Skip to content

Managed Run Command paramters are missing when run as a user #27767

New issue
New issue
Open
Open
Managed Run Command paramters are missing when run as a user#27767
Assignees
zhoxing-msyanzhudd
Labels
Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamComputeaz vm/vmss/image/disk/snapshotcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.potential-pruningquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that
Milestone
Backlog
@MatisseHack

Description

@MatisseHack
MatisseHack
opened on Nov 5, 2023

Describe the bug

Managed Run Command parameters only work when the script is run as the root user on Linux. --parameters and --protected-parameters are not respected when the --run-as-user CLI parameter is also present.

Related command

az vm run-command create \
    --resource-group <group> \
    --location <region> \
    --vm-name <vm> \
    --name <name> \
    --script 'echo $FOO $BAR' \
    --run-as-user <user> \
    --parameters FOO=foo \
    --protected-parameters BAR=bar

Errors

The above command properly prints foo bar when run without --run-as-user, but prints a blank line when run with --run-as-user

Issue script & Debug output

I can provide full debug output if needed, but I can see from the response that the variables are being passed properly. The issue seems to be with how the target VM processes the request.

{
  "asyncExecution": false,
  "errorBlobUri": null,
  "id": "/subscriptions/<subscription>/resourceGroups/<group>/providers/Microsoft.Compute/virtualMachines/<vm>/runCommands/<name>",
  "instanceView": null,
  "location": "<region>",
  "name": "<name>",
  "outputBlobUri": null,
  "parameters": [
    {
      "name": "FOO",
      "value": "foo"
    }
  ],
  "protectedParameters": null,
  "provisioningState": "Succeeded",
  "resourceGroup": "<group>",
  "runAsPassword": null,
  "runAsUser":"<user>",
  "source": {
    "commandId": null,
    "script": "echo $FOO $BAR",
    "scriptUri": null
  },
  "tags": null,
  "timeoutInSeconds": 0,
  "type": "Microsoft.Compute/virtualMachines/runCommands"
}

Expected behavior

--parameters and --protected-parameters should still work when --run-as-user is present.

Environment Summary

$ az --version
azure-cli                         2.53.1

core                              2.53.1
telemetry                          1.1.0

Extensions:
bastion                            0.2.5
ssh                                2.0.2

Dependencies:
msal                            1.24.0b2
azure-mgmt-resource             23.1.0b2

Python location '/usr/local/Cellar/azure-cli/2.53.1/libexec/bin/python'
Extensions directory '/Users/mhac/.azure/cliextensions'

Python (Darwin) 3.10.13 (main, Aug 24 2023, 22:48:59) [Clang 14.0.3 (clang-1403.0.22.14.1)]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

No response

Metadata

Metadata

Assignees

Labels

Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamComputeaz vm/vmss/image/disk/snapshotcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.potential-pruningquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions