问题
Having a problem with creating an azure automation runbook that will copy a database on demand; I've created a credential and stored the u/p of the account I use to log into the portal in it. Password was written in notepad and pasted in to ensure correct.
$Cred = Get-AutomationPSCredential -Name 'automationCredential'
Write-Output "UN: $($Cred.Username)"
Write-Output "PW: $($Cred.Password.Length)"
Add-AzureRmAccount -Credential $Cred
Write-Output "Deleting the old $TargetDatabaseName"
Remove-AzureRMSqlDatabase -ResourceGroupName "Default-SQL-NorthEurope" -ServerName $SourceServerName -DatabaseName $TargetDatabaseName -Force
Write-Output "Creating new $TargetDatabaseName with data at time $PointInTime"
New-AzureRmSqlDatabaseCopy `
-CopyDatabaseName $TargetDatabaseName `
-DatabaseName $SourceDatabaseName `
-ResourceGroupName "Default-SQL-NorthEurope" `
-ServerName $SourceServerName
The debug prints seem to indicate the credentials are correct, but when the add-azurermaccount is carried out, it seems to log in but no subscriptions are returned
Soon after the call to remove the old test db fails with:
Remove-AzureRMSqlDatabase : No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Login-AzureRMAccount to login.
If I do the actions in the command line powershell (the only difference being I call login without parameters; it prompts for creds) then things work out just fine
I found some resources that indicate if the creds are wrong, it authenticates but returns no subscriptions - i've double checked the creds tho and they're accurate
回答1:
In Azure, Microsoft account does not support non-interactive login.
If you want to use script to login Azure in runbook, we can create a service principal to login Azure.
We can use powershell to create Azure service principal, more information about service principal, please refer to this link.
We can use service principal to login Azure powershell, like this:
$subscriptionId="5384xxxx-xxxx-xxxx-xxxx-xxxxe29axxxx"
$tenantid="1fcf418e-66ed-4c99-9449-d8e18bf8737a"
$appid="1498b171-e1ca-451f-9d7a-8ef56a178b89"
$password="7db814b1-xxxx-4654-xxxx-1d210cb546f9"
$userPassword = ConvertTo-SecureString -String $password -AsPlainText -Force
$userCredential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $clientid, $userPassword
Add-AzureRmAccount -TenantId $tenantid -ServicePrincipal -SubscriptionId $subscriptionId -Credential $userCredential
About create service principal, we can use CLI 2.0 to create it, like this:
az login
az account set --subscription "mySubscriptionID"
az group create -n "myResourceGroupName" -l "westus"
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/mySubscriptionID/resourceGroups/myResourceGroupName"
来源:https://stackoverflow.com/questions/45019621/azure-automation-authentication-succeeds-but-no-subscriptions-are-returned-wor