I use the following PS script (simplified version, but the error happens here) to identify expired AppRegistrations:

$allapps = az ad app list --all | ConvertFrom-Json
$allapps | ForEach-Object {
    $app = $_
    @(
        $EndDate = az ad app credential list --id $_.objectId | ConvertFrom-Json
        $EndDate.endDate
    )
}

When I test it locally in VS code, it works fine.

Output in VSCode:

2022-01-25T11:51:11.205912 00:00
2024-02-21T12:52:11.542000 00:00
2023-06-17T11:54:30.328000 00:00
...

However, my goal is to integrate this script into Azure Devops pipelines. To run script in devops I use the devops task: AzureCLI@2 And do login with Service Connection.

When I run it in devops pipelines, I get the following error:

ERROR: argument --id: expected one argument
 
Examples from AI knowledge base:
az ad app credential list --id 00000000-0000-0000-0000-000000000000
list an application's password or certificate credentials (autogenerated)

It looks like az ad app credential list is not getting input for --id.

When I run the same code again in VSCode but without ConvertFrom-Json I get the same error. Therefore I suspect that it is because ConvertFrom-Json is not working.

Do you guys have any ideas what is causing this and how I can solve the problem?

CodePudding user response：

I tested the PowerShell script and got the same issue.

The cause of this issue is that in the response of the Azure CLI, it has no field named objectId.

The expected objectedId name is ID.

So you need to modify the $_.objectId to $_.Id. At the same time, $EndDate.endDate should be modified to $EndDate.endDateTime.

Here is the example:

$allapps = az ad app list --all | ConvertFrom-Json

$allapps | ForEach-Object {
    $app = $_
    @(
        $EndDate = az ad app credential list --id $_.id | ConvertFrom-Json
        $EndDate.endDateTime
    )
}