Getting 'Minimum TLS Version' setting of Azure webapp with Az PowerShell - azure-powershell

I have a PowerShell script that uses Az PowerShell modules to retrieve properties of all webapps within a resource group. Now, I also need to fetch the MinTlsVersion property as in below. Can I do it using one of Az modules?
When a call to Get-AzWebApp command is made in the script, a request is sent to /subscriptions/<s>/resourceGroups/<rg>/providers/Microsoft.Web/sites endpoint. The response object has property siteConfig set to null. Is there a way to call Get-AzWebApp such that the property is not null so I can use the minTlsVersion sub-property under the siteConfig object?
If there's no way to above:
I see that the client receives minTlsVersion by sending a GET request to /subscriptions/<s>/resourceGroups/<rg>/providers/Microsoft.Web/sites/<st>/config/web endpoint. Can we hit the same endpoint by using one of the Az PowerShell modules? Though, I would prefer a request that can return minTlsVersion of all webapps in a resource group in a single call.

You need to iterate through each app, try the command as below, it works on my side.
$grouname = "<resource-group-name>"
$apps = Get-AzWebApp -ResourceGroupName $grouname
$names = $apps.Name
foreach($name in $names){
$tls = (Get-AzWebApp -ResourceGroupName $grouname -Name $name).SiteConfig.MinTlsVersion
Write-Host "minTlsVersion of web app" $name "is" $tls
}

Related

How to update existing routing rule in Azure Frontdoor using PowerShell?

I need to update the backend pool (Maintenance) used by an existing routing rule in Azure Frontdoor to a different existing backend pool (Maintenance2). Here is the UI screen from where it can be done. Can someone advise on how to do this via PowerShell. I have tried via the cmdlets (https://learn.microsoft.com/en-us/powershell/module/az.frontdoor/set-azfrontdoor?view=azps-9.0.1 ) but unable to get the correct set of commands.
I have tried via the cmdlets (https://learn.microsoft.com/en-us/powershell/module/az.frontdoor/set-azfrontdoor?view=azps-9.0.1 ) but unable to get the correct set of commands.
In order to update the backend pool (Poo1) used by an existing routing rule in Azure Front Door to a different existing backend pool (Pool2).
Created a Front Door environment with backend Pools [Pool1/Pool2] which they are pointing to routing rules
Pool1 -> Rule1 and Pool2 -> Rules2
Click on Rule1
WorkAround:
Login into Powershell
tag to the current subscription where Front Door was created. using below command
az account set --subscription "******-****-****-****-*********"
Verify the Backend Pool on Front Door using this command
az network front-door backend-pool list --front-door-name "FrontDoorName" --resource-group "ResoruceGroupName"
Update Backend Pool for Rule1 from pool1 to pool2
using below command
az network front-door routing-rule update --front-door-name "Front Door Name" --name "Rule Name" --resource-group "Resource Group Name" --backend-pool "New Backend Pool"
example:
az network front-door routing-rule update --front-door-name "testfrontdoor" --name "Rule1" --resource-group "rg-testdemo" --backend-pool "pool2"
Output:
Resulted output on Front Door Rule1
Now Rule1 is points to Backend Pool "Pool2" instead of original one "Pool1".
Thank you Swarna. The solution provided is in CLI and the question was for powershell.
I was able to figure out how to do this in PowerShell. It requires the use of 3 Azure PS cmdlets- Get-AzFrontDoor, New-AzFrontDoorRoutingRuleObject and Set-AzFrontDoor. The way it works in the background is that when an update is performed on the Routing Rule, the routing rule is deleted and recreated with the changes. In-order to do this via PS, we have to get the existing frontdoor properties, routing rule properties and put the changes in New-AzFrontDoorRoutingRuleObject. Lastly use Set-AzFrontDoor to apply the changes to frontdoor.
$subscription='Sub1'
Select-AzSubscription $Sub1
$frontdoorName='Frontdoor1'
$resourcegroupname='fdrrg'
$MaintenanceBackPool='Maintenance2'
$PrimaryBackPool='Maintenance1'
$RoutingRuleName='Route1'
#get the current frontdoor property object
$frontdoorobj=Get-AzFrontDoor -ResourceGroupName $resourcegroupname -Name $frontdoorName
#get the Routing Rules and filter the one which needs to be modified
$RoutingRuleUpdate=$frontdoorobj.RoutingRules
$RoutingRuleUpdate2=$RoutingRuleUpdate|Where-Object {$_.Name -contains $RoutingRuleName}
#get the list of all frontendendpointIds as an array (this is required to account for more than 1 frontends/domains associated with the routing rule)
#Perform string manipulation to get the frontend/domain name from the ID
[String[]] $frontdoorHostnames=$RoutingRuleUpdate2.FrontendEndpointIds | ForEach-Object {"$PSItem" -replace '.*/'}
#get the position of the Routing Rule (to be modified) in the Routing Rules collection
$i=[array]::indexof($RoutingRuleUpdate.Name,$RoutingRuleName)
#Update the Routing Rule object with the changes needed- in this case a different backendpool
$updatedRouteObj=New-AzFrontDoorRoutingRuleObject -Name $RoutingRuleUpdate[$i].Name  -FrontDoorName $frontDoorName -ResourceGroupName $resourcegroupname -FrontendEndpointName $frontdoorHostnames -BackendPoolName $MaintenanceBackPool
$RoutingRuleUpdate[$i]=$updatedRouteObj
#Finally update the frontdoor object with the change in Routing Rule
Set-AzFrontDoor -InputObject $frontdoorobj -RoutingRule $RoutingRuleUpdate
Write-Output "Successfully Updated RoutingRule:$RoutingRuleName to backendpool:$MaintenanceBackPool"**

Is it possible to have a parameter within a parameter when using Invoke-WebRequest?

I'm trying to configure my websites using the integrated API for Incapsula and I've run into a situation where the particular setting I'm trying to configure has it's own parameter that can be set. I'm already using a parameter to pass through with the API call when using Invoke-WebRequest.
If I only want to configure a single setting, the parameter looks like this:
$params = #{account_id='123456';api_id='98765';api_key='furhtjf-adkjoei-ekjmvnt';`
site_id='999999';param='async_validation';value='true'
}
$webRequest = Invoke-WebRequest https://my.incapsula.com/api/prov/v1/sites/performance/advanced `
-Method Post -Body $params
As you can see here in this screenshot there are multiple parameters that I can specify:
I can make an API call for each setting that I want to configure, but that's just not efficient. So, how can I set all of them at the same time?

Solarwinds API Poll Now

In the SolarWinds user interface, there is a button you can click within a switch or interface view to "Poll Now", instead of waiting for the regularly scheduled poll. I have been trying to figure out a way to recreate this functionality using the SolarWinds API. I've looked through this page, and it seems like I will need to use either the 'invoke' or 'update' operations, but there is almost no information on the actual usage. I have also tried examining the Javascript in the user interface, and can't make heads or tails of it.
I'm wondering if someone can point me towards some useful documentation as to what operations are actually available in the API (the 'invoke' operation requires you to give a 'verb' as an argument, but I can't find any kind of list or documentation as to what verbs are available). Does anyone know of any resources?
If you look at Orion.Nodes SWIS Entity you can see in the bottom "PollNow" SWIS Verb. Unfortunatelly it is not so well documented what parameters it actually has (it can be seen in SWQL Studio though). But you should be able to do it this way using Powershell:
$orionHost = "<hostname where orion is installed>"
$orionUsername = "Admin" # fill login username to orion
$orionPassword = "Pass" # fill login password to orion, this example counts that this is not empty string
$nodeIdToPoll = 1; # put id of the node
$Entity = "Orion.Nodes"
$Verb = "PollNow"
$Data = #($nodeIdToPoll)
[System.Net.ServicePointManager]::ServerCertificateValidationCallback = {$true}
$credentials = new-object PSCredential ($orionUsername , (ConvertTo-SecureString $orionPassword -AsPlainText -Force))
Invoke-RestMethod "https://$($orionHost):17778/SolarWinds/InformationService/v3/Json/Invoke/$Entity/$Verb" `
-Method POST `
-Body (ConvertTo-Json -InputObject $Data) `
-Credential $credentials `
-ContentType "application/json"

AccessDeniedException when writing into JCR (JackRabbit) [Magnolia]

I wrote a request filter for geoIP localization. It works the way that I request an external service for the localization and then write the information into JCR, into a dedicated workspace for caching/storage.
On the author instance this works, but on the public instance I constantly get a AccessDeniedException. I probably need to authenticate with the JCR, and I tried that too, using the crendentials from the magnolia.properties file:
magnolia.connection.jcr.userId = username
magnolia.connection.jcr.password = password
And this code for authentication:
Session session = MgnlContext.getJCRSession(WORKSPACE_IP_ADDRESSES);
session.impersonate(new SimpleCredentials("username", "password".toCharArray()));
I have the this xml to bootstrap the filter, and a FilterOrdering Task, configured as follows:
tasks.add(new FilterOrderingTask("geoIp", new String[] { "contentType", "login", "logout", "csrfSecurity",
"range", "cache", "virtualURI" }));
What am I missing?
What would be the proper to write into the JCR in Magnolia on the public instance?
Yeah, that could not work :D
Is your filter configured in Magnolia's filter chain or directly in web.xml? It needs to live in filter chain and it needs to be configured somewhere down the chain after the security filters so that user is already authenticated.
Then you can simply call MgnlContext.getJCRSession("workspace_name") to get access to repo and do whatever you need.
HTH,
Jan

Powershell WCF Response (Headers and Cookies)

Using Powershell, how do I connect to a WCF web service using New-WebServiceProxy, and retrieve the response header information including cookie data? I have scoured the net and can't find any relevant information, other than stepping away from use of New-WebServiceProxy.
My current PS script looks like...
$authSvc = New-WebServiceProxy –Uri ‘http://myserver/Services/AuthenticationService.svc?WSDL’
$LoginResults = $true
$authSvc.Login('user1', 'abc123', $null, $true, $true, [ref] $LoginResults, [ref] $null)
... Seems there must be additional hooks into the New-WebServiceProxy that expose the header data, but I can't seem to identify it. Using C# (just a test console app), I have been able to invoke this web service and retrieve cookie data, so I know the service is functioning correctly.
Thoughts?
OK - I think I have an answer to my own question. Placing here for others trying the same thing.
The trick is to use the CookieContainer object which is intrinsic to the New-WebServiceProxy object. The CookieContainer has a CookieCollection in it. This collection can be enumerated. Elaborating on my example in the question, I show how to expose cookie information returned from the web service call...
$authSvc = New-WebServiceProxy –Uri ‘http://myserver/Services/AuthenticationService.svc?WSDL’
$authSvc.CookieContainer = New-Object System.Net.CookieContainer
$LoginResults = $true
$authSvc.Login('user1', 'abc123', $null, $true, $true, [ref] $LoginResults, [ref] $null)
$CookieCollection = $authSvc.CookieContainer.GetCookies(‘http://myserver/Services/AuthenticationService.svc?WSDL’)
foreach($cookie in $CookieCollection)
{
echo $cookie.Name
echo $cookie.Value
}
If I use the Get-Member method of the service...
$authSvc | Get-Member
... I then can see all the exposed methods the service allows. The CookieContainer happens to be one of these. Other relevant properties exposed are (but not limited to)...
ClientCertificates
Credentials
RequestEncoding
SoapVersion
Url
UserAgent