💡 Feature Request - Execution via Azure Automation Runbook

[leuthelt]

Describe the solution you'd like

I'd like to have the possibility to run the scripts repeatedly within Azure to report data automatically to Microsoft Cell team.

Describe alternatives you've considered

Manual execution of scripts are working fine.

Additional context

It's needed to change Connect-ToAzure function, because running the 1_wara_collector.ps1 in an Azure Automation runbook isn't working properly.

$Script:ShellPlatform -eq 'Win32NT' is true and the function isn't then connecting via "Connect-AzAccount -Identity"

Possible solutions:

1. Verify if there's already a Azure context (Get-AzContext). In case of Azure Automation you'll connect only once with "Connect-AzAccount" at the beginning of a runbook.
2. Insert condition within Connect-ToAzure function for Automation Account runbook

if($PSPrivateMetadata.JobId) {
   # in Azure Automation
}
else {
   # not in Azure Automation
}

[ejhenry]

Hi @leuthelt, can you expand a bit on your use case and the goal you're trying to accomplish by running the collector script in a runbook?

[leuthelt]

Hi @ejhenry, Our use case is to run mainly collector script twice a month and provide the output (JSON file) to Microsoft. Microsoft is then analyzing the data and will inform us with a summary about improvement areas. So it was a suggestion from Microsoft to use it. Hope that helps.

[kpoineal]

@leuthelt We've changed the Connect-ToAzure function to be OS agnostic. It should not longer care what OS it is running on. Can you try this again and let me know?

[leuthelt]

@kpoineal, Thanks for the update. I've tested and was able to run it, but I've found some improvement areas.

My Automation Account Runbook (Runtime version 7.2):

# Ensures you do not inherit an AzContext in your runbook
Disable-AzContextAutosave -Scope Process | Out-Null

# Connect to Azure with system-assigned managed identity
Connect-AzAccount -Identity | Out-Null

# Get all subscriptions where identity has access
$Subscriptions = Get-AzSubscription
Write-Output "Available subscriptions:`n$([array]$Subscriptions.Name -join ", ")"

# Download scripts 
Invoke-WebRequest -Uri "https://aka.ms/aprl/tools/1" -out 1_wara_collector.ps1
# Invoke-WebRequest -Uri "https://aka.ms/aprl/tools/2" -out 2_wara_data_analyzer.ps1
# Invoke-WebRequest -Uri "https://aka.ms/aprl/tools/3" -out 3_wara_reports_generator.ps1

#TODO Run collector script with comma separated list of available subscriptions doesn't work because of wrong SubscriptionIds validation
# ./1_wara_collector.ps1 `
#     -TenantID (Get-AzContext).Tenant.Id  `
#     -SubscriptionIds ($($Subscriptions | ForEach-Object { "`"/subscriptions/$($_.SubscriptionId)`"" }) -join ",")
./1_wara_collector.ps1 `
    -TenantID (Get-AzContext).Tenant.Id  `
    -SubscriptionIds "/subscriptions/$($Subscriptions[0].SubscriptionId)"

#TODO 1_wara_collector.ps1 doesn't return the FullName of the created JSON file 
$CreatedFile = Get-ChildItem -Path $PSScriptRoot -Filter WARA-File*.json
$CreatedFile
$CreatedFileFullPath = $CreatedFile[0].FullName
# Output content for testing
Get-Content $CreatedFileFullPath

#TODO Upload file to Confluence

To be able to run Search-AzGraph needed for 1_wara_collector.ps1, I've installed the Module Az.ResourceQuery for the Automation Acount:

New-AzAutomationModule `
    -ResourceGroupName "<ResourceGroupName>" `
    -AutomationAccountName "<AutomationAccountName>" `
    -Name "Az.ResourceGraph" `
    -RuntimeVersion 7.2 `
    -ContentLinkUri "https://devopsgallerystorage.blob.core.windows.net:443/packages/az.resourcegraph.1.0.0.nupkg"

Improvement areas:

1. Required modules information within 1_wara_collector.ps1
2. Write-Host not working within Runbook. I cannot see any output.
3. SubscriptionIds doesn't allow a comma-seperated list anymore. Validation seems to be not right.
4. 1_wara_collector.ps1 should return FullName of created JSON file. Then I don't have to search it afterwards.

Thanks for your help.