Get-AzureRmAutomationCredential 和 Add-AzureAccount -Credential 之间的对象不兼容
Object incompatibility between Get-AzureRmAutomationCredential & Add-AzureAccount -Credential
TL;DR
如何获得 Azure 自动化凭证并使用它作为该用户在 运行本书中工作?
理想情况下,答案应该在具有工作流结构的 Azure Automation Runbook 中工作,以资源管理器范式下的对象为目标。
详情
我正尝试在资源组内使用 Azure 自动化。我已经设置了一个 Azure AD 帐户来执行各种 Azure 任务。然后,我创建了一个 Azure 自动化凭据,使 Azure 自动化能够安全地检索登录详细信息并能够作为该用户工作。
当我 运行 Get-AzureRmAutomationCredential 时,我可以看到我的凭据可用
PS C:\...\poshetl> Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
UserName : XXXX@XXXX.onmicrosoft.com
ResourceGroupName : XXXX
AutomationAccountName : poshetl
Name : etl_service
CreationTime : 10/06/2016 15:54:41 +01:00
LastModifiedTime : 10/06/2016 15:54:41 +01:00
Description :
然后我存储这个凭证对象
PS C:\...\poshetl> $Cred = Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
当我尝试使用它通过 Add-AzureAccount 实现登录效果时,出现兼容性错误。
PS C:\...\poshetl> Add-AzureAccount -Credential $Cred | Write-Verbose
Add-AzureAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:1 char:30
+ Add-AzureAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount
同样,如果我尝试 Add-AzureRmAccount
PS C:\...\poshetl> Add-AzureRmAccount -Credential $Cred | Write-Verbose
Add-AzureRmAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:2 char:32
+ Add-AzureRmAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureRmAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
背景资料
PS C:\...\poshetl> $PSversionTable
Name Value
---- -----
PSVersion 5.0.10586.122
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.10586.122
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\...\poshetl> Get-Module -ListAvailable Azure*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure.Storage {Get-AzureStorageBlob, Get-AzureStorageBlobContent, Get-AzureS...
Manifest 1.0.4 AzureRM.ApiManagement {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementSsoTo...
Manifest 1.0.4 AzureRM.Automation {Get-AzureRmAutomationJobOutputRecord, Import-AzureRmAutomatio...
Binary 0.9.1 AzureRm.AzureStackAdmin {Get-AzureRMManagedLocation, New-AzureRMManagedLocation, Remov...
Manifest 0.9.2 AzureRM.AzureStackStorage {Add-ACSFarm, Get-ACSEvent, Get-ACSEventQuery, Get-ACSFarm...}
Manifest 1.0.4 AzureRM.Backup {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerReregi...
Manifest 1.0.4 AzureRM.Batch {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-Azur...
Manifest 1.2.2 AzureRM.Compute {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet, Ne...
Manifest 1.0.4 AzureRM.DataFactories {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get-Azu...
Manifest 1.0.4 AzureRM.DataLakeAnalytics {Remove-AzureRmDataLakeAnalyticsCatalogSecret, Set-AzureRmData...
Manifest 1.0.4 AzureRM.DataLakeStore {Add-AzureRmDataLakeStoreItemContent, Export-AzureRmDataLakeSt...
Manifest 1.0.4 AzureRM.Dns {Get-AzureRmDnsRecordSet, Remove-AzureRmDnsRecordSet, Set-Azur...
Manifest 1.0.5 AzureRM.HDInsight {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefiniti...
Manifest 1.0.4 AzureRM.Insights {Add-AlertRule, Get-AlertHistory, Get-AlertRule, Remove-AlertR...
Manifest 1.1.3 AzureRM.KeyVault {Get-AzureRmKeyVault, New-AzureRmKeyVault, Remove-AzureRmKeyVa...
Manifest 1.0.4 AzureRM.Network {Add-AzureRmApplicationGatewayBackendAddressPool, Get-AzureRmA...
Manifest 1.0.4 AzureRM.NotificationHubs {Get-AzureRmNotificationHubsNamespaceAuthorizationRules, Get-A...
Manifest 1.0.4 AzureRM.OperationalInsights {Get-AzureRmOperationalInsightsSavedSearch, Get-AzureRmOperati...
Manifest 1.0.4 AzureRM.Profile {Enable-AzureRmDataCollection, Disable-AzureRmDataCollection, ...
Manifest 1.0.5 AzureRM.RecoveryServices {Get-AzureRmRecoveryServicesVault, Get-AzureRmRecoveryServices...
Manifest 1.1.2 AzureRM.RedisCache {Remove-AzureRmRedisCacheDiagnostics, Set-AzureRmRedisCacheDia...
Manifest 1.0.4 AzureRM.Resources {Get-AzureRmADApplication, Get-AzureRmADGroupMember, Get-Azure...
Manifest 1.1.3 AzureRM.SiteRecovery {Stop-AzureRmSiteRecoveryJob, Get-AzureRmSiteRecoveryNetwork, ...
Manifest 1.0.4 AzureRM.Sql {Get-AzureRmSqlDatabaseThreatDetectionPolicy, Set-AzureRmSqlDa...
Manifest 1.0.4 AzureRM.Storage {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, Get-...
Manifest 1.0.4 AzureRM.StreamAnalytics {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnalytic...
Manifest 1.0.4 AzureRM.Tags {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}
Manifest 1.0.4 AzureRM.TrafficManager {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTrafficM...
Manifest 1.0.4 AzureRM.UsageAggregates Get-UsageAggregates
Manifest 1.0.4 AzureRM.Websites {Get-AzureRmAppServicePlanMetrics, Get-AzureRmWebAppCertificat...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure {Disable-AzureServiceProjectRemoteDesktop, Enable-AzureService...
Get-AzureRMAutomationCredential 是一个 Azure cmdlet,它 returns 关于 Azure 自动化中凭证资产的元数据。从 post 中返回的数据可以看出,返回的不是 PSCredential 对象,而是一堆属性,如名称、上次修改时间、描述等(注意未返回凭据密码)。
您正在寻找的是 Get-AutomationPSCredential。这可以在运行手册中用于检索凭证资产的值作为 PSCredential:
$Cred = Get-AutomationPSCredential -Name "SomeCredentialAssetName"
Add-AzureRmAccount -Credential $Cred
TL;DR
如何获得 Azure 自动化凭证并使用它作为该用户在 运行本书中工作?
理想情况下,答案应该在具有工作流结构的 Azure Automation Runbook 中工作,以资源管理器范式下的对象为目标。
详情
我正尝试在资源组内使用 Azure 自动化。我已经设置了一个 Azure AD 帐户来执行各种 Azure 任务。然后,我创建了一个 Azure 自动化凭据,使 Azure 自动化能够安全地检索登录详细信息并能够作为该用户工作。
当我 运行 Get-AzureRmAutomationCredential 时,我可以看到我的凭据可用
PS C:\...\poshetl> Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
UserName : XXXX@XXXX.onmicrosoft.com
ResourceGroupName : XXXX
AutomationAccountName : poshetl
Name : etl_service
CreationTime : 10/06/2016 15:54:41 +01:00
LastModifiedTime : 10/06/2016 15:54:41 +01:00
Description :
然后我存储这个凭证对象
PS C:\...\poshetl> $Cred = Get-AzureRmAutomationCredential -Name $serviceaccount -AutomationAccountName $automationaccount -ResourceGroupName $rgname
当我尝试使用它通过 Add-AzureAccount 实现登录效果时,出现兼容性错误。
PS C:\...\poshetl> Add-AzureAccount -Credential $Cred | Write-Verbose
Add-AzureAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:1 char:30
+ Add-AzureAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount
同样,如果我尝试 Add-AzureRmAccount
PS C:\...\poshetl> Add-AzureRmAccount -Credential $Cred | Write-Verbose
Add-AzureRmAccount : Cannot bind parameter 'Credential'. Cannot convert the
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:2 char:32
+ Add-AzureRmAccount -Credential $Cred | Write-Verbose
+ ~~~~~
+ CategoryInfo : InvalidArgument: (:) [Add-AzureRmAccount], ParameterBindingException
+ FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
背景资料
PS C:\...\poshetl> $PSversionTable
Name Value
---- -----
PSVersion 5.0.10586.122
PSCompatibleVersions {1.0, 2.0, 3.0, 4.0...}
BuildVersion 10.0.10586.122
CLRVersion 4.0.30319.42000
WSManStackVersion 3.0
PSRemotingProtocolVersion 2.3
SerializationVersion 1.1.0.1
PS C:\...\poshetl> Get-Module -ListAvailable Azure*
Directory: C:\Program Files\WindowsPowerShell\Modules
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Script 0.2.3.3 AzureAutomationAuthoringToolkit {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure.Storage {Get-AzureStorageBlob, Get-AzureStorageBlobContent, Get-AzureS...
Manifest 1.0.4 AzureRM.ApiManagement {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementSsoTo...
Manifest 1.0.4 AzureRM.Automation {Get-AzureRmAutomationJobOutputRecord, Import-AzureRmAutomatio...
Binary 0.9.1 AzureRm.AzureStackAdmin {Get-AzureRMManagedLocation, New-AzureRMManagedLocation, Remov...
Manifest 0.9.2 AzureRM.AzureStackStorage {Add-ACSFarm, Get-ACSEvent, Get-ACSEventQuery, Get-ACSFarm...}
Manifest 1.0.4 AzureRM.Backup {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerReregi...
Manifest 1.0.4 AzureRM.Batch {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-Azur...
Manifest 1.2.2 AzureRM.Compute {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet, Ne...
Manifest 1.0.4 AzureRM.DataFactories {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get-Azu...
Manifest 1.0.4 AzureRM.DataLakeAnalytics {Remove-AzureRmDataLakeAnalyticsCatalogSecret, Set-AzureRmData...
Manifest 1.0.4 AzureRM.DataLakeStore {Add-AzureRmDataLakeStoreItemContent, Export-AzureRmDataLakeSt...
Manifest 1.0.4 AzureRM.Dns {Get-AzureRmDnsRecordSet, Remove-AzureRmDnsRecordSet, Set-Azur...
Manifest 1.0.5 AzureRM.HDInsight {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefiniti...
Manifest 1.0.4 AzureRM.Insights {Add-AlertRule, Get-AlertHistory, Get-AlertRule, Remove-AlertR...
Manifest 1.1.3 AzureRM.KeyVault {Get-AzureRmKeyVault, New-AzureRmKeyVault, Remove-AzureRmKeyVa...
Manifest 1.0.4 AzureRM.Network {Add-AzureRmApplicationGatewayBackendAddressPool, Get-AzureRmA...
Manifest 1.0.4 AzureRM.NotificationHubs {Get-AzureRmNotificationHubsNamespaceAuthorizationRules, Get-A...
Manifest 1.0.4 AzureRM.OperationalInsights {Get-AzureRmOperationalInsightsSavedSearch, Get-AzureRmOperati...
Manifest 1.0.4 AzureRM.Profile {Enable-AzureRmDataCollection, Disable-AzureRmDataCollection, ...
Manifest 1.0.5 AzureRM.RecoveryServices {Get-AzureRmRecoveryServicesVault, Get-AzureRmRecoveryServices...
Manifest 1.1.2 AzureRM.RedisCache {Remove-AzureRmRedisCacheDiagnostics, Set-AzureRmRedisCacheDia...
Manifest 1.0.4 AzureRM.Resources {Get-AzureRmADApplication, Get-AzureRmADGroupMember, Get-Azure...
Manifest 1.1.3 AzureRM.SiteRecovery {Stop-AzureRmSiteRecoveryJob, Get-AzureRmSiteRecoveryNetwork, ...
Manifest 1.0.4 AzureRM.Sql {Get-AzureRmSqlDatabaseThreatDetectionPolicy, Set-AzureRmSqlDa...
Manifest 1.0.4 AzureRM.Storage {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, Get-...
Manifest 1.0.4 AzureRM.StreamAnalytics {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnalytic...
Manifest 1.0.4 AzureRM.Tags {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}
Manifest 1.0.4 AzureRM.TrafficManager {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTrafficM...
Manifest 1.0.4 AzureRM.UsageAggregates Get-UsageAggregates
Manifest 1.0.4 AzureRM.Websites {Get-AzureRmAppServicePlanMetrics, Get-AzureRmWebAppCertificat...
Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement
ModuleType Version Name ExportedCommands
---------- ------- ---- ----------------
Manifest 1.0.4 Azure {Disable-AzureServiceProjectRemoteDesktop, Enable-AzureService...
Get-AzureRMAutomationCredential 是一个 Azure cmdlet,它 returns 关于 Azure 自动化中凭证资产的元数据。从 post 中返回的数据可以看出,返回的不是 PSCredential 对象,而是一堆属性,如名称、上次修改时间、描述等(注意未返回凭据密码)。
您正在寻找的是 Get-AutomationPSCredential。这可以在运行手册中用于检索凭证资产的值作为 PSCredential:
$Cred = Get-AutomationPSCredential -Name "SomeCredentialAssetName"
Add-AzureRmAccount -Credential $Cred