-
Notifications
You must be signed in to change notification settings - Fork 3.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Azure Automation DSC - Unable to pass credential from secure credentials #4369
Comments
@cdeli Hey Corey, would you mind running It seems that you may have a combination of modules from both the MSI / Web Platform Installer and the PowerShell Gallery that is causing this issue. |
Everything I have is from the PSGallery with the sole exception being FSRMDsc which I had to pull from Github manually. Everything works in my script until I need to pass credentials through. Do you want this module list from my workstation or from Azure Automation (where this is being run from). |
@cdeli it seems like you are trying to use an ARM cmdlet before logging in. If you want to log in with a service principal, you will need to know the service principal name and credentials before logging in, you will not be able to use ARM cmdlets to retrieve them unless you provide ARM with alternate credentials to use. |
I am literally following what is in this article https://docs.microsoft.com/en-us/azure/automation/automation-dsc-compile#credential-assets Using my AzureRMRunAsAccounts. |
here is my code. I am unsure what I am even doing wrong at this point. I am being told to run Login-AzureRMAccount but I never should have to.
|
This is intended to be used in a runbook with AzureAutomation, where login has already occurred. A login is required to use AzureRm cmdlets. |
Wait why on earth is this closed? My question still is not even answered. I am unable to pass the credentials through to DSC with the guide on the docs page. I would like some guidance to if I am doing this wrong or what. I am using Azure Automation DSC so I wouldn't expect the need to pull a credential in from the secure credential store would require logging in, which I cannot do unless I have an account to do this.... |
@markcowl runbooks do not automatically log you in, you still have to perform 'Add-AzureRmAccount' with either a credential or a service principle with a connection. The sandbox allows you to use Get-Automation* cmdlets without authentication (as opposed to Get-AzureRm* cmdlets) @cdeli try using The docs should have stated the Liam |
Also, I don't recommend using the 'PSDscAllowPlainTextPassword' option. Azure Automation (as far as I'm aware) should handle the encryption certificates for MOF passwords, so there should be no need to include this in your DSC script, just remove it and it should work. Liam |
Also, I just noticed you listed your local modules. Just for the sake of clarity, are you compiling this on Azure Automation? This approach will not work if you're running them locally (unless you're using the automation dev toolkit with the |
No I am doing all of the compiling with Azure. Was unsure which modules were needed so I did both just for sanity sake. I will try your suggestions tonight while I do some additional work. Thank you for the input @lfshr, I will report back after to verify. I did not see the link you posted before when I was researching this so that is a big help for me. |
Still wants me to login. All I am trying to do is let my VM access an Azure Mapped Drive. At this point I am considering have Jenkins send the file down locally to the server. |
Hi @cdeli I managed to get it working with the following code:
Uploaded and compiled manually in the portal. Can you try something similar? |
Tested with the same code you have here and it worked perfectly fine. Added the whole part for Add-AzureRMAccount (including variable of $ServicePrincipalCOnnection) and it compiled properly. Added the variable Seems I am now failing on the file part when it is calling the $Cred variable. Does the command, listed above, need something additional perhaps to pass the password through? Thank you for your help on this @lfshr it is moving me forward pretty well now. Just finishing calling this credential is where im stuck. |
@cdeli Glad it worked!
The Liam |
So I realized that immediately after hitting comment that I didnt swap out the origonal cmdlet for get-automationpscredential I just added the module locally and in AA as well. I seem to be on the right path all around now with this, I greatly appreciate it. Just for my own clarity, what was I doing wrong? I want to bypass this mistake in the future. |
@cdeli I'm not 100% sure. Did you take the |
You know what. I did comment that out and that is when things started moving, after adding your help into it of course. Thank you again for all of your help @lfshr. Now I can move forward with this project and really delve into Azure Automation for my company. |
attempting to pass a credential set from my Azure Automation Credentials into a DSC script running
$Creds = Get-AzureRmAutomationCredential -ResourceGroupName "<MyResourceGroup" -AutomationAccountName "<AccountName>" -Name "<CredentialName>"
when I compile the MOF it suspends and gives me
Exception The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: Run Login-AzureRmAccount to login.
When I try and login with my service AzureRunAsAccount using
# Get the connection
$servicePrincipalConnection = Get-AzureRmAutomationConnection -ResourceGroupName "<MyRG>" -AutomationAccountName "<AutomationAccountName>" -Name "AzureRunAsConnection"
I get the same thing... There is no decent documentation on this so I am not sure what I am supposed to do at this point.
Testing the "Add-AzureRMAccount" cmdlet is showing that the $servicePrincipalCOnnection is not capturing any of the information that it should be either so it cant even pass the information through.
What on earth do I do here, there is no information for this at all and everything that exists is outdated and does not work.
Edit: And yes all my modules are up to date as of today.
The text was updated successfully, but these errors were encountered: