2

I'm using powershell function app to retrieve storage account key but i'm not able to access resources .Please help me .

$resourceGroup = "DemoResourceGroup"

$AccountName = "Demo"

$Key = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $AccountName)

Write-Host "storage account key 1 = " $Key

I'm getting following error :

2020-05-14T14:00:05Z [Error] ERROR: Get-AzStorageAccountKey : 'this.Client.SubscriptionId' cannot be null. At D:\home\site\wwwroot\TimerTrigger1\run.ps1:25 char:8 + $key = Get-AzStorageAccountKey -ResourceGroupName "DocumentParser_FBI ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Get-AzStorageAccountKey], ValidationException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Management.Storage.GetAzureStorageAccountKeyCommand

Script stack trace: at , D:\home\site\wwwroot\TimerTrigger1\run.ps1: line 25

Microsoft.Rest.ValidationException: 'this.Client.SubscriptionId' cannot be null. at Microsoft.Azure.Management.Storage.StorageAccountsOperations.ListKeysWithHttpMessagesAsync(String resourceGroupName, String accountName, Nullable1 expand, Dictionary2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeysAsync(IStorageAccountsOperations operations, String resourceGroupName, String accountName, Nullable1 expand, CancellationToken cancellationToken) at Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeys(IStorageAccountsOperations operations, String resourceGroupName, String accountName, Nullable1 expand) at Microsoft.Azure.Commands.Management.Storage.GetAzureStorageAccountKeyCommand.ExecuteCmdlet()

vaibhav
  • 103
  • 2
  • 11

1 Answers1

3

According to the script you provide, you use Az module. So if you want to choose which Azure subscription you use, you need to use the command Select-AzSubscription. Besides, you also can add -Subscription "<subscription Id>" in Connect-AzAccoun to ensure when you login, you choose the right subscription.

For example

  1. Create the service principal
Import-Module Az.Resources # Imports the PSADPasswordCredential object
$credentials = New-Object Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=<Choose a strong password>}
$sp = New-AzAdServicePrincipal -DisplayName ServicePrincipalName -PasswordCredential $credentials
  1. assign the role to the service principal. For example, assign Contributor role to the sp at the subscription level 
New-AzRoleAssignment -ApplicationId <service principal application ID> -RoleDefinitionName "Contributor" `
-Scope "/subscriptions/<subscription id>"
  1. Script
$appId = "your sp app id"
$password = "your sp password"
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($appId, $secpasswd)

Connect-AzAccount -ServicePrincipal -Credential $mycreds -Tenant <you sp tenant id>
Get-AzSubscription -SubscriptionName "CSP Azure" | Select-AzSubscription

$resourceGroup = "nora4test"

$AccountName = "qsstorageacc"

$Key = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $AccountName)[0].Value

Write-Host "storage account key 1 = " $Key
Jim Xu
  • 21,610
  • 2
  • 19
  • 39
  • @saurabhdaunde Do you have any other concerns? If you have no other concern, could you please [accept the answer](https://meta.stackexchange.com/questions/5234/how-does-accepting-an-answer-work)? It may help more people who have similar issue. – Jim Xu May 15 '20 at 08:13
  • I don't think this advice is appropriate, for powershell running in an [Azure Function App](https://azure.microsoft.com/en-gb/services/functions/). For one thing, you don't import modules with Import-Module, you do it with [Dependency Management](https://learn.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal#dependency-management). – Vince Bowdren Aug 04 '21 at 22:35