In the Azure Powershell version 0.8 and 0.9, there is command
Get-AzureResource -ResourceGroupName "RGName" -OutputObjectFormat New
And, It returns the resources in the mentioned Resource Group of Azure. It necessitates the azure mode to be ARM mode.
But, in the Azure PowerShell version 1.2 and above
Get-AzureRMResource -ResourceGroupName "RGName"
fails to provide the resources present in a Resource Group. It needs further parameters like "ResourceID" or "ResourceName" which makes it resource specific.
What I need is that, it should return all the resources in a resource group.
Is it a bug with the newer version or am I missing something!
Suggest
You can use Find-AzureRmResource:
Find-AzureRmResource -ResourceGroupNameContains "RGName"
The Get-AzureRMResource PowerShell Command is implemented from REST API. If you check the REST API of listing resources in a resource group. You will see something like this.
https://management.azure.com/subscriptions/<Subscription ID>/resourceGroups/<resource group name>/resources?api-version=2015-01-01
And, if you add -debug option to Get-AzureRMResource -ResourceId <the resource id>, you will find the REST API it's using.
https://management.azure.com<the resource id>?api-version=2015-01-01
Comparing this two REST API, you will see that the following PowerShell command will list the resources in a resource group.
Get-AzureRmResource -ResourceId "/subscriptions/<Subscription ID>/resourceGroups/<resource group name>/resources"
I know it's tricky, but it does work.
Try
Get-AzureRmResource | where {$_.ResourceGroupName -eq "RG"}
Get the resource group in an object
$groups = Get-AzureRmResourceGroup -Name $RG_Name
fetch all the resources of a resource group in a variable
$t=(Find-AzureRmResource -ResourceGroupNameEquals
$groups.ResourceGroupName).ResourceName
Related
Does anyone have an idea how to "undeploy" an API proxy from an "archive" type Apigee-x environment? It seems like it can't be done from the Apigee UI, it throws an error:
"This operation is not supported. The Environment DeploymentType is ARCHIVE. The required Environment DeploymentType is PROXY".
The environment type can't be changed. The available CLI commands are "delete", "deploy", "describe", "list", "update" (no "undeploy" command found), "delete" doesn't work as it can't delete an active deployment. The final goal is to be able to delete the environment, which requires to remove/undeploy all API proxies from it first.
I found a solution. The "undeploy" feature I was looking for is not included in the current Apigee-x release. On the Apigee community, Google staff stated that they are looking into implementing it at some point. Until then there is a workaround, where one can deploy an archive with no deployments defined to the environment. Once this is done the Proxy is "undeployed" and the environment could be deleted. Here is the step-by-step process of doing it.
I have been struggling a lot to find Microsoft documentation on Azure Synapse Analytics to provision Managed Private Endpoints using powershell or CLI?
I can easily do it thru Azure Portal (basically thru Studio) but we want to do it as part of our Azure DevOps pipeline and provision the Managed Private endpoints (not the customer private endpoints) thru Powershell/CLI.
Any help?
Thank you
In the updated PowerShell module, there is now a powershell commandlet available: New-AzSynapseManagedPrivateEndpoint.
This should be the way to go. If you don't have PowerShell available, you can still use this CLI approach.
Additionally we have done the following to approve the Managed Endpoint connection. You need to have permissions on the resource that you are connecting to, if you want to be able to approve the Endpoint connection.
# list all private endpoints
endpointList = Get-AzPrivateEndpointConnection -PrivateLinkResourceId '/subscriptions/<xxx>/resourceGroups/<xxx>/providers/Microsoft.Storage/storageAccounts/<xxx>'
# filter the synapse endpoint
$synpapseEndpoint = $endpointList | Where-Object { $_.PrivateEndpoint.Id.EndsWith('<yourworkspacename>.<yourmanagedenpointname>') }
Approve-AzPrivateEndpointConnection -ResourceId $synpapseEndpoint.Id
Currently we don’t have native Synapse PowerShell and CLI commands for creating managed private endpoints. There is a workaround to create private endpoints through Azure CLI. The sample code is as below.
Setup
$workspaceName = "your-workspace-name"
$synapseAnalyticsResourceId = "https://dev.azuresynapse.net"
$managedVirtualNetworkName = "your-managed-virtual-network-name"
$newEndpointName = "your-new-endpoint-name"
To list private endpoints
az rest --resource $synapseAnalyticsResourceId --method GET --url "https://$($workspaceName).dev.azuresynapse.net/managedVirtualNetworks/$($managedVirtualNetworkName)/managedPrivateEndpoints?api-version=2019-06-01-preview"
To create private endpoints
Doc for this API
# GroupId in the body is specifically for a Data Lake endpoint (Storage with Hierarchical namespace enabled)
$body = "{""properties"":{""privateLinkResourceId"": ""<resourceid-to-your-resource-for-endpoint>"", ""groupId"": ""dfs""}}"
$body | Out-File body.json
az rest --resource $synapseAnalyticsResourceId --method PUT --headers "Content-Type=application/json" --url "https://$($workspaceName).dev.azuresynapse.net/managedVirtualNetworks/$($managedVirtualNetworkName)/$($newEndpointName)?api-version=2019-06-01-preview" --body `#body.json
Remove-Item body.json
Is it possible to get build logs using api call ?
gcloud builds log BUILD_ID
I have to do it using my nodejs app
Thanks,
Yes.
The CLI command would be of the form:
BUILD_ID=[[SOME-BUILD-ID]]
gcloud logging read "resource.type=\"build\" resource.labels.build_id=\"${BUILD_ID}\" " \
--project=${PROJECT} ...
NB If you augment the above command with the global --log-http, the output will include details of the underlying API methods. This is a good way to map gcloud commands to APIs.
The underlying API is logging.googleapis.com/v2
A good approach is to build the filter using Logs Viewer:
https://console.cloud.google.com/logs/viewer?project=${PROJECT}&advancedFilter=resource.type%3D%22build%22
Or, if like me, you like playing with jq:
BUILD_ID=...
gcloud logging read "resource.type=\"build\" resource.labels.build_id=\"${BUILD_ID}\" " \
--project=${PROJECT} \
--limit=50 \
--format="json" \
| jq -r .[].textPayload
You may interact with any Google API using the wonderful and understated APIs Explorer. Here's API Explorer pre-selected with logging:
https://developers.google.com/apis-explorer/#search/logging/logging/v2/logging.entries.list
You mentioned using Node.JS, Google provides SDKs for all its services using a bunch of popular languages and runtimes, here's a page describing the Logging API with Node.JS examples:
https://cloud.google.com/logging/docs/reference/libraries#client-libraries-install-nodejs
We’re seeing an issue when trying to add an access policy on a KeyVault for providing permissions to secrets on an automation account service principal. We’re using the below cmdlet:
Set-AzureRmKeyVaultAccessPolicy -VaultName "KeyVaultName" -ApplicationId "0aaa8314-872d-41ef-a75e-d3a5ec5b31e6" -ObjectId "443d03a7-6b76-47d1-9406-8fb87c17bbc3" -PermissionsToSecrets recover,delete,backup,set,restore,list,get
when the cmdlet executes, we see something like this in the portal. Note the Icon which seems to look like a User.
Despite seeing this in the access policies, the automation account’s runbooks still fail with the error “Forbidden” when trying to access the keyvault:
Get-AzureKeyVaultSecret : Operation returned an invalid status code 'Forbidden'
At C:\Modules\User\CustomModule.psm1:28 char:22
+ ... clientID = (Get-AzureKeyVaultSecret -VaultName $global:ManagementKeyV ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureKeyVaultSecret], KeyVaultErrorException
+ FullyQualifiedErrorId : Microsoft.Azure.Commands.KeyVault.GetAzureKeyVaultSecret
Tried in multiple ways for providing access to keyvault for the automation account service principal using the below cmdlets but still getting the same result.
Set-AzureRmKeyVaultAccessPolicy -VaultName "KeyVaultName" -ObjectId "443d03a7-6b76-47d1-9406-8fb87c17bbc3" -PermissionsToSecrets recover,delete,backup,set,restore,list,get -BypassObjectIdValidation
Set-AzureRmKeyVaultAccessPolicy -VaultName "KeyVaultName" -ServicePrincipalName ((Get-AzureRmADServicePrincipal -ApplicationId "0aaa8314-872d-41ef-a75e-d3a5ec5b31e6").ServicePrincipalNames[0]) -PermissionsToSecrets recover,delete,backup,set,restore,list,get
However, after manually adding the same service principal from the portal, we see a different icon for the same service principal.
Can someone please help out with this? Am I doing something wrong?
Many Thanks!
Try this:
Set-AzureRmKeyVaultAccessPolicy [-VaultName] -ServicePrincipalName "0aaa8314-872d-41ef-a75e-d3a5ec5b31e6" -PermissionsToSecrets recover,delete,backup,set,restore,list,get
Where SPN is the Application Id.
I know it's confusing.
For 2022, ran on Azure Cloud shell 2.43.0:
az keyvault set-policy --name myKeyVault --object-id <object-id> --secret-permissions <secret-permissions> --key-permissions <key-permissions> --certificate-permissions <certificate-permissions>
Remove the flags you don't want.
Refer to https://learn.microsoft.com/en-us/azure/key-vault/general/assign-access-policy?tabs=azure-cli
I am writing some code for automatic deployment of Azure websites (including the creation of the website in Azure). I'm using the Azure Management Libraries and Azure Resource Management Libraries available in Nuget. Most of it is in place, however I have not been able to find a way to enable the "Always On" property through any of the APIs I've seen. This property can be set through the azure management portal under the Configure tab for a website.
I've checked:
The properties reference on MSDN: http://msdn.microsoft.com/en-us/library/azure/dn236426.aspx
The powershell APIs (get-azureresource, get-azurewebsite, ...) to see if there's a reference to Always On (there's not)
The REST calls the management portal is sending, through Fiddler. Here there is a reference to Always On in a POST going to https://manage.windowsazure.com/Websites/UpdateConfig (which is not part of the management or resource management APIs as far as I know). The exact path in the JSON body that is sent is /siteConfig/AlwaysOn.
So, the question is, is it possible to enable/disable Always On through an "official" API?
Thanks!
I believe I found the solution!
Using the resource management API, I can set the AlwaysOn property through the siteConfig object. In powershell:
Set-AzureResource -ApiVersion 2014-04-01 -PropertyObject #{"siteConfig" = #{"AlwaysOn" = $false}} -Name mywebsite -ResourceGroupName myrg -ResourceType Microsoft.Web/sites
In the resource management API in .NET it would be similar to this.
The resulting REST call, to
https://management.azure.com/subscriptions/xxx/resourcegroups/yyy/providers/Microsoft.Web/sites/zzz?api-version=2014-04-01:
{
"location": "West Europe",
"properties": {
"siteConfig": {
"AlwaysOn": true
}
},
"tags": {}
}
Using updated ARM (Azure Resource Manager) Powershell, v1.0+
Get-AzureRmResource: https://msdn.microsoft.com/en-us/library/mt652503.aspx
Set-AzureRmResource: https://msdn.microsoft.com/en-us/library/mt652514.aspx
# Variables - substitute your own values here
$ResourceGroupName = 'My Azure RM Resource Group Name'
$WebAppName = 'My Azure RM WebApp Name'
$ClientAffinityEnabled = $false
# Property object for nested, not exposed directly properties
$WebAppPropertiesObject = #{"siteConfig" = #{"AlwaysOn" = $true}}
# Variables
$WebAppResourceType = 'microsoft.web/sites'
# Get the resource from Azure (consider adding sanity checks, e.g. is $webAppResource -eq $null)
$webAppResource = Get-AzureRmResource -ResourceType $WebAppResourceType -ResourceGroupName $ResourceGroupName -ResourceName $WebAppName
# Set a directly exposed property, in this case whether client affinity is enabled
$webAppResource.Properties.ClientAffinityEnabled = $ClientAffinityEnabled
# Pass the resource object into the cmdlet that saves the changes to Azure
$webAppResource | Set-AzureRmResource -PropertyObject $WebAppPropertiesObject -Force
For those using the .Net API, it's
var cfg = await websiteClient.Sites.GetSiteConfigAsync(site.ResourceGroup, site.Name, cancellationToken).ConfigureAwait(false);
if (!cfg.AlwaysOn.GetValueOrDefault())
{
cfg.AlwaysOn = true;
await websiteClient.Sites.UpdateSiteConfigAsync(site.ResourceGroup, site.Name, cfg, cancellationToken).ConfigureAwait(false);
}