I have created one Azure DevOps pipeline.
99% of this pipeline calls PowerShell scripts (PowerShell Core script type).
Within the Power Shell scripts are calls to the AZ module - this all works fine.
I now have to add a new step within the DevOps pipeline to set the 'VulnerabilityAssessment' on an SQL server - however this time I need to call module 'Set-Azcontext' as part of the PowerShell script which is shown below...
[CmdletBinding()]
param(
$prgname,
$psqlservername,
$psaname,
$pnotificationmmail = 'john.doe#hotmail.com',
$psubscriptionname = 'ABC'
)
#debug
#Get-Module -Name AZ -ListAvailable
# working in powershell and need to set the correct subscription in powershell (ABC)
Set-Azcontext -Subscription "ABC"
#Enable-AzSqlServerAdvancedDataSecurity -ResourceGroupName $prgname -ServerName $pservername -DoNotConfigureVulnerabilityAssessment
# https://learn.microsoft.com/en-us/powershell/module/az.sql/update-
azsqlservervulnerabilityassessmentsetting?view=azps-7.5.0
#Update-AzSqlServerVulnerabilityAssessmentSetting -ResourceGroupName $prgname -ServerName $pservername -StorageAccountName $psaname -ScanResultsContainerName "vulnerability-assessment" -RecurringScansInterval Weekly -EmailAdmins $true -NotificationEmail #pnotificationmmail
When the Azure devOps pipeline runs it fails on step...Set-Azcontext -Subscription "ABC"
update-vulnerability-assessment.ps1 : The term 'Set-Azcontext' is not recognized as a name of a cmdlet, function, script file, or executable program.
Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
The devOps process is running on a Azure agent. It looks like a module is not available or loaded.
Maybe I need to install/load the module containing 'Set-Azcontext' as part of the powershell script ? (if so how do I do this)
OR
Install a new capibility of the agent to have the module containing 'Set-Azcontext' installed?(if so how do I do this)
Going to instead via an ARM template in the Azure pipeline for setting the vulneratibilty of Azure SQL server
Related
Some context: I have a PowerShell script that gets information about users and their licenses on Azure, and then saves that information to CSV file. It works locally. My goal is to have this script automatically run on Azure (I'm trying to do it in an Azure Function App) once a month, and then have the created CSV file be emailed to a specified email. However all I want to figure out right now is how to get the list of users so that the script can at least just run without errors.
I have very little experience with PowerShell and Azure Function Apps, so I'm stuck on a few errors I'm getting. I have spent the last few days troubleshooting to no luck.
Here is the beginning of the script that I can run from my local PowerShell:
Function main()
{
#Clean up session
Get-PSSession | Remove-PSSession
#Connect AzureAD from PowerShell
Connect-MsolService
#Set output file
$ExportCSV=".\DetailedO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$ExportSimpleCSV=".\SimpleO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
#FriendlyName list for license plan and service - txt file on local computer
$FriendlyNameHash=Get-Content -Raw -Path .\LicenseFriendlyName.txt -ErrorAction Stop | ConvertFrom-StringData
#txt file on local computer
$ServiceArray=Get-Content -Path .\ServiceFriendlyName.txt -ErrorAction Stop
#Hash table declaration
$Result=""
$Results=#()
$output=""
$outputs=#()
$LicensedUserCount=0
#Get all licensed users
Get-MsolUser -All | where{$_.islicensed -eq "true"} | Foreach{
#this is another function that handles grabbing the user info and writing it to the CSV file
Get_UsersLicenseInfo
$LicensedUserCount++
}
. main
With this script above, it requires some user input for entering credentials. I want this script to be able to run automatically in Azure without any user input, so I've been trying to modify it to do that. I found out that any commands with 'Msol' in the name don't work in Azure Function Apps/Powershell Core, so I found a different module that apparently does work.
This is where I'm currently at with the script to be run in my Azure Function App:
Import-Module AzureAD
Function main()
{
#Clean up session
Get-PSSession | Remove-PSSession
$password = ConvertTo-SecureString "{my password here}" -AsPlainText -Force
$UserCredential = New-Object System.Management.Automation.PSCredential ("myusernamehere", $password)
Connect-AzureAD -Credential $UserCredential
#Set output file
$ExportCSV=".\DetailedO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
$ExportSimpleCSV=".\SimpleO365UserLicenseReport_$((Get-Date -format yyyy-MMM-dd-ddd` hh-mm` tt).ToString()).csv"
#FriendlyName list for license plan and service - hash table here
$FriendlyNameHash= #{AAD_BASIC = "Azure Active Directory Basic"; AAD_PREMIUM= "Azure Active Directory Premium"; AAD_PREMIUM_P1= "Azure Active Directory Premium P1"; AAD_PREMIUM_P2= "Azure Active Directory Premium P2" }
#array of strings, used when getting user info
$ServiceArray= "MCOEV", "Cloud PBX", "MCOPSTN2", "PSTN International", "mcomeetadv"
#Hash table declaration
$Result=""
$Results=#()
$output=""
$outputs=#()
$LicensedUserCount=0
Get-AzureADUser -All | where{$_.islicensed -eq "true"} | Foreach{
Get_UsersLicenseInfo
$LicensedUserCount++}
}
. main
First of all I'm not sure if I even need to authenticate if this script is running from within my Azure account. Second of all, and my main issue, is that when I try to run this script in my Azure Function App, I get this error:
snippet of the azure error
If the picture doesn't work, it says:
The Function app may be missing a module containing the 'Connect-AzureAD' command definition. If this command belongs to a module available on the PowerShell Gallery, add a reference to this module to requirements.psd1. Make sure this module is compatible with PowerShell 7. For more details, see https://aka.ms/functions-powershell-managed-dependency. If the module is installed but you are still getting this error, try to import the module explicitly by invoking Import-Module just before the command that produces the error: this will not fix the issue but will expose the root cause.
2021-06-08T16:48:00.377 [Error] ERROR: The term 'Connect-AzureAD' is not recognized as the name of a cmdlet, function, script file, or operable program.Check the spelling of the name, or if a path was included, verify that the path is correct and try again.Exception
I get that same error for the line with 'Get-AzureADUser' as well. I followed this guide: https://tech.nicolonsky.ch/azure-functions-powershell-modules/ to add the AzureAD module to my managed dependencies, but I still get that same error.
If anything needs clarification, let me know. Any help is appreciated!
Actually, AzureAD needs to be imported a bit differently - it's been a problem for a while per this github issue. This seemed to work for most people:
Setting the application to run as x64 bit: Function App>
Configuration > General Settings > Platform > 64 Bit
Setting the app to run on Powershell 7 instead of 6 on this thread
Use: Import-Module AzureAD -UseWindowsPowerShell
I have created cognitive services account . I want to get cognitive services account key and store it in a variable using powershell script.
I have used below script :
$resourceGroup = "Demo"
$AccountName = "DemoCs"
$Key = Get-AzCognitiveServicesAccountKey -ResourceGroupName $resourceGroup -Name $AccountName
Write-Host "account key 1 = " $Key
after executing the script result is :
2020-05-20T08:30:31Z [Information] INFORMATION: account key 1 = Microsoft.Azure.Commands.Management.CognitiveServices.Models.PSCognitiveServicesAccountKeys
Above script is able to list keys in the cloud shell but not in powershell function app .
You cannot simply call Import-Module Az.CognitiveServices like on your local machine where you have previously installed Az.CognitiveServices from that site. But you have to copy all files from that locally installed package into specific folder inside of your Function App in Azure.
1.Install Az.CognitiveServices in local and go to its folder to get all the content in it.
2.Go to your function KUDU. Click CMD>site>wwwroot>yourFunctionName then create a directory called modules.
3.Simply drag-and-drop all files from your local powershell module location to your Azure Function App folder create above(modules).
4.Include Az.CognitiveServices PowerShell module in run.ps1 file like that example below:
Import-Module "D:\home\site\wwwroot\HttpTrigger1\modules\Az.CognitiveServices.psd1"
5.Then run the script as below with $Key.Key1 to specify the Key1.
$Key = Get-AzCognitiveServicesAccountKey -ResourceGroupName $resourceGroup -Name $AccountName
Write-Host "account key 1 = " $Key.Key1
For more details, you could refer to this tutorial and this one.
I've been slowly working out how to call a PowerShell script to transform IIS logs using LogParser 2.2. I've settled on using Azure Data Factory Batch Service Custom Activity to run the PowerShell script. I've been able to figure out how to address many of the file path issues that arise in running PowerShell from within Azure Custom Batch Activity, but I can't figure this one out.
Currently I'm just trying to print via Write-Host the environment variable AZ_BATCH_APP_PACKAGE_powershellscripts#1.0 I've been able to print other environment variables, but I believe the #1.0 at the end of this one is causing all my grief. BTW the 1.0 is the version of the application loaded into the batch framework in Azure.
All of the following attempts have failed:
powershell powershell Write-Host "$AZ_BATCH_APP_PACKAGE_powershellscripts#1.0"
powershell Write-Host "$AZ_BATCH_APP_PACKAGE_powershellscripts#1.0"
powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts#1.0"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts\#1.0"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts/#1.0"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts`#1.0"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts`#1`.0"
powershell powershell Write-Host "$env:AZ_BATCH_APP_PACKAGE_powershellscripts\`#1.0"
powershell powershell Write-Host "$AZ_BATCH_APP_PACKAGE_powershellscripts`#1.0"
These works, but are either cmd window or not the variable I want:
powershell powershell Write-Host "$env:AZ_BATCH_TASK_DIR"
powershell powershell Write-Host "$env:AZ_BATCH_ACCOUNT_URL"
cmd /c echo %AZ_BATCH_APP_PACKAGE_powershellscripts#1.0%
So what is the secret syntax sugar to getting this to work in Azure?
Sure, you can do this:
powershell powershell Write-Host "$((Get-Variable -Name 'AZ_BATCH_APP_PACKAGE_powershellscripts#1.0').Value)"
Or this:
powershell powershell Write-Host (Get-Variable -Name "AZ_BATCH_APP_PACKAGE_powershellscripts#1.0").Value
I went through close to 50 tries before getting this to work like so:
powershell powershell Write-Host (Get-ChildItem Env:AZ_BATCH_TASK_DIR).Value
powershell powershell Write-Host (Get-ChildItem Env:AZ_BATCH_APP_PACKAGE_powershellscripts#1.0).Value
Now this was just a stepping stone to running a PowerShell script stored in an attached application to the Azure Batch module. I'm hopeful Microsoft will add a Databrick or better way to run a PowerShell script in Azure Data Factory, but until then this is the only method I found to run a powershell script:
powershell powershell -command ("(Get-ChildItem Env:AZ_BATCH_APP_PACKAGE_powershellscripts#1.0).Value" + '\Powershell\processWebLogsFromAzure.ps1')
This should work for anyone just trying to run from the Batch Task Dir:
powershell powershell -command ("$env:AZ_BATCH_TASK_DIR" + '\wd\processWebLogsFromAzure.ps1')
Hope it helps someone!
I have an Azure runbook that runs on schedule. Its in powershell and this runbook starts a VM and executes a script on the VM started. How I achieve this is
1) Store the script to be run on the VM in a storage account
2) Run powershell runbook
3) Powershell runbook uses wget command to copy the script from step 1
4) Invoke-AzureRmVMRunCommand in the Azure automation powershell commands as shown below
wget "https://utilitystorageaccnt.blob.core.windows.net/utilitycontainer/token" -outfile ((Get-Location).path + "\Reporting Copy.ps1") -UseBasicParsing
Invoke-AzureRmVMRunCommand -ResourceGroupName $ResourceGroupName -VMName $VmName -CommandId 'RunPowerShellScript' -ScriptPath ((Get-Location).path + '\Reporting Copy.ps1') -ErrorVariable result
Please not that the above two commands are in the powershell runbook script and not the actual script that is run on the VM.
Facing two issues
1) When this script Reporting Copy.ps1 runs standalone on the VM, then it works properly and it has no issues. When it is run using the runbook, I get these errors in the log file on the target vm.
"New-AzStorageContext : The term 'New-AzStorageContext' is not recognized as the name of a cmdlet, function, script
file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct
and try again."
2) Even after this error occurs, it doesnt terminate and runs in loops. This script does a copy operation and it keeps looping until all the copy is complete. I can handle code to terminate but I would like to know how to force terminate a runbook. I tried to stop the VM for even a hour and it resumes the copy operation. The runbook status in Azure shows as completed. There are two python processes that show in explorer and terminating them doesn't work either.
Any help or hint is appreciated.
Thanks.
Look like you did not imported Az PowerShell module into our Automation Account.
Please, follow this tutorial : Az module support in Azure Automation
Try to use only Az module and not AzureRM
The issue was because I had not installed the AZ module for all users like this.
Install-Module -Name Az -AllowClobber -Scope AllUsers
Instead I had used
Install-Module -Name Az -AllowClobber -Scope CurrentUser
and since the automation runs on a different user, the issue occurred. Thanks for your help.
I am trying to automate the process of an Azure Active Directory (AAD) app registration using Azure DevOps release pipeline but it fails to do so. (Please note that the same command (powershell commands as well as azure commands) works perfectly fine if I am running the same commands from my laptop) and for that I created an azure powershell task in the release pipeline and used the following line of code in the "inline script section":
I tried creating the AAD app registration using the following 2 methods:
1. "Azure Powershell script task"
2. Azure commands
Following is inline script that I used in case of azure powershell task:
Import-Module AzureRM
Import-Module AzureAD
# Register an AAD app
$appURI = "https://knaabdapp123.azurewebsites.net"
$appHomePageUrl = "https://knaabdapp123.knandan.in"
$appReplyURLs = #($appURI, $appHomePageURL, "https://localhost:12345")
New-AzureADApplication -DisplayName knaabdapp123 -IdentifierUris $appURI -Homepage $appHomePageUrl -ReplyUrls $appReplyURLs
I get the following error when I do so:
2019-08-09T11:27:31.1039145Z ##[section]Starting: Azure PowerShell script: Register an AAD app and generate credential for the same
2019-08-09T11:27:31.1162119Z ==============================================================================
2019-08-09T11:27:31.1162226Z Task : Azure PowerShell
2019-08-09T11:27:31.1162310Z Description : Run a PowerShell script within an Azure environment
2019-08-09T11:27:31.1162378Z Version : 2.153.1
2019-08-09T11:27:31.1162446Z Author : Microsoft Corporation
2019-08-09T11:27:31.1162520Z Help : https://learn.microsoft.com/azure/devops/pipelines/tasks/deploy/azure-powershell
2019-08-09T11:27:31.1162620Z ==============================================================================
2019-08-09T11:27:37.0179906Z ##[command]Import-Module -Name C:\Modules\AzureRm_5.1.1\AzureRM\5.1.1\AzureRM.psd1 -Global
2019-08-09T11:28:10.7554409Z ##[command]Clear-AzureRmContext -Scope Process
2019-08-09T11:28:11.2755157Z ##[command]Disable-AzureRmContextAutosave -ErrorAction Stop
2019-08-09T11:28:15.0230853Z ##[command]Add-AzureRMAccount -ServicePrincipal -Tenant *** -Credential System.Management.Automation.PSCredential -Environment AzureCloud #processScope
2019-08-09T11:28:16.5226685Z ##[command] Select-AzureRMSubscription -SubscriptionId a*******-ae1c-****-****-********** -TenantId ***
2019-08-09T11:28:16.8648715Z ##[command]& 'C:\Users\VssAdministrator\AppData\Local\Temp\2a55****-67c6-****-8f80-**********.ps1'
2019-08-09T11:28:17.0308219Z ##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory.
2019-08-09T11:28:19.0607544Z ##[command]Remove-AzureRmAccount -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.4371114Z ##[command]Clear-AzureRmContext -Scope Process -ErrorAction Stop
2019-08-09T11:28:19.8885329Z ##[error]The term 'New-AzureADApplication' is not recognized as the name of a cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify that the path is correct and try again.
I also used the Azure CLI task and used the following script, but that fails too:
az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
I get the following error in this case:
>az ad app create --display-name MyApplication123 --homepage "https://myapplication1232.nl" --reply-urls "https://localhost:12345" --identifier-uris "https://myapplication2.azurewebsites.net"
2019-08-09T11:47:46.5676945Z ERROR: Insufficient privileges to complete the operation.
2019-08-09T11:47:46.6721317Z ##[error]Script failed with error: Error: d:\a\_temp\azureclitaskscript1565351201021.bat failed with return code: 1
So, I have 2 questions:
Is it possible to create an AAD app registration using "Azure powershell" task script or "Azure CLI" task in Azure DevOps?
If yes, then what may I be doing wrong?
Is it possible to create an AAD app registration using "Azure
powershell" task script or "Azure CLI" task in Azure DevOps?
For this question, the answer is Yes, of course you can.
The cause of the error you received in Azure Powershell task is as default, the AzureAD powershell cmdlets will not be installed in agent.So, if you try to using this module directly, you will receive the message like "##[error]The specified module 'AzureAD' was not loaded because no valid module file was found in any module directory."
If yes, then what may I be doing wrong?
To solve this error message, please try with replacing your script Import-Module AzureAD as the follow script to use a correct way to get the AzureAD module.
$AzureADModulePath = $PSScriptRoot + "\AzureAD\2.0.1.16\AzureAD.psd1"
Import-Module $azureAdModulePath
This is the detailed info about AzureAD module in Powershell Gallery. And also, here has a blog you can refer.
Updated:
You must install AzureAD cmdlets module from the PowerShell gallery with the below script first:
Install-Module -Name AzureAD -RequiredVersion 2.0.1.16
Note: If get error like Install-Module : Administrator rights are required to install modules while you install with this script, please add -scope CurrentUser to the install script. It will running the script as administrator role.
And then, import the module from the installed path afterwards.