Azure Automation Job runs fine manually but fails when triggered by webhook
I've got an Automation Account in Azure that runs a Powershell runbook.
It runs perfectly fine when I trigger it via the portal, manually specifying the inputs
I've created a webhook with the same input settings. I call it from CURL like
curl -d '' https://800b2bec-b1ae-4fa1-ba30-8c7d32096828.webhook.ae.azure-automation.net/webhooks?[redactedtoken]
The webhook shows as triggered successfully in the portal, however the job fails with no visible error.
There is no output, even though the first line in my powershell function is Write-Output "Hello"
There are no exception messages, no logs at all.
Any idea how I might get more information as to what might be going wrong?
I've updated the Az modules and enabled verbose logging in the runbook.
Full source below, if it helps.
Param(
[string]$resourceGroup,
[string]$VMName,
[string]$method,
[string]$UAMI
)
Write-Output "Hello"
$automationAccount = "AlsAutomation"
# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process | Out-Null
# Connect using a Managed Service Identity
try {
$AzureContext = (Connect-AzAccount -Identity).context
}
catch{
Write-Output "There is no system-assigned user identity. Aborting.";
exit
}
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription `
-DefaultProfile $AzureContext
if ($method -eq "SA")
{
Write-Output "Using system-assigned managed identity"
}
elseif ($method -eq "UA")
{
Write-Output "Using user-assigned managed identity"
# Connects using the Managed Service Identity of the named user-assigned managed identity
$identity = Get-AzUserAssignedIdentity -ResourceGroupName $resourceGroup `
-Name $UAMI -DefaultProfile $AzureContext
# validates assignment only, not perms
if ((Get-AzAutomationAccount -ResourceGroupName $resourceGroup `
-Name $automationAccount `
-DefaultProfile $AzureContext).Identity.UserAssignedIdentities.Values.PrincipalId.Contains($identity.PrincipalId))
{
$AzureContext = (Connect-AzAccount -Identity -AccountId $identity.ClientId).context
# set and store context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext
}
else {
Write-Output "Invalid or unassigned user-assigned managed identity"
exit
}
}
else {
Write-Output "Invalid method. Choose UA or SA."
exit
}
# Get current state of VM
$status = (Get-AzVM -ResourceGroupName $resourceGroup -Name $VMName `
-Status -DefaultProfile $AzureContext).Statuses[1].Code
Write-Output "`r`n Beginning VM status: $status `r`n"
# Start or stop VM based on current state
if($status -eq "Powerstate/deallocated")
{
Start-AzVM -Name $VMName -ResourceGroupName $resourceGroup -DefaultProfile $AzureContext
}
elseif ($status -eq "Powerstate/running")
{
Stop-AzVM -Name $VMName -ResourceGroupName $resourceGroup -DefaultProfile $AzureContext -Force
}
# Get new state of VM
$status = (Get-AzVM -ResourceGroupName $resourceGroup -Name $VMName -Status `
-DefaultProfile $AzureContext).Statuses[1].Code
Write-Output "`r`n Ending VM status: $status `r`n `r`n"
Write-Output "Account ID of current context: " $AzureContext.Account.Id
We have tested this in our local environment it is working fine, Below statements are based on the analysis.
In our local environment, We have created a Powershell runbook running with different PowerShell Versions 7.1 & Version 5.1.
- Using the above share Script & webhook URI, when we are trying to invoke the runbook (PowerShell version 7.1) using the `Invoke-webRequest method it is continuously failing.
Alternatively, We have tried to invoke the runbook (PowerShell version 5.1) using the Invoke-webRequest method it is working fine.
We would suggest you to use Powershell Version 5.1 instead of 7.1 in your Runbook.
Here is the sample Output for reference:
- Filter specific items that are alone in an array of Collection String in Azure Search
- Azure Autoscaling Duration Time and Cool Down Time
- Partition Key for Cosmos DB
- How to extract TLS 1.X of all app services/web app running Azure
- VSTS Build Pipeline: Test fails connecting to Azure Key Vault
- How to Get BootStrapper.exe work in Windows Azure?
- Why Can't I See Roles Assigned to an App Registration in Azure?
- Email errors from all activities in ADF at once
- How can I ensure that Azure Text-to-Speech properly pronounces word-for-word translations?
- NGINX + Cloudflare SSL Certificate is not valid
- What the proper way to store PAT from azure registry for UV?
- Display Image stored in a sharepoint Site, on a pdf that i want to export
- Deploy Azure Initiative (set definition) with Azure PowerSHell
- Where can I find docker container logs for Azure App Service
- Variables and Parameters in Azure Data Factory?
- Secret scoped role definition and assignment using bicep
- How to get the count of files inside a certain folder of container in Azure Blob storage in C#
- Getting Error while trying to do Terraform Import of Azure Disk Encryption Sets
- Error on calling Azure Get blobs zip API, parameter blobsID
- Azure Queue Trigger is hit but not executing the logic inside of it
- trying to find out week of year in kql
- Data Factory to Snowflake copy task Fails with Failed to open the database error
- How to create BAK file from azure sql db
- Specifying user-assigned managed identity in Azure Function Terraform script
- Azure SQL Server Auditing EventHub Bicep
- BlobServiceClient singleton?
- Azure Devops Apple App Store Release.Missing value for the attribute 'whatsNew'
- How to use environment variables in React app hosted in Azure
- Azure function python app - getting nested environments variables
- Managed Identity Authentication for Azure AI Speech - WebSocket upgrade failed: Authentication error (401)