azurepowershellado

AzurePowerShell@5 not working with Az.Resources 6.16.0

I have an Azure DevOps pipeline using the AzurePowerShell@5 task. I pass the service connection to the task and it logs in to Azure. That part is good.

The PowerShell code that is executed by the task calls Get-AzADServicePrincipalAppRollAssignment, which requires the latest Az.Resources 6.16.0. Az.Resources 6.16.0 in turn requires Az.Accounts 2.16.0. However, the AzurePowerShell@5 task installed Az.Accounts 2.15.1.

When I try to remove Az.Accounts 2.15.1 and install the latest version, I get the following error. Not sure how to get around that. Is there a lock on the assembly because it was used to log in to Azure?

I have read about using a PowerShell session to load modules but my hunch is that would log me out of Azure?

Solution

  • I agree with @Galna Greta, The AzurePowershell@5 task will only use the Az version installed on the agent.

    I tried Installing Az.Accounts - 2.16.0 and Az.Resources in Azure Powershell task with Install-Module command but it failed. Thus instead of using AzurePowershell@5 task I used Powershell@2 task like below: -

    trigger:
- main

pool:
  vmImage: windows-latest

steps:
- task: PowerShell@2
  inputs:
    targetType: 'inline'
    script: |
      # Check if Az.Accounts module is installed, if not, install it
      if (-not (Get-Module -Name Az.Accounts -ListAvailable)) {
          Install-Module -Name Az.Accounts -Force -AllowClobber -Scope CurrentUser -Repository PSGallery -RequiredVersion 2.16.0
      } else {
          Update-Module -Name Az.Accounts -Force -AllowClobber -RequiredVersion 2.16.0
      }
      
      
      if (-not (Get-Module -Name Az.Resources -ListAvailable)) {
          Install-Module -Name Az.Resources -Force -AllowClobber -Scope CurrentUser -Repository PSGallery -RequiredVersion 6.16.0
      } else {
          
          $azAccountsVersion = (Get-InstalledModule -Name Az.Accounts).Version
          
          Install-Module -Name Az.Resources -Force -AllowClobber -Scope CurrentUser -Repository PSGallery -RequiredVersion $azAccountsVersion -AllowPrerelease
      }
      
      
      Get-InstalledModule -Name Az.Accounts, Az.Resources | Select-Object Name, Version
      
      $SecurePassword = ConvertTo-SecureString -String "q-xxxxxxxx_rsVKJKbRs" -AsPlainText -Force
      $TenantId = '83xxxxxx8592395'
      $ApplicationId = 'cxxxxxxxxxxxxxxb'
      $Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList $ApplicationId, $SecurePassword
      Connect-AzAccount -ServicePrincipal -TenantId $TenantId -Credential $Credential
      Get-AzADServicePrincipalAppRoleAssignment -ServicePrincipalId c0xxxxxxxxxx35cb

    Output: -

    enter image description here