I have a dashboard that invokes a PSU script under the integrated environment this dashboard uses the GrantAppToken switch and I also have Connect-PSUServer -ComputerName $Hostname -AppToken $PSUAppToken set at the top of my dashboard. I had it configured this way so I could see which user was invoking what script/job via the admin ui.
Ever since upgrading from 2.12 to v3 this functionality is no longer working for me.
I also noticed that when I run that script manually under the integrated (default) environment it doesn’t seem to have permissions to the api? Such as secret scope and basic things such as Get-PSUScript.
I was running into a few separate issues here but I believe it was just some misconfiguration on my end.
I was using the Invoke-PSUScript with the -integrated switch from a dashboard and this was showing that system was invoking the job via the admin ui. I was thinking there was an issue with the GrantAppToken.
The other issue I was running into was when I was calling that script (using the integrated environment) I was using some cmdlets such as Get-PSUScript without calling the Connect-PSUServer prior.
…
I was under the impression there was no need to call the Connect-PSUServer while using the integrated environment.
So I also found out that you cant use Get-PSUVariable without calling Connect-PSUServer first. I was doing this due to me calling invoke-psuscript with -credential. That switch takes in a variable type and not a PSCredentail object type.
The main goal is to run a script from a dashboard but ensure that the script is listed as being run by a particular user.
Connect-PSUServer doesn’t work any more
Integrated works but lists the job being run as system (this I have seen and we can fix this).
You should not need to call Connect-PSUServer when using the -Integrated switch on any cmdlet. It uses the gRPC channel (or directly in process) to run the commands rather than using the management API at all.
I would double check the app token being granted in a PWSH terminal to make sure it’s as expected to rule that out. I would also try using Invoke-PSUScript -AppToken instead of Connect-PSUServer to see if there is any difference there.
I’d love it if we could just make Invoke-PSUScript -Integrated work properly since it’s the easiest to implement and debug. I’ll open an issue for that.
I have various scripts that call other child scripts and to make it easier for other techs I have a dashboard that allows some form input and fires off said scripts and returns the output.
Here is a sample of a function that is in my parent driver script that calls a child script
The gRPC errors could definitely be a signal that something is not working correctly here. Can you actually open a case for this one? I want to take a closer look.
