I'm trying to update ACL through Azure PowerShell but I'm getting this weird error.
The script is pretty simple but don't understand what is wrong.
First I'm getting the Storage Container by name to be sure the
container already exists.
Then just trying to set ACL permission on
it but got an error saying the container doesn't exist.
Am I missing something?
Edit: Just to avoid confusion, I have full control on this storage account resource. I created it and I'm able to configure this setting through Azure portal but no with power shell.
Browse to Storage Account in the Azure Portal
Access Control (IAM)
Grant Access to this resource section (Add Role Assignments)
Role: Storage Blob Data Contributor
Assign Access to: Use the default values (I.e. User , Group , or Service Principal)
Select: User Name
Save
I tried to reproduce the same in my environment to apply ACL permissions:
Here is the script to apply the ACL permission to your container.
You can get the Azure Storage Account Key
Azure Portal > Storage accounts > YourStorageAccount >Access keys
#Install Storage Module
Install-Module Az.Storage
#Connect to Azure AD
Connect-AzureAD
#Set Context to Storage Account
$StorageContext = New-AzureStorageContext -StorageAccountName 'venkatsa' -StorageAccountKey 'StorageAccount-key'
$Container = Get-AzureStorageContainer -Name 'thejademo' -Context $StorageContext
#Get Container ACL Permissions
Get-AzStorageContainerAcl -Container "thejademo" -Context $StorageContext
#Set ACL permission to Container.
Set-AzStorageContainerAcl -Container "thejademo" -Permission Off -PassThru -Context $StorageContext
Applied ACL permission to my container
I written some code in PowerShell script to print the configuration of one web app using azure portal. But I struck in between that exactly I want to print names and values in config of particular web app like development environment...
Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass Connect-AzAccount $subscriptions = Get-AzSubscription Write-Host "Subscription:" MDD-NU-01 -Separator "" Set-AzContext -Subscription MDD-NU-01 $srcResourceGroup = "d1-sap-rg52" $srcAppName = "d1-sap-web-l521" $srcAppServer = Get-AzWebApp -ResourceGroupName $srcResourceGroup -Name $srcAppName $srcAppSettings = $srcAppServer.SiteConfig.AppSettings
1.uptohere its connecting in config appsettings
2.In appsetting there are names and value will there
3.After this i struck here the logic should give the output like print all the name and value in configuration of web app("d1-sap-web-l521")
Please anybody help me out.
Thank you
You can directly get the required information of WebApps using Get-AzureRmWebApp. Below is the script that worked for me.
$WebAppInfo = Get-AzureRmWebApp -ResourceGroupName <YourResourceGroupName> -Name <YourWebAppName>
$Configurations = $WebAppInfo.SiteConfig.AppSettings
$Configurations
In portal:
I have a Gen2 Azure storage account and try to create a stored access policy on a container using Powershell. I am signed into the account and the relevant subscription is selected. I save the context in a variable for further use by the following statements.
Connect-AzAccount
Set-AzContext -Subscription "<subscriptionid>"
$context = New-AzStorageContext -StorageAccountName "MyStorageAccount" -UseConnectedAccount
Creating a stored access policy failed so I added one manually through the portal and tried to get a list of the policies:
Get-AzStorageContainerStoredAccessPolicy -Container "MyContainer" -Context $context
This resulted in an error Get-AzStorageContainerStoredAccessPolicy: The specified resource does not exist., the same error that the "New-AzStorageContainerStoredAccessPolicy" command yielded. Adding the name of the existing policy with the -Policy parameter did not change the outcome, neither did changing the access level on the container.
I think I can also rule out typos as Get-AzStorageContainer "MyContainer" -Context $context gives me the details of the container as expected.
I am unclear as to what resource it is that does not exists, as the container clearly exists and it also contains at least one stored access policy. Can the container stored access policy command not be used on a Gen2 storage account or am I missing something else?
This is because Get/New-AzStorageContainerStoredAccessPolicy isn't supported by Oauth. You can find all operations supported by Oauth https://learn.microsoft.com/en-us/azure/role-based-access-control/resource-provider-operations#microsoftstorage.
As a workaround, you can use connection string to do this:
Connect-AzAccount
Set-AzContext -Subscription "<subscriptionid>"
$context = New-AzStorageContext -ConnectionString "<Connection string>"
Get-AzStorageContainerStoredAccessPolicy -Container "<Container Name>" -Context $context
Same issue in Github: https://github.com/Azure/azure-powershell/issues/10391.
I am using Get-AzRoleAssignment to get RBAC details for Data Lake Storage Gen1 resource.
Command :
Get-AzRoleAssignment -ResourceGroupName "test" -ResourceName "testResource" -ResourceType "Microsoft.DataLakeAnalytics/accounts"
Above command gives us list of resources who have access to resource mentioned. Since first use of this command we have removed access for many resources but command still return names for those. I logged out and logged in multiple times to check if its caching issue but no use.
I have various scripts which I used to run in a wrapper to allow me to handle things like checking I had a valid connection and to ask the user if the connection/subscription currently selected is the one they want to run the script on before running it etc.
The classic commands have Clear-AzureProfile which allows me to run it from a script and effectively break the connection so that it can't be used again without calling Add-AzureAccount.
With the RM cmdlets I can only find Login-AzureRmAccount but once I've logged in...how do I call logout?
There doesn't appear to be a Logout-AzureRMAccount or Remove-AzureRMAccount and Clear-AzureProfile has no effect.
I run a dev workstation and connect to several different client subscriptions so want to be able to destroy the connection rather than just calling another login over the top of it (if that login failed I would still have the old connection set up which is dangerous for me)
I've just logged this at: https://msdn.microsoft.com/en-us/library/mt619248.aspx as from the documentation it looks like the commands may be lacking
It appears the following works:
Set-AzureRmContext -Context ([Microsoft.Azure.Commands.Profile.Models.PSAzureContext]::new())
UPDATE: For new powershell Azure "az" module, please use
Connect-AzAccount
for login and
Disconnect-AzAccount
for logout.
> get-command -Module AzureRM.Profile
CommandType Name
----------- ----
Alias Login-AzureRmAccount
Alias Select-AzureRmSubscription
Cmdlet Add-AzureRmAccount
Cmdlet Add-AzureRmEnvironment
Cmdlet Disable-AzureRmDataCollection
Cmdlet Enable-AzureRmDataCollection
Cmdlet Get-AzureRmContext
Cmdlet Get-AzureRmEnvironment
Cmdlet Get-AzureRmSubscription
Cmdlet Get-AzureRmTenant
Cmdlet Remove-AzureRmEnvironment
Cmdlet Save-AzureRmProfile
Cmdlet Select-AzureRmProfile
Cmdlet Set-AzureRmContext
Cmdlet Set-AzureRmEnvironment
Note that Login-AzureRmAccount is an alias to Add-AzureRmAccount and there's no corresponding Remove.
Set-AzureRmContext might take a $null to clear the context, but I would be surprised if it doesn't instead just give an error.
Directly closing your PS session would do. The AzureRM.Profile module won't persist your profile until you tell it to do so with Save-AzureRmProfile.
In latest powershell version 1.0.1 MS hasn't provided any cmdlets which you are searching like Logout-AzureRMAccount or Remove-AzureRMAccount and Clear-AzureRMProfile.
In your case I would rather suggest a workaround for you.
Firstly close your PS window, delete your cahce and temp data.
Secondly, Delete your name from Azure AD and then Add it back. Download a new publishsetting file and start doing afresh. Once you re-add the name it will treat everything as new for you.
It's worth noting that you can always kick out an exception if the call to Login-AzureRmAccount fails to ensure your script doesn't continue with the old account:
Login-AzureRmAccount -ErrorAction Stop
The resulting dialog won't allow an invalid login. It will let you know if you're already logged in and give the choice to stay logged in with the current account or login with another, at which point the user still has to make some sort of conscious choice to proceed. If they choose to cancel out of the login dialog, the resulting exception will stop the script.
login-azurermaccount : authentication_canceled: User canceled authentication
At line:1 char:1
+ login-azurermaccount
+ ~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Add-AzureRmAccount], AadAuthenticationCanceledException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.Profile.AddAzureRMAccountCommand
I know this is an old question. But it looks like this has been updated with Remove-AzureAccount. You can read more about it here and Remove-AzureRMAccount found here.
AzureRM context used to be bound to a powershell session, so just closing the console was enough.
But it seems latest versions of the powershell module have changed that.
Using the latest version of the powershell module, if you login in one console, you will also be logged in all the other consoles.
And you can log off using the new cmdlet Logout-AzureRmAccount.