0

I'm trying to create an Azure Automation job to create a standard set of tags/values in a subscription.

Working with Tags requires AzureResourceManager, which is not available in Automation out of the box (Go vote for this feedback item!), so I followed these steps to upload the ARM module.

When I test my runbook I get the following output:

------------------------- PSComputerName : localhost PSSourceJobInstanceId : a8b85213-ee0f-40ea-842f-d33f2e87c910 Id : xxxxx-56ad-42c2-97f4-e364456fc4a6 Name : xxxxx Environment : AzureCloud Account : my-service-principal-app-id Properties : {Default, Tenants, SupportedModes} ------------------------- New-AzureTag : Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials. At Add-SubscriptionTags:41 char:41 + + CategoryInfo : CloseError: (:) [New-AzureTag], ArgumentException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Tags.Tag.NewAzureTagCommand

Here's my runbook:

workflow Add-SubscriptionTags { param ( # Subscription [Parameter(Mandatory=$true)] [ValidateNotNullOrEmpty()] [string] $SubscriptionName ) # Get the PowerShell credential and prints its properties $cred = Get-AutomationPSCredential -Name 'AzureMaint' # Connect to Azure Add-AzureAccount -Credential $cred -ServicePrincipal -Tenant 'xxx-49ab-8a9c-4abce32afc1e' | Write-Verbose # Set subscription $subscription = Select-AzureSubscription -SubscriptionName $SubscriptionName -PassThru write-output '-------------------------' write-output $subscription write-output '-------------------------' # Add tags (Requires AzureResourceManager module) New-AzureTag -Name 'Managed' -Value $true New-AzureTag -Name 'Managed' -Value $false }

The AzureMaint PSCredential contains a service principal ID and key, and the service principal has been granted the Contributor role on the specified subscription. I can do Add-AzureAccount in the ISE with those credentials and add tags just fine. Since it successfully prints the subscription info I assume that means Add-AzureAccount was successful, so why do I get the error?

Update:

I created a new Automation Account without the ARM module and I'm still having the same issue, although the error message is slightly different:

Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials. (Your Azure credentials have not been set up or have expired, please run Add-AzureAccount to set up your Azure credentials. (Unable to retrieve service key for ServicePrincipal account xxx-4a00-becf-952fda93edc5. Please run the Add-AzureAccount cmdlet to supply the credentials for this service principal.))

So now I'm wondering if it doesn't like me using a Service Principal?

Improve this question
1
  • 1
    The Azure module does not support service principal for authentication, only the ARM module does. You should have the same issue with the Azure module in the PowerShell ISE, outside of Azure Automation. Commented Jun 13, 2015 at 4:31

2 Answers 2

Reset to default
1

Just to update here, we've discovered that service principal authentication does not work in Azure Automation currently. Given you are trying to use a service principal, that is the reason for the issues you are hitting.

For now, a user principal should be used to work around this issue.

Please see the following for more info:

Authenticating to Azure Resource Manager with a Service Principal in Azure Automation

https://github.com/Azure/azure-powershell/issues/655

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Yeah, that linked question is also mine. I kinda abandoned this one; I should probably delete it.
I'd keep it around, I know of people looking at this thread. That's why I just responded to it.
0

Using ARM cmdlets in Azure Automation is not officially supported yet. That said, various people have been successful doing so. Are your ARM and Azure PowerShell modules the same version? Weird things can happen if they are loaded side by side but are not the same version.

Improve this answer

3 Comments

I'm using ARM 0.9.1 and whatever Azure module is loaded by default in a new Azure Automation account (the portal says it's version 19, for what that's worth).
Updated question - problem appears to be unrelated to ARM.
There is a bug in the new Azure portal (portal.azure.com) where the version of modules is not shown correctly (19, in your case). You can see the module version in the old Azure portal (manage.windowsazure.com), or upload a specific version of the Azure module yourself, to override the global one.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.