How can I delete old unused iot hub message route event hub endpoints?
You can find your endpoint in the Custom endpoints screen. You can delete them there.
You can delete the endpoints if you are not using actively. You can delete endpoints using CLI or through Azure portal.
Note: Recommend you to delete any routes to the endpoint, before deleting the endpoint.
Using Portal:
Goto Your Azure IoT Hub --> Message Routing --> Custom Endpoints --> Select/Choose one or multiple --> Delete
Using CLI:
az iot hub routing-endpoint delete [--endpoint-name]
[--endpoint-type {azurestoragecontainer, eventhub, servicebusqueue, servicebustopic}]
[--hub-name]
[--ids]
[--resource-group]
Example :
az iot hub routing-endpoint delete --resource-group YourResourceGroup --hub-name YourIotHub --endpoint-name eventhub-sendreceive-ep
See az iot hub routing-endpoint delete for more details.
Related
I am getting following error while running DataFlow pipeline
Error reporting inventory checksum: code: "Unauthenticated", message: "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid authentication credential.
We have created service account dataflow#12345678.iam.gserviceaccount.com with following roles
BigQuery Data Editor
Cloud KMS CryptoKey Decrypter
Dataflow Worker
Logs Writer
Monitoring Metric Writer
Pub/Sub Subscriber
Pub/Sub Viewer
Storage Object Creator
And in our python code we are using import google.auth
Any idea what am I missing here ?
I do not believe I need to create key for SA , however I am not sure if "OAuth 2 access token" for SA need to be created ? If yes how ?
This was the issue in my case https://cloud.google.com/dataflow/docs/guides/common-errors#lookup-policies
If you are trying to access a service through HTTP, with a custom request (not using a client library), you can obtain a OAuth2 token for that service account using the metadata server of the worker VM. See this example for Cloud Run, you can use the same code snippet in Dataflow to get a token and use it with your custom HTTP request:
https://cloud.google.com/run/docs/authenticating/service-to-service#acquire-token
Tasks are delete the blob storage then upload the built Jekyll site.
Output
Error Code: [1]
Error: Azure login failed
Script failed with error: Get Token request returned http error: 401 and server response: {"error":"invalid_client","error_description":"AADSTS7000222: The provided client secret keys are expired. Visit the Azure Portal to create new keys for your app, or consider using certificate credentials for added security:
...
...
,"error_uri":"https://login.microsoftonline.com/error?code=7000222"
Issue probably to overcome is that the account in Azure Devops existed as an Azure Subscription. The actual subscription used for the blob storage is different to that but the Devops login did have access to it. But now the Devops Azure subscription has expired, but I can still log into Azure with that account (and Azure Devops still works with it).
I have tried regenerating the storage key. I have tried adding the key to the delete and upload storage commmands:
az storage blob delete-batch --source $(containerName) --account-name $(storageAccount) --output table
az storage blob upload-batch --source _site --destination $(containerName) --account-name $(storageAccount) --output table --no-progress
Finally solved my problem:
Had to create a new (Service Connection ((Project Settings) - Pipelines/Service Connection) for the Pipeline, Azure Resource Manger type, Service Principal (Auto), with the new credentials, make sure the secret is renewed with this. Do a [Verify] Then select that for the two tasks.
I have posted a detailed how-to blog for this:
https://davidjones.sportronics.com.au/web/Azure_Devops-Blob_Storage_Credentials-mm-web.html
I need to configure Azure Active Directory SSO for Tableau Server gallery app as it is under MS documentation link programmatically. Are there useful powershell cmdlets / rest apis?
I create application from gallery using graph api from Step 1 on MS docs.
To get available templates:
GET https://graph.microsoft.com/beta/applicationTemplates
To create template app:
POST https://graph.microsoft.com/beta/applicationTemplates/{id}/instantiate
Now I need to configure SAML SSO from code and assign users. Is there an easy way to do that? I tried Set-AzureADApplication but it didn't do the job for me. The enterprise application is still not set.
Maybe it's not supported yet? I believe there can be some workaround. I would be grateful for any help.
Are there useful powershell cmdlets / rest apis?
Yes, but per my test, we need to do that into two parts.
1.Set the Sign-on URL, to do this, we need to call Microsoft Graph - Update serviceprincipal.
In the Graph Explorer, use the request below.
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"loginUrl": "https://azure.signtest.link"
}
Note: In the request above, you need to use the object-id of the service principal(Enterprise application), not the AD App(App registeration). You can find it in the Azure AD in the portal -> Enterprise Application -> find your Tableau Server -> get the Object ID like below.
2.Set the Identifier and Reply URL, we could do this via Powershell Set-AzureADApplication.
Sample:
$Identifiers = #(
"http://www.tableau.com/products/server",
"https://azure.idtest.link"
)
$ReplyUrls = #(
"https://azure.rptest.link/wg/saml/SSO/index.html"
)
Set-AzureADApplication -ObjectId <object-id of the AD App> -IdentifierUris $Identifiers -ReplyUrls $ReplyUrls
For the object-id of the AD App, navigate to the Azure AD in the portal -> App registrations -> find your Tableau Server. After running the command, the settings will map to the enterprise application.
Check the result in the portal:
Update:
Not sure if it is a bug, if I create a new app without setting the Identifier and Reply URL manually in the portal, then just use the powershell above to set them, they will not map to the portal.
But if we check the service principal(enterprise application) directly via Microsoft Graph, we can see the powershell actually affected the service principal.
If we configure the settings manually in the portal first, then use the powershell to update them with other values, it works.
And it looks there is no way to set the Default Reply URL via powrshell or API, if we set the Reply URL which is different from the one set manually in the portal, it will have a prompt like below.
But if we look into it, actually the Default option is checked.
Update2:
Eventually, I find the trick, it is not a bug, we just need to set the preferredSingleSignOnMode for the service principal first via Microsoft Graph, then we won't need to configure that in the portal manually.
Sample:
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"preferredSingleSignOnMode":"saml",
"loginUrl": "https://azure.signtest.link"
}
I am using amazon sns mobile push for sending push notifications.For registering the device token with amazon I am using the CreatePlatformEndpoint.
As per amazon documentation(http://docs.aws.amazon.com/sns/latest/api/API_CreatePlatformEndpoint.html) :
The CreatePlatformEndpoint action is idempotent, so if the requester already owns an endpoint with the same device token and attributes, that endpoint's ARN is returned without creating a new endpoint.
But when I use the CreatePlatformEndpoint I am able to register the same token with the same attributes(User data) multiple times(upto 3 times). Not able to understand this behaviour.
chetna bhandari,
I was having this problem. I have a platform application for iOS (APNS) and another one for Android (GCM). For iOS, the method createPlatformEndpoint works fine. But for Android, creates multiples endpoints (up to 3, just like you) with same token. Next time I tried to use createPlatformEndpoint, throws an exception.
The correct way to do this is storing the endpoint in your application. If it's not stored yet, create and store.
Then, the pseudo-code is:
retrieve the latest device token from the mobile operating system
if (the platform endpoint ARN is not stored)
# this is a first-time registration
call create platform endpoint
store the returned platform endpoint ARN
endif
call get endpoint attributes on the platform endpoint ARN
if (while getting the attributes a not-found exception is thrown)
# the platform endpoint was deleted
call create platform endpoint with the latest device token
store the returned platform endpoint ARN
else
if (the device token in the endpoint does not match the latest one) or
(get endpoint attributes shows the endpoint as disabled)
call set endpoint attributes to set the latest device token and then
enable the platform endpoint
endif
endif
You can see in this link:
Create a Platform Endpoint and Manage Device Tokens
Can someone please explain to me how to log when an API has been created in WSO2 API Manager v1.9.0?
Enable debug log in api manager to see the log when API is created.
Go to <APIM_HOME>/repository/conf/log4j.properties file and add the following line
log4j.logger.org.wso2.carbon.apimgt.impl=DEBUG
and restart the server you can see log when api created as below
ex:
DEBUG - APIProviderImpl API Name: WeatherAPI, API Version 1.0.0 created