问题
So there's now a documented workaround to use ARM in Azure Automation, and it's also well documented how to authenticate to ARM using a Service Principal. But even after following these steps I still cannot get the combination of those to work. Running my runbook in Automation with a Service Principal always gives the following error:
New-AzureTag : Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your
Azure credentials.
At Add-SubscriptionTags:48 char:48
+
+ CategoryInfo : CloseError: (:) [New-AzureTag], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Tags.Tag.NewAzureTagCommand
Add-AzureAccount and Select-AzureSubscription both execute fine, but when I call any cmdlet to actually do something I get the above error.
My runbook works when I use a regular AAD org account, so I don't think it's an Automation/ARM issue.
Running my workflow on my PC with the service principal also works, so I think my service principal is set up correctly.
Has anyone successfully implemented this scenario?
回答1:
This is due to a bug in Azure PowerShell. It has been identified and there is a work item to fix it. I will add the GitHub issue if I'm able to find it.
Update: Here's the GitHub issue https://github.com/Azure/azure-powershell/issues/655
来源:https://stackoverflow.com/questions/31485415/authenticating-to-azure-resource-manager-with-a-service-principal-in-azure-autom