Set-AzureADMSTrustFrameworkPolicy powershell cmdlet works on laptop but not in github actions. No changes done
I have created a service principle in Azure AD B2C and want to upload TrustFrameworkExtensions.xml file to it using Set-AzureADMSTrustFrameworkPolicy powershell cmdlet in GHA. Everything in this works for me except the last line. I get an error Set-AzureADMSTrustFrameworkPolicy is not know cmdlet even though I am able to successfully import Powershell AzureADPreview module without any issues. I am pulling my hair out to figure this out.
Also note this works on my laptop. But i am getting an error while running it in github actions. I am running windows powershell
this is the error:
Set-AzureADMSTrustFrameworkPolicy : The term 'Set-AzureADMSTrustFrameworkPolicy' is not recognized as the name of a
cmdlet, function, script file, or operable program. Check the spelling of the name, or if a path was included, verify
that the path is correct and try again.
At D:\a\_temp\e4c3721f-2770-44f1-897e-b9434474d966.ps1:23 char:1
+ Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_TrustFrameworkExtensions ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : ObjectNotFound: (Set-AzureADMSTrustFrameworkPolicy:String) [], ParentContainsErrorRecord
Exception
+ FullyQualifiedErrorId : CommandNotFoundException
Error: Process completed with exit code 1.
This is the code:
run-script:
runs-on: windows-latest # Run on Windows for PowerShell compatibility
steps:
- name: Checkout repository
uses: actions/checkout@v3
- name: Azure login
uses: azure/login@v2
with:
creds: ${{ secrets.AZURE_CREDENTIALS }}
- name: Upload Files to Azure AD B2C
run: |
Install-Module -Name AzureADPreview -Scope CurrentUser -Force -AllowClobber
Import-Module AzureADPreview
if (Get-Module -Name AzureADPreview -ListAvailable) {
Write-Host "AzureADPreview module is installed."
} else {
Write-Host "AzureADPreview module is not installed."
}
az login --service-principal --username $service-principal-clientId --password $service-principal-password --tenant $tenantId --allow-no-subscriptions
$aadToken = az account get-access-token --resource-type aad-graph | ConvertFrom-Json
$graphToken = az account get-access-token --resource-type ms-graph | ConvertFrom-Json
Connect-AzureAD -AadAccessToken $aadToken.accessToken -AccountId $service-principal-clientId -TenantId $tenantId -MsAccessToken $graphToken.accessToken
Set-AzureADMSTrustFrameworkPolicy -Id B2C_1A_TrustFrameworkExtensions -InputFilePath .\Templates\TrustFrameworkExtensions.xml
shell: powershell
```
Solution
Note that:
AzureAD,AzureADPreviewmodules are deprecated, you need make use of Microsoft Graph Module or any other modules to perform the action. Refer this blog
Hence as a workaround, I used Microsoft Graph API query to upload custom policy like below:
I uploaded the policy in the GitHub repository:
And used the below yml file to upload the policy:
name: Azure AD B2C Policy Upload
on:
push:
branches:
- main
jobs:
install-and-upload:
runs-on: windows-latest # Use a Windows runner
steps:
- name: Checkout code
uses: actions/checkout@v3 # Checkout your repository code to access the PowerShell script
- name: Azure login
run: |
# Log in to Azure using the service principal credentials directly
az login --service-principal --username "B2CAppClientID" --password "B2CAppClientSecret" --tenant "B2CTenantID" --allow-no-subscriptions
# Get the access token for Microsoft Graph API
access_token=$(az account get-access-token --resource-type ms-graph --query accessToken -o tsv | tr -d '\r')
# Define the path to your policy file
policy_file="B2C_1A_TESTPOLICY.xml"
# Upload the policy file to Azure AD B2C
az rest --method post \
--uri "https://graph.microsoft.com/beta/trustFramework/policies" \
--headers "Content-Type=application/xml" "Authorization=Bearer $access_token" \
--body "@$policy_file"
shell: bash
The policy uploaded successfully:
- Also make sure to grant
Policy.ReadWrite.TrustFrameworkAPI permission:
- Refer this MsDoc, to perform different operations on custom policy.
- Otherwise, refer Deploy custom policies with GitHub Actions - Azure AD B2C | Microsoft to know more in detail.
- You can also make use of direct PowerShell commands like
New-MgBetaTrustFrameworkPolicy,Update-MgBetaTrustFrameworkPolicyto create, update respectively. Refer this GitHub blog
- VM has reported a failure when processing extension AzureDiskEncryption
- How to pass secrets downloaded from Azure KeyVault as parameters to an Azure Function?
- Trigger / queue build policy pipeline on ADO PR with Azure CLI
- Azure AD B2C Password Reset
- Batch create mailbox folders with GRAPH API (from Graph Explorer)
- Azure Web App on Linux: "Error: Container didn't respond to HTTP pings on port: 8080" - when using: "start": "pm2 start server.js"
- How can I apply name=value tags to service principals in Azure?
- Visual Studio Code: Could not find $web blob container for storage account
- Error when registering data factory integration runtime on windows VM
- Retrieve list of repositories and their tag versions in one call
- Getting Error while running Azure DevOps Pipeline "Error: building account: could not acquire access token to parse claims: clientCredentialsToken
- Create Resource Group with Azure Management C# API
- Azure LDAP Authentication Connection Refused On Cloud Server or Other Desktops
- Create a gpu nodepool on azure with a student account
- How to set redirect URLs to b2clogin.com for Azure Active Directory B2C in React JS application
- Cannot connect to SQL Server from logic app
- How to Resolve Errors When Running Python Jobs in Azure App Service WebJobs
- How do I open Kudu console in Azure functions consumption plan?
- Azure AutoML Image Classification Job
- Onedrive GRAPH API - 403 when getting user's OneDrive
- Azure Government Get incidents returns 401 Forbidden
- Delta Table Partitioning - why only for tables bigger than 1 TB
- How to check if an Azure storage queue has messages
- Azure WAF exclusion, what's the difference between RequestArgNames and RequestArgValues?
- How to order results of a query by the results of an aggregate function in ComosDb?
- Azure routing between different subscriptions - force one, common outbound IP and share Site-to-site (IPSec) defined in Virtual network gateway
- Bot Framework Python SDK ErrorResponseException: Operation returned an invalid status code 'Unauthorized'
- Azure DevOps - Create a work item from incoming email
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How do I fix SerializationNotSupportedParentType and ThrowNotSupportedException_ConstructorContainsNullParameterNames exception in System.Text.Json?