Get-AzureRmAutomationCredential＆amp ;;之间的对象不兼容Add-AzureAccount -Credential

Question

TL; DR

如何获取Azure自动化凭据并将其用作Runbook中的该用户？

理想情况下，答案应该在具有工作流结构的Azure自动化Runbook中工作，以资源管理器范例下的目标为目标。

详细

我尝试在资源组内部使用Azure自动化。我已经设置了一个Azure AD帐户，用于执行各种Azure任务。然后，我创建了一个Azure自动化凭据，以使Azure自动化能够安全地检索登录详细信息，并能够以该用户身份工作。

当我运行Get-AzureRmAutomationCredential时，我可以看到我的凭据可用

PS C:\...\poshetl> Get-AzureRmAutomationCredential -Name $serviceaccount  -AutomationAccountName $automationaccount -ResourceGroupName $rgname


UserName              : XXXX@XXXX.onmicrosoft.com
ResourceGroupName     : XXXX
AutomationAccountName : poshetl
Name                  : etl_service
CreationTime          : 10/06/2016 15:54:41 +01:00
LastModifiedTime      : 10/06/2016 15:54:41 +01:00
Description           : 

然后我存储此凭证对象

PS C:\...\poshetl> $Cred = Get-AzureRmAutomationCredential -Name $serviceaccount  -AutomationAccountName $automationaccount -ResourceGroupName $rgname

当我尝试使用此功能通过Add-AzureAccount实现登录效果时，出现兼容性错误。

PS C:\...\poshetl> Add-AzureAccount -Credential $Cred  | Write-Verbose

Add-AzureAccount : Cannot bind parameter 'Credential'. Cannot convert the 
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type 
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:1 char:30
+ Add-AzureAccount -Credential $Cred  | Write-Verbose
+                              ~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Add-AzureAccount], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.WindowsAzure.Commands.Profile.AddAzureAccount

同样，如果我尝试使用Add-AzureRmAccount

PS C:\...\poshetl> Add-AzureRmAccount -Credential $Cred  | Write-Verbose

Add-AzureRmAccount : Cannot bind parameter 'Credential'. Cannot convert the 
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" value of type 
"Microsoft.Azure.Commands.Automation.Model.CredentialInfo" to type "System.Management.Automation.PSCredential".
At line:2 char:32
+ Add-AzureRmAccount -Credential $Cred  | Write-Verbose
+                                ~~~~~
    + CategoryInfo          : InvalidArgument: (:) [Add-AzureRmAccount], ParameterBindingException
    + FullyQualifiedErrorId : CannotConvertArgumentNoMessage,Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand

背景信息

PS C:\...\poshetl> $PSversionTable

Name                           Value                                                                                       
----                           -----                                                                                       
PSVersion                      5.0.10586.122                                                                               
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0...}                                                                     
BuildVersion                   10.0.10586.122                                                                              
CLRVersion                     4.0.30319.42000                                                                             
WSManStackVersion              3.0                                                                                         
PSRemotingProtocolVersion      2.3                                                                                         
SerializationVersion           1.1.0.1   

PS C:\...\poshetl> Get-Module -ListAvailable Azure*


    Directory: C:\Program Files\WindowsPowerShell\Modules


ModuleType Version    Name                                ExportedCommands                                                 
---------- -------    ----                                ----------------                                                 
Script     0.2.3.3    AzureAutomationAuthoringToolkit     {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...
Script     0.2.3.3    AzureAutomationAuthoringToolkit     {Get-AutomationVariable, Get-AutomationCertificate, Get-Automa...


    Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ResourceManager\AzureResourceManager


ModuleType Version    Name                                ExportedCommands                                                 
---------- -------    ----                                ----------------                                                 
Manifest   1.0.4      Azure.Storage                       {Get-AzureStorageBlob, Get-AzureStorageBlobContent, Get-AzureS...
Manifest   1.0.4      AzureRM.ApiManagement               {Add-AzureRmApiManagementRegion, Get-AzureRmApiManagementSsoTo...
Manifest   1.0.4      AzureRM.Automation                  {Get-AzureRmAutomationJobOutputRecord, Import-AzureRmAutomatio...
Binary     0.9.1      AzureRm.AzureStackAdmin             {Get-AzureRMManagedLocation, New-AzureRMManagedLocation, Remov...
Manifest   0.9.2      AzureRM.AzureStackStorage           {Add-ACSFarm, Get-ACSEvent, Get-ACSEventQuery, Get-ACSFarm...}   
Manifest   1.0.4      AzureRM.Backup                      {Backup-AzureRmBackupItem, Enable-AzureRmBackupContainerReregi...
Manifest   1.0.4      AzureRM.Batch                       {Remove-AzureRmBatchAccount, Get-AzureRmBatchAccount, Get-Azur...
Manifest   1.2.2      AzureRM.Compute                     {Remove-AzureRmAvailabilitySet, Get-AzureRmAvailabilitySet, Ne...
Manifest   1.0.4      AzureRM.DataFactories               {Remove-AzureRmDataFactory, Get-AzureRmDataFactoryRun, Get-Azu...
Manifest   1.0.4      AzureRM.DataLakeAnalytics           {Remove-AzureRmDataLakeAnalyticsCatalogSecret, Set-AzureRmData...
Manifest   1.0.4      AzureRM.DataLakeStore               {Add-AzureRmDataLakeStoreItemContent, Export-AzureRmDataLakeSt...
Manifest   1.0.4      AzureRM.Dns                         {Get-AzureRmDnsRecordSet, Remove-AzureRmDnsRecordSet, Set-Azur...
Manifest   1.0.5      AzureRM.HDInsight                   {Get-AzureRmHDInsightJob, New-AzureRmHDInsightSqoopJobDefiniti...
Manifest   1.0.4      AzureRM.Insights                    {Add-AlertRule, Get-AlertHistory, Get-AlertRule, Remove-AlertR...
Manifest   1.1.3      AzureRM.KeyVault                    {Get-AzureRmKeyVault, New-AzureRmKeyVault, Remove-AzureRmKeyVa...
Manifest   1.0.4      AzureRM.Network                     {Add-AzureRmApplicationGatewayBackendAddressPool, Get-AzureRmA...
Manifest   1.0.4      AzureRM.NotificationHubs            {Get-AzureRmNotificationHubsNamespaceAuthorizationRules, Get-A...
Manifest   1.0.4      AzureRM.OperationalInsights         {Get-AzureRmOperationalInsightsSavedSearch, Get-AzureRmOperati...
Manifest   1.0.4      AzureRM.Profile                     {Enable-AzureRmDataCollection, Disable-AzureRmDataCollection, ...
Manifest   1.0.5      AzureRM.RecoveryServices            {Get-AzureRmRecoveryServicesVault, Get-AzureRmRecoveryServices...
Manifest   1.1.2      AzureRM.RedisCache                  {Remove-AzureRmRedisCacheDiagnostics, Set-AzureRmRedisCacheDia...
Manifest   1.0.4      AzureRM.Resources                   {Get-AzureRmADApplication, Get-AzureRmADGroupMember, Get-Azure...
Manifest   1.1.3      AzureRM.SiteRecovery                {Stop-AzureRmSiteRecoveryJob, Get-AzureRmSiteRecoveryNetwork, ...
Manifest   1.0.4      AzureRM.Sql                         {Get-AzureRmSqlDatabaseThreatDetectionPolicy, Set-AzureRmSqlDa...
Manifest   1.0.4      AzureRM.Storage                     {Get-AzureRmStorageAccount, Get-AzureRmStorageAccountKey, Get-...
Manifest   1.0.4      AzureRM.StreamAnalytics             {Get-AzureRmStreamAnalyticsFunction, Get-AzureRmStreamAnalytic...
Manifest   1.0.4      AzureRM.Tags                        {Remove-AzureRmTag, Get-AzureRmTag, New-AzureRmTag}              
Manifest   1.0.4      AzureRM.TrafficManager              {Disable-AzureRmTrafficManagerEndpoint, Enable-AzureRmTrafficM...
Manifest   1.0.4      AzureRM.UsageAggregates             Get-UsageAggregates                                              
Manifest   1.0.4      AzureRM.Websites                    {Get-AzureRmAppServicePlanMetrics, Get-AzureRmWebAppCertificat...


    Directory: C:\Program Files (x86)\Microsoft SDKs\Azure\PowerShell\ServiceManagement


ModuleType Version    Name                                ExportedCommands                                                 
---------- -------    ----                                ----------------                                                 
Manifest   1.0.4      Azure                               {Disable-AzureServiceProjectRemoteDesktop, Enable-AzureService...

Answer 1

Get-AzureRMAutomationCredential是一个Azure cmdlet，它返回有关Azure自动化中凭据资产的元数据。正如您在帖子中返回的数据所看到的那样，它不是返回的PSCredential对象，而是一系列属性，如名称，上次修改时间，描述等（请注意，不会返回凭据密码）。

您正在寻找的是Get-AutomationPSCredential。这可以在Runbook中用于检索凭据资产的值作为PSCredential：

$Cred = Get-AutomationPSCredential -Name "SomeCredentialAssetName" Add-AzureRmAccount -Credential $Cred