2

I have a set of small scripts written i PowerShell using the Az module that perform some maintenance tasks as part of a release pipeline in Azure DevOps. One of these scripts use the Azure CLI for one of its operations so I need to authenticate with both Azure PowerShell and Azure CLI in the same devops task in my pipeline.

I know I can split up the script and run one section from an Azure CLI task and another from an Azure PowerShell task, but I was hoping to keep it all clean and together. I prefer the clarity and tooling when using Az-PowerShell, but since there is not yet parity between az-cli and az-powershell I sometimes need to use the former.

I may also be able to read env vars from an Azure CLI task and transfer them to PowerShell to do az login from there, but I was hoping there was a cleaner way to do this. Ideally an AzureCLIAndPowerShell task or something like that.

Is there some way to perform a headless az login on a Microsoft hosted agent from within a script launched by an Azure PowerShell task?

Or to be more precise: Is there a way to use both Az-Powershell and Azure-CLI in an authenticated state within the same task in an Azure DevOps Pipeline?

Improve this question

1 Answer 1

Reset to default
2

So here is what I have done. This I have tested so switch to an Azure@CLI2 and this should get you access to both. To authenticate via azure powershell from CLI

Connect-AzAccount -KeyVaultAccessToken $(az account get-access-token --resource https://vault.azure.net --query accessToken --output tsv)  -AccessToken $(az account get-access-token --query accessToken --output tsv) -AccountId $userId["value"]

If you want to read KV data -KeyVaultAccessToken is required.

You can reverse this some and get an access token from azure PowerShell, but I have not found a way to use it to login. In Azure PowerShell you can run

(Get-AzAccessToken).Token

That will give you the access Token. You might be able to do some tickery with it, but right now The easist method I would say is use the Azure@CLI2 pass in the servicePrincipal like normal and then use the above azure cli to Azure PowerShell.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks for the tip @Ron. This is a pretty cool approach. I did not know I could extract tokens like that. As a test I grabbed the generic token using az account get-access-token --query accessToken --output tsv and used it with Connect-AzAccount -AccessToken and that appears to have worked. I needed the user id from az account show --query user.name --output tsv as well, but that seems to work!

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.