Get-AzAutomationJob returns nothing when using managed identity for an automation account-CodePudding

I've given the automation account a system assigned managed identity. Successfully used these to set the context :

$AzureContext = (Connect-AzAccount -Identity).context
$AzureContext = Set-AzContext -SubscriptionName $AzureContext.Subscription -DefaultProfile $AzureContext

But when I use this inside the runbook to get the jobs :

Get-AzAutomationJob -ResourceGroupName $resourceGroupName -AutomationAccountName $automationAccountName -RunbookName $runbookName -DefaultProfile $AzureContext

it returns nothing. No error, so command must execute, but doesn't return any results. What I noticed is that the context which returns when connecting with the managed identity, doesn't have values for Name and Subscription. It only has values for Account, Environment and Tenant. Could this be the problem?

CodePudding user response：

I just ran a short test with your commands in the portal powershell and used 'Get-AzAutomationJob' with two runbooks. One of them has the status set to 'Published' and the other to 'New'. The new one has no prior jobs that ran.

Get-AzAutomationJob -ResourceGroupName $resourceGroupName  -AutomationAccountName $automationAccountName -RunbookName "shutdown" -DefaultProfile $AzureContext

yields the result:

ResourceGroupName      : Dev-Portal-01_group
AutomationAccountName  : ls-automation
JobId                  : 06f06c17-77fb-4565-9ad4-da9ca0e5a4ea
CreationTime           : 10/26/2022 3:00:20 PM  00:00
Status                 : Completed
StatusDetails          : 
StartTime              : 10/26/2022 3:00:28 PM  00:00
EndTime                : 10/26/2022 3:00:32 PM  00:00
Exception              : 
LastModifiedTime       : 10/26/2022 3:00:32 PM  00:00
LastStatusModifiedTime : 1/1/0001 12:00:00 AM  00:00
JobParameters          : {}
RunbookName            : shutdown
HybridWorker           : 
StartedBy              :

and several more showing in the portal.

whereas

Get-AzAutomationJob -ResourceGroupName $resourceGroupName  -AutomationAccountName $automationAccountName -RunbookName "provision-portal" -DefaultProfile $AzureContext

Gives back nothing.

After creating a simple scheduled job in the 'provision-portal' runbook I received output when running the same command again:

ResourceGroupName      : Dev-Portal-01_group
AutomationAccountName  : ls-automation
JobId                  : 21ff3540-9843-4ccc-8775-12ffa12c128b
CreationTime           : 10/27/2022 7:07:01 AM  00:00
Status                 : Completed
StatusDetails          : 
StartTime              : 10/27/2022 7:07:16 AM  00:00
EndTime                : 10/27/2022 7:07:20 AM  00:00
Exception              : 
LastModifiedTime       : 10/27/2022 7:07:20 AM  00:00
LastStatusModifiedTime : 1/1/0001 12:00:00 AM  00:00
JobParameters          : {}
RunbookName            : provision-portal
HybridWorker           : 
StartedBy              :

Can you check the Authoring status and see if it is published and if any jobs are running or ran?

Kind regards

CodePudding user response：

Well the problem turned out quite trivial. I had to give permissions for the subscription to the managed identity. Even though I'm not using this identity to access any resources, it still needs permissions to read the subscription data. Unlike the Run As account which doesn't need any permissions. So "problem" solved. Thank you for your time and desire to help!