Azure Automation 在返回 400 错误的混合辅助角色上调用内部应用程序 Rest API
Azure Automation calling an interal application Rest API on a Hybrid Worker returning a 400 error
我正在尝试构建 Azure Automation Runbook 来解锁本地 AD 帐户。帐户解锁后,我想向我们的 ITSM 应用程序提交一张票据,其中包含 API。我能够在 Windows PowerShell 中在服务器上创建调用并获得 return 代码 200。
然而,当我从 Azure Automation 运行 它时,我收到错误代码 400 错误请求。关于为什么我可以使用 Windows PowerShell 在服务器上进行调用而不是 Hybrid Worker 上的 Azure Automation,有什么想法吗?
Custom_ITSM_API_Module 的模块是一个自主开发的模块,在我尝试过的所有地方都可以使用。它适用于我的开发计算机 (Windows PowerShell) 和混合辅助服务器 (Windows PowerShell),但在使用 Azure Automation 时无效。
代码:
Param
([object]$WebhookData) #this parameter name needs to be called WebHookData otherwise the webhook does not work as expected.
$VerbosePreference = 'continue'
Import-Module ActiveDirectory
Import-Module "Custom_ITSM_API_Module"
#region Verify if Runbook is started from Webhook.
# If runbook was called from Webhook, WebhookData will not be null.
if ($WebHookData){
# Collect properties of WebhookData
$WebhookName = $WebHookData.WebhookName
$WebhookHeaders = $WebHookData.RequestHeader
$WebhookBody = $WebHookData.RequestBody
# Collect individual headers. Input converted from JSON.
$From = $WebhookHeaders.From
$RequestData = (ConvertFrom-Json -InputObject $WebhookBody)
Write-Output -InputObject ('Input: {0}' -f $RequestData )
Write-Output ('WebhookBody: {0}' -f $WebhookBody)
Write-Output -InputObject ('Runbook started from webhook {0} by {1}.' -f $WebhookName, $From)
$User = Get-ADUser $RequestData.SamAccountName -Properties *
If($User.SamAccountName.count -ne 1 ){
throw "Found $($User.SamAccountName.count) user(s). Please make sure this user is unique"
}
else{
Write-Output "Unlocking User"
Unlock-ADAccount -Identity $User
$RanByEmployeeID = $RequestData.RanByEmployeeID
$Runby = Get-ADUser -Filter {EmployeeID -eq $RanByEmployeeID} -Properties EmployeeID
$Description = "User Unlcoked<br>EmployeeID: $($User.EmployeeID)<br>SamAccountName: $($User.SamAccountName)<br>Unlocked at: $((Get-Date).ToString())"
Write-Custom_ITSM_API_ModuleTicket -Title "Unlocked User $($User.Name)"-Description $Description
}
}
else{
Write-Error -Message 'Runbook was not started from Webhook' -ErrorAction stop
}
我遇到的问题实际上是我们的防火墙和代理的问题。这些服务器无法与建议的所有 Azure/O365 URL 对话。一旦我们将所有 URL 列入白名单,我就可以与我的内部应用程序通话。
我正在尝试构建 Azure Automation Runbook 来解锁本地 AD 帐户。帐户解锁后,我想向我们的 ITSM 应用程序提交一张票据,其中包含 API。我能够在 Windows PowerShell 中在服务器上创建调用并获得 return 代码 200。
然而,当我从 Azure Automation 运行 它时,我收到错误代码 400 错误请求。关于为什么我可以使用 Windows PowerShell 在服务器上进行调用而不是 Hybrid Worker 上的 Azure Automation,有什么想法吗?
Custom_ITSM_API_Module 的模块是一个自主开发的模块,在我尝试过的所有地方都可以使用。它适用于我的开发计算机 (Windows PowerShell) 和混合辅助服务器 (Windows PowerShell),但在使用 Azure Automation 时无效。
代码:
Param
([object]$WebhookData) #this parameter name needs to be called WebHookData otherwise the webhook does not work as expected.
$VerbosePreference = 'continue'
Import-Module ActiveDirectory
Import-Module "Custom_ITSM_API_Module"
#region Verify if Runbook is started from Webhook.
# If runbook was called from Webhook, WebhookData will not be null.
if ($WebHookData){
# Collect properties of WebhookData
$WebhookName = $WebHookData.WebhookName
$WebhookHeaders = $WebHookData.RequestHeader
$WebhookBody = $WebHookData.RequestBody
# Collect individual headers. Input converted from JSON.
$From = $WebhookHeaders.From
$RequestData = (ConvertFrom-Json -InputObject $WebhookBody)
Write-Output -InputObject ('Input: {0}' -f $RequestData )
Write-Output ('WebhookBody: {0}' -f $WebhookBody)
Write-Output -InputObject ('Runbook started from webhook {0} by {1}.' -f $WebhookName, $From)
$User = Get-ADUser $RequestData.SamAccountName -Properties *
If($User.SamAccountName.count -ne 1 ){
throw "Found $($User.SamAccountName.count) user(s). Please make sure this user is unique"
}
else{
Write-Output "Unlocking User"
Unlock-ADAccount -Identity $User
$RanByEmployeeID = $RequestData.RanByEmployeeID
$Runby = Get-ADUser -Filter {EmployeeID -eq $RanByEmployeeID} -Properties EmployeeID
$Description = "User Unlcoked<br>EmployeeID: $($User.EmployeeID)<br>SamAccountName: $($User.SamAccountName)<br>Unlocked at: $((Get-Date).ToString())"
Write-Custom_ITSM_API_ModuleTicket -Title "Unlocked User $($User.Name)"-Description $Description
}
}
else{
Write-Error -Message 'Runbook was not started from Webhook' -ErrorAction stop
}
我遇到的问题实际上是我们的防火墙和代理的问题。这些服务器无法与建议的所有 Azure/O365 URL 对话。一旦我们将所有 URL 列入白名单,我就可以与我的内部应用程序通话。