dbatools icon indicating copy to clipboard operation
dbatools copied to clipboard
verified publisher icon dataplat

New-DbaAzAccessToken with Managed Identity fails in Azure Function App

Open Kevinnns opened this issue 2 years ago • 2 comments

Verified issue does not already exist?

I have searched and found no existing issue

What error did you receive?

[Warning] WARNING: [09:33:11][New-DbaAzAccessToken] Failure | An attempt was made to access a socket in a way forbidden by its access permissions.

Steps to Reproduce

$token = New-DbaAzAccessToken -Type ManagedIdentity -Subtype AzureSqlDb -Verbose

Please confirm that you are running the most recent version of dbatools

Major Minor Build Revision

2 0 4 -1

Other details or mentions

I'm not ruling out I'm doing something completely wrong, if so I apologize. But I do not have a clue based on the current docs and information I can find.

Switching to $Token = (Get-AzAccessToken -ResourceUrl 'https://database.windows.net/').Token seems to help work-a-round the issue.

Azure App Function is running in 64 Bit mode.

What PowerShell host was used when producing this error

PowerShell Core (pwsh.exe)

PowerShell Host Version

Name Value

PSVersion 7.2.13 PSEdition Core GitCommitId 7.2.13 OS Microsoft Windows 10.0.14393 Platform Win32NT PSCompatibleVersions {1.0, 2.0, 3.0, 4.0…} PSRemotingProtocolVersion 2.3 SerializationVersion 1.1.0.1 WSManStackVersion 3.0

SQL Server Edition and Build number

Microsoft SQL Azure (RTM) - 12.0.2000.8 Jul 17 2023 18:40:52 Copyright (C) 2022 Microsoft Corporation

.NET Framework Version

.NET 6.0.20

Kevinnns avatar Sep 08 '23 18:09 Kevinnns

#9050 (sort of related as Function App environment issue)

This command tries to hit a local endpoint on the host that Azure Function App is likely blocking from being used.

Use of Get-AzAccessToken would be the proper use within Azure services.

wsmelton avatar Sep 09 '23 03:09 wsmelton

Alright, that makes sense then, seeing everything else works as expected at this time.

Would it be a good idea to add this to the documentation as a note with the function? As I was staring myself "blind" on the New-DbaAzAccessToken with the -Type ManagedIdentity and finally went: I'll try the normal token and that made things going.

Much appreciated for the fast response and apologies for the duplicate issue, when looking I didn't see the other issue, I'm guessing due to the naming as it does look similar.

Kevinnns avatar Sep 09 '23 04:09 Kevinnns