У меня проблемы с выполнением модуля Runbook по подписке в другом клиенте.
Это то, что я сделал до сих пор:
1) Создан сертификат keyvault.
2) Экспортирован .cer и .PFX сертификата.
3) Создан сервисПринципал на учетной записи rpgorch-aad (300eab96-4619-4b6b-af42-8eb66506ab04)
4) Создано соединение в Automation с информацией этого субъекта службы
5) Загружен защищенный паролем PFX в хранилище сертификатов Automation
Во-первых, рабочий пример из того же арендатора:
$connectionName = 'AzureRunasConnection'
"Getting Azure Connection $connectionName"
$servicePrincipalConnection = Get-AutomationConnection -Name $connectionName
"Logging in to Azure using Add-AzureRmAccount"
Add-AzureRmAccount -ServicePrincipal `
-Tenant $servicePrincipalConnection.TenantID `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint -Verbose
"Setting Context with Set-AzureRmContext"
Set-AzureRmContext -Tenant $servicePrincipalConnection.TenantID -SubscriptionId $servicePrincipalConnection.SubscriptionId -Verbose
"Writing Output of the Service Principal Connection"
write-output $servicePrincipalConnection
"Testing getting resource groups."
Get-AzureRmResourceGroup
Результаты:
Getting Azure Connection AzureRunasConnection
Logging in to Azure using Add-AzureRmAccount
PSComputerName : localhost
PSSourceJobInstanceId : Redacted
Environments : {AzureCloud, AzureChinaCloud, AzureUSGovernment}
Context : Microsoft.Azure.Commands.Profile.Models.PSAzureContext
Setting Context with Set-AzureRmContext
PSComputerName : localhost
PSSourceJobInstanceId : Redacted
Account : Redacted
Environment : AzureCloud
Subscription : Redacted
Tenant : Redacted
Writing Output of the Service Principal Connection
Name Value
---- -----
SubscriptionId Redacted
TenantId Redacted
ApplicationId Redacted
CertificateThumbprint Redacted
Testing getting resource groups.
PSComputerName : localhost
PSSourceJobInstanceId : Redacted
ResourceGroupName : Redacted
Location : eastus
Resources :
ResourcesTable :
ProvisioningState : Succeeded
Tags : {}
TagsTable :
ResourceId : /subscriptions/Redacted/resourceGroups/Redacted
Теперь ТО ЖЕ код, но для другого арендатора.
$connectionName = 'Redacted'
"Getting Azure Connection"
$connectionName
$Conn = Get-AutomationConnection -Name $connectionName
"Logging in to Azure using Add-AzureRmAccount"
Add-AzureRmAccount -ServicePrincipal `
-Tenant $Conn.TenantID `
-ApplicationId $Conn.ApplicationId `
-CertificateThumbprint $Conn.CertificateThumbprint -Verbose
"Setting Context with Set-AzureRmContext"
Set-AzureRmContext -Tenant $Conn.TenantID -SubscriptionId $Conn.SubscriptionId -Verbose
"Selecting subscriptionID "
$Conn.SubscriptionID
Select-AzureSubscription -SubscriptionId $Conn.SubscriptionID
"Testing getting resource groups."
Get-AzureRmResourceGroup
Результаты:
Getting Azure Connection
RPGOrchResourceManagement
Logging in to Azure using Add-AzureRmAccount
Results:
PSComputerName : localhost
PSSourceJobInstanceId : Redacted
Environments : {AzureCloud, AzureChinaCloud, AzureUSGovernment}
Context : Microsoft.Azure.Commands.Profile.Models.PSAzureContext
Setting Context with Set-AzureRmContext
Set-AzureRmContext : Provided subscription Redacted does not exist
At ManageSingleVM:52 char:52
+
+ CategoryInfo : CloseError: (:) [Set-AzureRmContext], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand
PSComputerName : localhost
PSSourceJobInstanceId : Redacted
Environments : {AzureCloud, AzureChinaCloud, AzureUSGovernment}
Context : Microsoft.Azure.Commands.Profile.Models.PSAzureContext
Setting Context with Set-AzureRmContext
Set-AzureRmContext : Provided subscription Redacted does not exist
At ManageSingleVM:52 char:52
+
+ CategoryInfo : CloseError: (:) [Set-AzureRmContext], ArgumentException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.SetAzureRMContextCommand