError: false
    powerShellErrorActionPreference: 'silentlyContinue'
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
      exit 0

然后，对于AzureCLI任务（这是我的情况），我必须使用或来使用

powerShellIgnoreLASTEXITCODE:true

作为一种变通方法，添加

退出0

对我有所帮助-

# purge the self-signed cert from the Keyvault to avoid conflict; ignore failures (DOES NOT WORK?)
- task: AzureCLI@2
  inputs:
    azureSubscription: '${{ parameters.ArmConnection }}'
    scriptType: 'pscore'
    scriptLocation: 'inlineScript'
    continueOnError: true
    failOnStandardError: false
    powerShellErrorActionPreference: 'silentlyContinue'
    inlineScript: |
      az keyvault certificate delete --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/certificates/my-self-signed-cert'
      az keyvault certificate purge --vault-name $(KeyVaultName) --id 'https://$(KeyVaultName).vault.azure.net/deletedcertificates/my-self-signed-cert'
      exit 0

然后我必须使用或来执行AzureCLI任务（这是我的情况）以使用

powerShellIgnoreLASTEXITCODE:true

嗨，朋友，这个问题有更新吗？请检查我的答案是否有用：-）嗨，朋友，这个问题有更新吗？请检查我的回答是否有帮助：-）谢谢你的回答（我投了赞成票），但是我的案例的解决方案是

powerShellIgnoreLASTEXITCODE:true

谢谢你的回答（我投了赞成票），但是我的案例的解决方案是

powerShellIgnoreLASTEXITCODE:true

干得好！谢谢你在这里分享你的解决方案，你可以，这样它可以帮助其他社区成员谁得到同样的问题，我们可以存档这个线程，谢谢。干得好！谢谢你在这里分享你的解决方案，你可以，这样它可以帮助其他社区成员谁得到同样的问题，我们可以存档这个线程，谢谢。