Is there a command I can use in Azure CLI to pull the auto generated URL Azure provides when a static web app is created? I need it for automation purposes as at the moment the pipeline needs manual intervention to obtain it. I have searched and searched so its either not possible or I'm missing something.
To get the auto-generated URL of static web app, the following GitHub Az CLI SWA Doc reference and commands I used:
az staticwebapp show --name krishtestapp-swa --query "defaultHostname"
This command gives the host URL of Azure Static web App.
az staticwebapp show --name krishtestapp-swa --query "repositoryUrl"
This command gives the host URL of Azure Static Web App Original Repository.
Related
We've been having some issues getting Fastlane Match to work in Gitlab CI using access tokens from within an existing CI pipeline.
The setup:
Repo for storing the certs / profiles: set up during fastlane init. We'll call this the "Cert Repo".
Repo for our React Native project: uses fastlane to handle builds/uploading to App Center and Testflight. We'll call this the "Project Repo"
Setup of match via match init went fine. We did the setup via terminal on the build server.
In our Matchfile:
gitlab_project("PATH_TO_CERT_REPO_HERE")
storage_mode("gitlab_secure_files")
app_identifier(["APP_IDENTIFIER_HERE"])
username("APPLE_ACCOUNT_USERNAME_HERE")
keychain_password("KEYCHAIN_PW_HERE")
team_id("TEAM_ID_HERE")
We had to pass in some env vars to the command for our gitlab enterprise api url (as "CI_API_V4_URL" and the Cert Repo access token as "PRIVATE_TOKEN"
We ran match for all cert/profile types we needed and they all uploaded to the secure files section of the Cert Repo correctly.
The Problem:
Our branches in the Project Repo use Gitlab CI to run various scripts and call a fastlane lane that will do the versioning, certs/profiles, and then upload the build to App Center or Testflight.
When we run match in readonly mode in our lane this way, match is failing with a 401 error.
Looking into the source for match and secure files for storage, it seems if you have a PRIVATE_TOKEN env var set, match will give a warning that you have both JOB_TOKEN and PRIVATE_TOKEN set and it will use the JOB_TOKEN.
The JOB_TOKEN is provided via Gitlab CI itself.
My guess is the JOB_TOKEN for this pipeline is not a valid token to authenticate against the CERT_REPO, which match needs to download the certs/profiles.
How is this supposed to work if I can't pass in a token for match to use for the CERT_REPO?
If we were using normal git storage, you can pass in the git_basic_authorization argument and give the base64 encoded "username:acces_token" string, which I'm assuming would solve the problem.
But using gitlab_secure_files, you can only use tokens.
Before we go and redo everything to use git storage and not gitlab secure files, can someone explain what we're missing here?
How is match supposed to authenticate with the Cert Repo from within the Project Repo in CI if the token it has is for the Project Repo? Doesn't it need the token for the Cert Repo to authenticate?
We have a test GCloud OAuth app, and I'd like to add&remove extra redirect URIs to it from the CLI.
We have a Gitlab CI/CD job that creates a review env for our stack -> and we have apps that use Google Login in this stack. These review envs run on k8s, and each one of the envs have a unique URL.
It'd be nice if we could add the valid redirect URI to Google's config when the review env is created & remove this URL when the MR is closed. But I cannot found any gcloud cli app which can do this.
Is there any gcloud utils which can modify the OAuth2 Client app configs on the gcloud?
What I want
I have a python backend application, using a service account, running in docker.
I have a cloud build trigger that is connected to a bitbucket repository. This trigger uses a webhook. For revision I use tags.
I want to trigger this webhook with my backend application. I want to provide a specific tag (using a placeholder variable).
I want the backend to give me a list of all available tags (like I get on the console.google.com frontend, see screenshot)
What I tried
I tried this API endpoint using a Bearer token (which works fine), but it doesn't provide me with a tag list: Source Repo API
curl https://sourcerepo.googleapis.com/v1/projects/<project>/repos/<repo>' --header "Authorization: Bearer $(gcloud auth print-access-token)" --header 'Accept: application/json'
Because it is possible to retrieve all tags in the cloud console, I used the developer tools to find the endpoint that provides me with all available tags:
https://console.cloud.google.com/m/source/repos/get?project=<project>&repo=<repo>
My issue here is that it takes cookies to authenticate, if I use the Bearer token it does not work.
Is it possible to authenticate my service account automatically against console.google.com to use this endpoint? Or is there another way to get a list of tags?
From what you have explained I understand that your concerns are:
1. If there is a way to get the list of tags from your repository that you are able to see in the GCP console using the endpoint that you have found.
The information that the console displays regarding tags do not come from any REST or gRPC API (the APIs provided by Google), but rather it comes directly from the git API. The console frontend runs a command similar to git tag in order to get the tags from your repository. The tags are not stored within the GCP system, the console only queries the git repo for the tags.
2. Can I authenticate with a service account on the console?
No. The APIs used by the web frontends (i.e. APIs starting with https://console.cloud.google.com) will only allow cookie authentication, which only user accounts can obtain. There is usually a way to translate a frontend API (https://console.cloud.google.com) to a GCP API (https://*.googleapis.com), where you can use regular authentication to retrieve the information. However,in this case, the tag information is not in a GCP API (but rather inside the git repo), so there is no translation available.
3. If there is another way to list the possible tags present in the repository?
I tried to reproduce your situation to find a way to be able to get the list of the tags present in one repository, in this case a Bitbucket repository, and I found that you will be able to get this data using the $ git tag command. In this documentation you will be able to find all the commands related to Repository tags.
Knowing this, after linking the Bitbucket Repository to my code, I was able to get the list of tags after using the $ git tag command.
I need to configure Azure Active Directory SSO for Tableau Server gallery app as it is under MS documentation link programmatically. Are there useful powershell cmdlets / rest apis?
I create application from gallery using graph api from Step 1 on MS docs.
To get available templates:
GET https://graph.microsoft.com/beta/applicationTemplates
To create template app:
POST https://graph.microsoft.com/beta/applicationTemplates/{id}/instantiate
Now I need to configure SAML SSO from code and assign users. Is there an easy way to do that? I tried Set-AzureADApplication but it didn't do the job for me. The enterprise application is still not set.
Maybe it's not supported yet? I believe there can be some workaround. I would be grateful for any help.
Are there useful powershell cmdlets / rest apis?
Yes, but per my test, we need to do that into two parts.
1.Set the Sign-on URL, to do this, we need to call Microsoft Graph - Update serviceprincipal.
In the Graph Explorer, use the request below.
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"loginUrl": "https://azure.signtest.link"
}
Note: In the request above, you need to use the object-id of the service principal(Enterprise application), not the AD App(App registeration). You can find it in the Azure AD in the portal -> Enterprise Application -> find your Tableau Server -> get the Object ID like below.
2.Set the Identifier and Reply URL, we could do this via Powershell Set-AzureADApplication.
Sample:
$Identifiers = #(
"http://www.tableau.com/products/server",
"https://azure.idtest.link"
)
$ReplyUrls = #(
"https://azure.rptest.link/wg/saml/SSO/index.html"
)
Set-AzureADApplication -ObjectId <object-id of the AD App> -IdentifierUris $Identifiers -ReplyUrls $ReplyUrls
For the object-id of the AD App, navigate to the Azure AD in the portal -> App registrations -> find your Tableau Server. After running the command, the settings will map to the enterprise application.
Check the result in the portal:
Update:
Not sure if it is a bug, if I create a new app without setting the Identifier and Reply URL manually in the portal, then just use the powershell above to set them, they will not map to the portal.
But if we check the service principal(enterprise application) directly via Microsoft Graph, we can see the powershell actually affected the service principal.
If we configure the settings manually in the portal first, then use the powershell to update them with other values, it works.
And it looks there is no way to set the Default Reply URL via powrshell or API, if we set the Reply URL which is different from the one set manually in the portal, it will have a prompt like below.
But if we look into it, actually the Default option is checked.
Update2:
Eventually, I find the trick, it is not a bug, we just need to set the preferredSingleSignOnMode for the service principal first via Microsoft Graph, then we won't need to configure that in the portal manually.
Sample:
PATCH https://graph.microsoft.com/beta/servicePrincipals/<object-id of the service principal>
{
"preferredSingleSignOnMode":"saml",
"loginUrl": "https://azure.signtest.link"
}
I'm going to setup this Example for Amazon Cognito Sync demo, using Eclipse + ADK + AWS libs V2.9.
I created an identity pool in the Cognito Console, so I got the Identity Pool ID which is used in CognitoSyncClientManager.java at:
private static final String IDENTITY_POOL_ID = "us-east-1:1a23b013-1abc-123-b123-123abc1fe5";
private static final Regions REGION = Regions.US_EAST_1;**
(perhaps not all regions seem to run in test mode)
I registered my (developing-)app in the Seller Central with Eclipse Help>Android>Bild>MD5 fingerprint and the package-name from AndroidManifest.xml, so got my api_key.txt Value.
From the AWS doku I got my Provider URL (code as sample), which is used in DeveloperAuthenticationProvider.java at:
private static final String developerProvider = "cognito-sync.us-east-1.amazonaws.com";
private static final String cognitoSampleDeveloperAuthenticationAppEndpoint = "arn:aws:iam::123456789123:role/Cognito_TestMyAppAuth_DefaultRole"
private static final String cognitoSampleDeveloperAuthenticationAppName = "Cognito sync demo";
After creating some Users which are attached to groups with permissions to IAM full access and (auto)generated roles for unautherized and autherized Roles, my app is running in this way:
Login with Amazon - is running, but where will their datasets be created and is it possible I see them in the AWS Console?
Simple Browse your data (without login) - is running, unauthenticated users and their datasets appear/are counted in the Identity console
Developer Authentication fails with Username or password do not match - combined with an "Unable to reach resource..." in the LogCat.
Now I think, the last missing thing in this game is the parameter cognitoSampleDeveloperAuthenticationAppEndpoint=...
Where can I find it and what else could I have missed to setup for a full running Example?
Thanks for using Cognito demo. Answers to your questions
Yes, you can see the datasets in the AWS console. Navigate to Cognito inside the AWS Console and go to your identity pool. On the left hand side menu go to identity browser and you will see the list of identities or you can search for an identity. Click on the identity and you can see the datasets owned by that identity.
Developer Authentication is a feature which helps to integrate your authentication system with Cognito. For this you should have a backend server serving user's authentication requests, and once you authenticate users you can request OpenId Connect tokens for them from Cognito using the GetOpenIdTokenForDeveloperIdentity API call. The developer provider name is the one which you setup for your identity pool in the AWS Cognito console. For using the sample you can setup a sample server application by following this blog and the readme file of the the server side application.
P.S.: Please avoid sharing your identity pool id.
Thanks,
Rachit