Skip to content

Managed Run Command paramters are missing when run as a user #27767

Description

@MatisseHack

Describe the bug

Managed Run Command parameters only work when the script is run as the root user on Linux. --parameters and --protected-parameters are not respected when the --run-as-user CLI parameter is also present.

Related command

az vm run-command create \
    --resource-group <group> \
    --location <region> \
    --vm-name <vm> \
    --name <name> \
    --script 'echo $FOO $BAR' \
    --run-as-user <user> \
    --parameters FOO=foo \
    --protected-parameters BAR=bar

Errors

The above command properly prints foo bar when run without --run-as-user, but prints a blank line when run with --run-as-user

Issue script & Debug output

I can provide full debug output if needed, but I can see from the response that the variables are being passed properly. The issue seems to be with how the target VM processes the request.

{
  "asyncExecution": false,
  "errorBlobUri": null,
  "id": "/subscriptions/<subscription>/resourceGroups/<group>/providers/Microsoft.Compute/virtualMachines/<vm>/runCommands/<name>",
  "instanceView": null,
  "location": "<region>",
  "name": "<name>",
  "outputBlobUri": null,
  "parameters": [
    {
      "name": "FOO",
      "value": "foo"
    }
  ],
  "protectedParameters": null,
  "provisioningState": "Succeeded",
  "resourceGroup": "<group>",
  "runAsPassword": null,
  "runAsUser":"<user>",
  "source": {
    "commandId": null,
    "script": "echo $FOO $BAR",
    "scriptUri": null
  },
  "tags": null,
  "timeoutInSeconds": 0,
  "type": "Microsoft.Compute/virtualMachines/runCommands"
}

Expected behavior

--parameters and --protected-parameters should still work when --run-as-user is present.

Environment Summary

$ az --version
azure-cli                         2.53.1

core                              2.53.1
telemetry                          1.1.0

Extensions:
bastion                            0.2.5
ssh                                2.0.2

Dependencies:
msal                            1.24.0b2
azure-mgmt-resource             23.1.0b2

Python location '/usr/local/Cellar/azure-cli/2.53.1/libexec/bin/python'
Extensions directory '/Users/mhac/.azure/cliextensions'

Python (Darwin) 3.10.13 (main, Aug 24 2023, 22:48:59) [Clang 14.0.3 (clang-1403.0.22.14.1)]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

No response

Metadata

Metadata

Labels

Auto-AssignAuto assign by botAzure CLI TeamThe command of the issue is owned by Azure CLI teamComputeaz vm/vmss/image/disk/snapshotact-observability-squadcustomer-reportedIssues that are reported by GitHub users external to the Azure organization.potential-pruningquestionThe issue doesn't require a change to the product in order to be resolved. Most issues start as that

Type

No type
No fields configured for issues without a type.

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions