Create an Azure Website with PowerShell and FTP

2019-07-04 10:30发布

问题:

I need to write a PowerShell script that automatically creates an Azure Website and deploy the content of a local file system. Seems that Azure PowerShell SDK doesn't provide a way to copy files to a website so we want to use FTP as a deploy method.

To get the correct FTP endpoints and credentials the only way that I have found is to call an Azure Management Rest API: Get a Site’s Publish Profile.

But this API as other Azure Management API requires a certificate. I have found the following tutorial Building Real-World Cloud Apps with Windows Azure that explain how to get the certificate:

$s = Get-AzureSubscription -Current
$thumbprint = $s.Certificate.Thumbprint

Unfortunately seems that with the current SDK $s.Certificate is always null, this property doesn't exists. If I manually set the certificate thumbprint everything works as expected.

Do you have an idea on how to get the correct subscription certificate? Or do you have an easy alternative to deploy local files to an Azure website?

回答1:

It seems that now you can access the certificate thumbprint using

$thumbprint = $s.DefaultAccount

instead of

#$thumbprint = $s.Certificate.Thumbprint

Seems that the DefaultAccount has exactly the same value as the certificate thumbprint.

Just for reference here is my complete script to obtain a publishing profile for a given website:

Function get-AzureWebSitePublishXml
{
    Param(
        [Parameter(Mandatory = $true)]
        [String]$WebsiteName
    )

    # Get the current subscription
    $s = Get-AzureSubscription -Current
    if (!$s) {throw "Cannot get Windows Azure subscription."}

    #$thumbprint = $s.Certificate.Thumbprint #this code doesn't work anymore
    $thumbprint = $s.DefaultAccount
    if (!$thumbprint) { throw "Cannot get subscription cert thumbprint."}

    # Get the certificate of the current subscription from your local cert store
    $cert = Get-ChildItem Cert:\CurrentUser\My\$thumbprint
    if (!$cert) {throw "Cannot find subscription cert in Cert: drive."}

    $website = Get-AzureWebsite -Name $WebsiteName
    if (!$website) {throw "Cannot get Windows Azure website: $WebsiteName."}

    # Compose the REST API URI from which you will get the publish settings info
    $uri = "https://management.core.windows.net:8443/{0}/services/WebSpaces/{1}/sites/{2}/publishxml" -f `
        $s.SubscriptionId, $website.WebSpace, $Website.Name

    # Get the publish settings info from the REST API
    $publishSettings = Invoke-RestMethod -Uri $uri -Certificate $cert -Headers @{"x-ms-version" = "2013-06-01"}
    if (!$publishSettings) {throw "Cannot get Windows Azure website publishSettings."}

    return $publishSettings
}

NOTE: this only works when you have connected to azure using Import-AzurePublishSettingsFile

Can anyone confirm that is safe to use DefaultAccount property?

UPDATE

If you use Kudu API to upload your site, like this, you don't need any certificate or publishing profile. You should read the user name and password using Get-AzureWebsite and the hostname is just yourwebsitename.scm.azurewebsites.net (note the scm segment). I suggest to use Kudu because is far more reliable and fast.