Azure Question posted in
The official documentation to get you started can be found here.

Authentication needed when running Powershell scripts from the Azure Pipeline, but not from running Azure CLI

We are pushing out to Azure using an Azure DevOps Pipeline.

We are trying to run the following command as part of a task, inside of the azure-pipelines.yml file:

az ad app list --all

This works under Azure CLI without the need to login, but not under AzurePowerShell.

Here is the section from the YAML file for the Azure CLI task:

- task: AzureCLI@2
      displayName: Azure CLI - Deploy bicep files
      inputs:
        azureSubscription: $(serviceConnectionName)
        scriptType: bash
        scriptLocation: inlineScript
        useGlobalConfig: false
        inlineScript: |    
          az ad app list --all

Here is the YAML section for PowerShell:

- task: AzurePowerShell@5
      inputs:
        azureSubscription: $(serviceConnectionName)
        azurePowerShellVersion: LatestVersion
        ScriptType: 'InlineScript'
        Inline: |
          az ad app list --all

When running under PowerShell, the error in the pipeline log is as follows:

ERROR: Please run 'az login' to setup account.

I’m confused why this works under Azure CLI but not AzurePowerShell. Are we missing a parameter or setting that would fix this?

Any help gratefully received.

Thanks,

Steve.

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0

    Thanks very much for this Alvin - you've hit the problem on the head exactly. Now that we have this working in the YAML file, I'd actually rather move it to a bicep module rather than in the YAML file. We're now hitting new problems.

    We have this in the bicep file:

    resource deploymentScript 'Microsoft.Resources/deploymentScripts@2023-08-01' = { name: 'TestPS' location: locationName kind: 'AzurePowerShell' properties: { azPowerShellVersion: '10.0' timeout: 'PT10M' retentionInterval: 'P1D'
    cleanupPreference: 'OnExpiration' arguments: '-Name "${name}"' scriptContent: ''' param([string] $Name)

      $output = (Get-AzADApplication -DisplayName 'Test_Sample1 (Microsoft Copilot Studio)' -Select appId).appId

  $DeploymentScriptOutputs = @{}
  $DeploymentScriptOutputs['text'] = $output
  '''

    } }

    output text string = deploymentScript.properties.outputs.text

    ...but when we run it, we get this:

    The template output 'text' is not valid: The provided value for the template output 'text' is not valid. Expected a value of type 'String, Uri', but received a value of type 'Null'.

    We can't work out why this is.

    [Apologies for the weird formatting - it doesn't like the delimiters in the code]


  2. 0

    Please note that AzurePowerShell@5 task runs Connect-AzAccount command to authenticate service principal access to Azure NOT az login as AzureCLI@2 task does.

    Azure CLI and Azure PowerShell are two different sets of command tools. In Azure PowerShell, you may try and use the Get-AzADApplication command instead to list AAD apps.

    pool:
  vmImage: ubuntu-latest

steps:
- task: AzureCLI@2
  displayName: Azure CLI - Deploy bicep files
  inputs:
    azureSubscription: $(serviceConnectionName)
    scriptType: bash
    scriptLocation: inlineScript
    useGlobalConfig: false
    inlineScript: |    
      az ad app list --all
- task: AzurePowerShell@5
  displayName: Azure PowerShell - Deploy bicep files
  inputs:
    azureSubscription: $(serviceConnectionName)
    azurePowerShellVersion: LatestVersion
    ScriptType: 'InlineScript'
    Inline: |
      Get-AzADApplication

    Image

    Please also be advised to use different Azure CLI and Azure PowerShell commands for bicep template deployment.

    Deploy resources with Azure CLI and Bicep files – Azure Resource Manager | Microsoft Learn

    Deploy resources with PowerShell and Bicep – Azure Resource Manager | Microsoft Learn

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search