在Azure Automation Runbook中执行时发生Set-AzureRmContext错误 [英] Set-AzureRmContext error when executed within an Azure Automation Runbook
问题描述
更新:
Seems like someone else had the same issue and reported it.
从Azure Automation Runbook调用它时,我遇到一个简单的PowerShell脚本问题.同一段代码在本地运行时可以完美运行.
I am facing an issue with a simple PowerShell script when invoking it from an Azure Automation Runbook. The same piece of code works flawless when running it locally.
我已在具有密码凭据的Azure Active Directory(托管在Azure德国云中)中添加了服务主体,并授予其 contributor 订阅权限(也托管在Azure德语云).
I have added a Service Principal in an Azure Active Directory (hosted in Azure German Cloud) with password credential and grant it contributor access to a subscription (also hosted in Azure German Cloud).
Azure自动化服务托管在北欧中,因为该服务目前在Azure德语云中不可用.
The Azure Automation service is hosted in North Europe since it's currently not available in the Azure German Cloud.
我要做的就是使用 Add-AzureRmAccount cmdlet使用上述主体登录我的订阅.之后,我尝试使用 Set-AzureRmContext 设置当前上下文,并得到以下错误消息:
All I try to do is to login to my subscription with the above mentioned principal using the Add-AzureRmAccount cmdlet. After that I try to set the current context using the Set-AzureRmContext and getting the following error message:
Set-AzureRmContext : Please provide a valid tenant or a valid subscription.
At line:26 char:1
+ Set-AzureRmContext -TenantId $TenantId -Su ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureRmContext], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand
这是我尝试运行的脚本(配置空白):
Here is the script I try to run (left the configuration blank):
$TenantId = ""
$ApplicationId = ""
$ClientSecret = ""
$SubscriptionId = ""
$secpasswd = ConvertTo-SecureString $ClientSecret -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($ApplicationId , $secpasswd)
Add-AzureRmAccount -ServicePrincipal -Environment 'AzureGermanCloud' -Credential $mycreds -TenantId $TenantId
Set-AzureRmContext -TenantId $TenantId -SubscriptionId $SubscriptionId
我也尝试使用 Login-AzureRmAccount 失败.另外,我还可以使用 Get-AzureRmResourceGroup cmdlet检索资源组,因此登录似乎可以正常进行.
I also tried to use Login-AzureRmAccount without success. Also I am able to use the Get-AzureRmResourceGroup cmdlet to retrieve the resource groups so the login seems to work.
所有Azure模块都更新为最新版本.
All Azure modules are updated to the latest version.
TLTR:
我的主要目标是使用Runnbook中的 New-AzureRmSqlDatabaseExport 开始SQL导出作业,但似乎上述错误导致cmdlet失败并显示以下消息:
My main goal is to start a SQL export job using the New-AzureRmSqlDatabaseExport from the runnbook but it seems like the above mentioned error causes the cmdlet to fail with the following message:
New-AzureRmSqlDatabaseExport : Your Azure credentials have not been set up or have expired, please run
Login-AzureRMAccount to set up your Azure credentials.
At line:77 char:18
+ ... rtRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName $Resource
推荐答案
It looks like this is a known issue and I wasn't able to find a fix for that. But there are two workarounds:
- 使用混合Runnbook工作者(-MSFT )
- 使用带有证书凭据( Bruno Faria提到的 RunAsAccount ) a>)
指定-环境参数很重要.否则,我将收到以下异常:
It is important to specify the -Environment parameter. Otherwise I got the following exception:
Login-AzureRmAccount:AADSTS90038:机密客户端不是跨云请求支持.
Login-AzureRmAccount : AADSTS90038: Confidential Client is not supported in Cross Cloud request.
这是我用来从NorthEurope托管的Azure Runbook登录到AzureGermanCloud(MCD)的代码:
Here is the code I am using to login to AzureGermanCloud (MCD) from an Azure Runbook hosted in NorthEurope:
$connectionAssetName = "AzureRunAsConnection"
$conn = Get-AutomationConnection -Name $ConnectionAssetName
Login-AzureRmAccount `
-ServicePrincipal `
-CertificateThumbprint $conn.CertificateThumbprint `
-ApplicationId $conn.ApplicationId `
-TenantId $conn.TenantID `
-Environment AzureGermanCloud
这篇关于在Azure Automation Runbook中执行时发生Set-AzureRmContext错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
