我有一个 ARM 模板,它创建一个虚拟机并使用 Powershell DSC 扩展来配置它。DSC 脚本采用 VSTS PAT 向 azure devops 环境注册。ARM 模板将此作为安全字符串类型的输入参数,但是当我尝试将其传递给 DSC 脚本中的 [securestring] 输入参数时,它表示它无法将输入类型字符串转换为安全字符串。
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"vstsPAT": {
"defaultValue": "",
"type": "securestring",
"metadata": {
"description": "Azure DevOps Personal Access Token (PAT) to use when adding the VMs to the Environment. Leave blank if the VMs should not be added to an Environment."
}
},
"dscConfigUrlSasToken": {
"type": "securestring",
"metadata": {
"description": "SAS Token used to access the DSC zip."
}
}
}
... create VM and add extension
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/extensions",
"apiVersion": "2020-06-01",
"name": "[concat('vm', copyIndex(1), '/', 'Microsoft.Powershell.DSC')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Compute/virtualMachines/', concat('vm', copyIndex(1)))]"
],
"properties": {
"publisher": "Microsoft.Powershell",
"type": "DSC",
"typeHandlerVersion": "2.77",
"autoUpgradeMinorVersion": true,
"settings": {
"configuration": {
"url": "https://myblob.blob.core.windows.net/PrepareWebServer.zip",
"script": "PrepareWebServer.ps1",
"function": "PrepareWebServer"
}
},
"protectedSettings": {
"configurationUrlSasToken": "[parameters('dscConfigUrlSasToken')]",
"configurationArguments": {
"vstsPAT": "[parameters('vstsPAT')]"
}
}
}
}
]
并在 DSC powershell 文件中
configuration PrepareWebServer
{
Param ( [securestring] $vstsPAT )
错误信息:
无法处理参数“vstsPAT”的参数转换。无法将“System.String”类型的“[MY CLEAR TEXT PAT]”值转换为“System.Security.SecureString”类型