我正在尝试让一个简单的 Powershell 脚本在 Azure 自动化帐户中工作;我已经在 VS Code 中测试了该脚本,它运行良好;问题出在证书上;关注此页面:https://learn.microsoft.com/en-us/azure/automation/shared-resources/credentials?tabs=azure-powershell ,我使用以下代码
# Connect to Azure
$myCredential = Get-AutomationPSCredential -Name 'XXX'
$myUserName = $myCredential.UserName
$mySecurePassword = $myCredential.Password
$myPSCredential = New-Object System.Management.Automation.PSCredential ($myUserName, $mySecurePassword)
Connect-AzureAD -Credential $myPSCredential
与我的“本地”脚本的唯一不同是上面的第一行使用本地文件
$myCredential = Import-CliXml -Path 'C:\Users\<me>\Desktop\credentials.xml'
但是这不起作用;自动化帐户中的诊断似乎很差,但我 99% 确定与凭据有关;也许它迫使 MFA,但这并没有在本地发生......任何建议表示赞赏
最佳答案
如果您使用的是旧版 RunAs 帐户,则可以使用以下内容:
$connectionName = "connectionName"
try {
# Get the connection "AzureRunAsConnection" You can't use the Az module version for reasons.
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
$connectAzAccountSplat = @{
ServicePrincipal = $true
TenantId = $servicePrincipalConnection.TenantId
ApplicationId = $servicePrincipalConnection.ApplicationId
CertificateThumbprint = $servicePrincipalConnection.CertificateThumbprint
}
Connect-AzAccount @connectAzAccountSplat -ErrorAction Stop | Out-Null
}
catch {
if (!$servicePrincipalConnection) {
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
}
else {
Write-Error -Message $_.Exception
throw $_.Exception
}
}
不过,自动化帐户最近已更新为使用系统分配的身份。您可以在这里找到相关文档:
https://learn.microsoft.com/en-us/azure/automation/enable-managed-identity-for-automation
关于azure - 如何在 Azure 自动化帐户中运行的 PowerShell 脚本中建立凭据,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72306919/