Azure DevOps Pipeline not authenticating Az SQL powershell commands
When using the Azure CLI task within an Azure DevOps pipeline to run a powershell script as per the below:
$resourceGroupName = "rgname"
$serverName = "sqldbname"
$databases = Get-AzSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $serverName
foreach ($database in $databases) {
Write-Host "Deleting database $($database.DatabaseName)..."
Remove-AzSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $serverName -DatabaseName $database.DatabaseName -Force
}
I'm seeing the below error thrown on the Get-AzSqlDatabase command:
Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials. No certificate thumbprint or secret provided for the given service principal '***'.
I've also seen the same with the managed instance equivalent command 'Get-AzSqlInstanceDatabase'
What is the best way to authenticate these types of requests that does not require interaction? (given that it is being run within a pipeline as part of an automated process).
As an FYI the pipelines are being run on a self-hosted windows agent and the scripts within the job have been given access to the OAuth token.
Your Azure credentials have not been set up or have expired, please run Connect-AzAccount to set up your Azure credentials. No certificate thumbprint or secret provided for the given service principal '***'.
Based on the error message, the Connect-AzAccount need to be run before the Get-AzSqlDatabase command.
To solve this issue, I suggest that you can change to use Azure PowerShell task.
It will automatically running the Connect-AzAccount command.
Here is an example:
steps:
- task: AzurePowerShell@5
displayName: 'Azure PowerShell script: InlineScript'
inputs:
azureSubscription: 'xx'
ScriptType: InlineScript
Inline: |
$resourceGroupName = "xxx"
$serverName = "xxx"
$databases = Get-AzSqlDatabase -ResourceGroupName $resourceGroupName -ServerName $serverName
echo $databases
azurePowerShellVersion: LatestVersion
Result:
- How to authenticate large numbers of amazon S3 get requests
- Can a client-side login be safe?
- I'm trying to connect with my Heroku app and when I enter my email and password, it's asking me "Enter the code generated by your authenticator app."
- How to generate COMMON KEY RING to Share cookies across subdomains?
- django after submit login info, does not lead to intended detail view page
- Getting OAuth code challenge on loopback server
- Unable to login to GitHub account even with correct credentials
- 10 second delay between login and shell prompt.
- Accessing private Azure Blob Storage using BlobServiceClient
- Cypress can't find the password field in the Microsoft Login
- Where is correct place to authenticate users from multiple places?
- symfony - getting logged out at form->handleRequest
- Laravel auth vs Passport vs Sanctum
- Hit web endpoints behind Devise authentication with non-browser request in a Rails app
- HERE Geocoder API: authentication problem
- Cookie LoginPath not redirecting to path
- why my postman basic auth not working correctly?
- AWS Cognito: Missing Scopes in Access Token with Custom UI and Device Remember Functionality for MFA
- Cypress test starts from the begining for every test case
- Auth.js v5 Database Session Strategy for Credential Provider Returning Null
- NET MAUI unable to implement social login for Android and iOS
- Proper design for th Keycloak auth with APIs and UI
- AuthenticationFailed while calling azure api
- Django OAuth2 Authentication Failing in Unit Tests - 401 'invalid_client' Error
- ServiceStack JWT Refresh token uses Session identifier when used with OAuth AuthProvider
- No route matches [GET] "/users/sign_out"
- Sourcing R files in a private github folder
- Credentials do not work for "docker login"
- Google Authenticator available as a public service?
- How to handle client card/pfx authentication certificate popup in Playwright