It is obvious how to create a Service Principal (App Registration) via Azure CLI:
az ad sp create-for-rbac -n "My Service Principal" --scopes /subscriptions/the-subscription-guid
From the Azure Portal, you can add a Claims Group to the generated service principal, as such:
How can I add this via the Azure CLI at the time of creation of principal or after creating it? I did not find the documentation to do so.
For a service principal, you can add an optional claim and group claims as follows:
Using command:
az ad app create --display-name "xxx" --optional-claims #manifest.json
Output:
Group Claim:
myjson file:
{
"groupMembershipClaims": "SecurityGroup",
"optionalClaims": {
"saml2Token": [
{
"name": "groups",
"essential": false,
"additionalProperties": []
]
}
],
"idToken": [
{
"name": "groups",
"essential": false
}
]
}
}
Use below Az CLI command:
az ad app update --id "<AppID>" --set groupMembershipClaims=All
Refer MsDoc
Related
I'm getting this error:
<_io.TextIOWrapper name='C:\\Users\\david\\source\\repos\\azurePortalInfrastruct\\ExportedTemplate-example-resources\\template.json' mode='r' encoding='cp1252'> does not contain the property 'location'
Which may be down to the way the template.json file has been put together.
My issue is similar to:
Azure CLI unable to create portal dashboards from templates
I followed this to a now closed github issue: Azure CLI unable to create portal dashboards from templates #16356
Following the advice from the developer. I used the following command (which generated the error):
az portal dashboard import --name "testDashboard" --resource-group "example-resources_copy" `
>> --input-path "C:\Users\david\source\repos\azurePortalInfrastruct\ExportedTemplate-example-resources\template.json"
The file template.json was exported from my portal. I have checked it. It has lines 13-16:
"type": "Microsoft.Portal/dashboards",
"apiVersion": "2020-09-01-preview",
"name": "[parameters('dashboards_a9dc12e1_3aae_431d_b935_81dd5ea20bd8_dashboard_name')]",
"location": "westus",
Regarding a similar command the developer has said:
In az portal dashboard create, the --input-path is the path to properties json file instead of full template.
My export from portal dashboard consisted of two files.
template.json
parameters.json
The file template.json contains a properties section on line 20 (which follows the location line 16) But I didn't get a separate properties.json file in my export.
The developer goes on to say:
If you want to create a dashboard with full template, should use the command az portal dashboard import. Also, you need to update the location value in your sample Json.
I can get it working with the sample json code sample used for the github issue #16356
{
"properties": {
"lenses": {
"0": {
"order": 0,
"parts": {}
}
},
"metadata": {
"model": {
"timeRange": {
"value": {
"relative": {
"duration": 24,
"timeUnit": 1
}
},
"type": "MsPortalFx.Composition.Configuration.ValueTypes.TimeRange"
}
}
}
},
"name": "TestDashboard",
"type": "Microsoft.Portal/dashboards",
"location": "westus",
"tags": {
"hidden-title": "My Test Dashboard"
},
"apiVersion": "2015-08-01-preview"
}
But this is sample is nothing like the JSON ARM code I exported from my existing Azure Portal dashboard.
Any suggestions appreciated.
When I try to push a custom metric to the Oracle Cloud Monitoring service using the Oracle Cloud CLI, I receive the following error:
ServiceError:
{
"code": "NotAuthorizedOrNotFound",
"message": "Authorization failed or requested resource not found.",
"opc-request-id": "request id",
"status": 404
}
This occurs when using the Administrator account and when using an instance principal which has monitoring permission.
Here is the JSON that I am pushing to the Monitoring service:
[
{
"namespace": "myFirstNamespace",
"compartmentId": "tenant id",
"resourceGroup": "myFirstResourceGroup",
"name": "successRate",
"dimensions": {
"resourceId": "ocid1.exampleresource.region1.phx.exampleuniqueID",
"appName": "myAppA"
},
"metadata": {
"unit": "percent",
"displayName": "MyAppA Success Rate"
},
"datapoints": [
{
"timestamp": "2021-06-01T22:19:20Z",
"value": 83.0
}
]
}
]
The CLI command that I am using is:
oci monitoring metric-data post --metric-data file://metric-data.json
The OCI CLI command should be:
oci monitoring metric-data post --metric-data file://metric-data.json --endpoint https://telemetry-ingestion.{{ region }}.oraclecloud.com
replacing {{ region }} with your region.
The --endpoint https://telemetry-ingestion.{{ region }}.oraclecloud.com parameter needs to be added.
Looks like some authorization issue. Please cross check if the instance principle has all the required permission assigned. Please review this document Publishing Custom Metrics and Overview of Monitoring
I'm trying to create a custom platform for region ap-northeast-1 following aws documentation.
ebp create ends with failure, and ebp events shows an error indicating that the created AMI is in different region from the service region.
2018-04-28 00:49:18 INFO Initiated platform version creation for 'NodePlatform_Ubuntu/1.0.0'.
2018-04-28 00:49:22 INFO Creating Packer builder environment 'eb-custom-platform-builder-packer'.
2018-04-28 00:52:39 INFO Starting Packer building task.
2018-04-28 00:52:44 INFO Creating CloudWatch log group '/aws/elasticbeanstalk/platform/NodePlatform_Ubuntu'.
2018-04-28 01:03:48 INFO Successfully built AMI(s): 'ami-5f2f4527' for 'arn:aws:elasticbeanstalk:ap-northeast-1:392559473945:platform/NodePlatform_Ubuntu/1.0.0'
2018-04-28 01:04:03 ERROR Unmatched region for created AMI 'ami-5f2f4527': 'us-west-2' (service region: 'ap-northeast-1').
2018-04-28 01:04:03 INFO Failed to create platform version 'NodePlatform_Ubuntu/1.0.0'.
I used this sample custom platform provided in aws document and modified only custom_platform.json for builders.region and builders.source_ami to match with the region of my Custom Platform Builder.
.elasticbeanstalk/config.yml
global:
application_name: Custom Platform Builder
branch: null
default_ec2_keyname: null
default_platform: null
default_region: ap-northeast-1
instance_profile: null
platform_name: NodePlatform_Ubuntu
platform_version: null
profile: eb-cli
repository: null
sc: git
workspace_type: Platform
custom_platform.json
{
"variables": {
"platform_name": "{{env `AWS_EB_PLATFORM_NAME`}}",
"platform_version": "{{env `AWS_EB_PLATFORM_VERSION`}}",
"platform_arn": "{{env `AWS_EB_PLATFORM_ARN`}}"
},
"builders": [
{
"type": "amazon-ebs",
"name": "HVM AMI builder",
"region": "ap-northeast-1",
"source_ami": "ami-60a4b21c",
"instance_type": "m3.medium",
"ssh_username": "ubuntu",
"ssh_pty": "true",
"ami_name": "NodeJs running on Ubuntu Server 16.04 LTS (built on {{isotime \"20060102150405\"}})",
"tags": {
"eb_platform_name": "{{user `platform_name`}}",
"eb_platform_version": "{{user `platform_version`}}",
"eb_platform_arn": "{{user `platform_arn`}}"
}
}
],
"provisioners": [
{
"type": "file",
"source": "builder",
"destination": "/tmp/"
},
{
"type": "shell",
"execute_command": "chmod +x {{ .Path }}; {{ .Vars }} sudo {{ .Path }}",
"scripts": [
"builder/builder.sh"
]
}
]
}
It seems my modification to custom_platform.json does not take effect.
What I missed was committing the changes...
Though EB and Packer documentation do not refer to anything about vcs or git, it seems packer uses git to create an archive of the custom platform files and thus the changes I made was not included in it because I did not commit them.
I noticed that ebp create was giving me this warning...
mac.local:NodePlatform_Ubuntu% ebp create
WARNING: You have uncommitted changes.
I am using Azure Edge V1 with Ubuntu, I have created 1 IoT Hub with the name say X and then created 2 Devices say dev1 & dev2. After that I changed simulated_device_cloud_upload_lin.json file.
modules:
IotHub - "args": {
"IoTHubName": "X",
"IoTHubSuffix": "azure-devices.net",
"Transport": "MQTT",
"RetryPolicy": "EXPONENTIAL_BACKOFF_WITH_JITTER"}
mapping - "args": [
{
"macAddress": "01:01:01:01:01:01",
"deviceId": "dev1",
"deviceKey": "primary key of dev1"
},
{
"macAddress": "02:02:02:02:02:02",
"deviceId": "dev2",
"deviceKey": "Primary key of dev2"
} ] }
And then I go inside build folder and run command
./samples/simulated_device_cloud_upload/simulated_device_cloud_upload_sample ../samples/simulated_device_cloud_upload/src/simulated_device_cloud_upload_lin.json
And this start sending messages to IoT Hub, but when I checked to IoTHub with iothub-explorer it will show me error given below-
error receiving reply from Event hub management end point : undefined.
And also messages did not reach at IoT Hub.
Could you please tell me what have I done wrong?
I am just starting with BlueMix and in my space I have:
a Cloud Integration service: using a Basic Secure Connection, for which I have created an API endpoint; then in that Cloud Integration service I have added the corresponding API by importing a swagger 1.2 file, and published that customAPI to my organization;
a pretty simple node.js application;
From the Cloud Integration service> API view, I can get the URLs for the different resources (for instance http://endpoint_ip:endpoint_port/api/version/path_to_resource), so I can hardcode these URLs in my node.js application and it works.
But if I bind the Cloud Integration service and even the customAPI to my node.js application, I don't get any information in VCAP_SERVICES about the endpoint URL; but I have seen examples of VCAP_SERVICES where the API URL is available.
Below is my VCAP_SERVICES
{"CloudIntegration": [
{
"name": "Cloud Integration-b9",
"label": "CloudIntegration",
"plan": "cloudintegrationplan",
"credentials": {
"userid": "apiuser#CloudIntegration",
"password": "S!2w3e40",
"apis": [
{
"name": "Catalog Manager API",
"desc": "Catalog Manager API",
"resource": ""
}
]
}
}
]
}
What I am trying to achieve is to avoid hardcoding URLs in my application, since I can bind a BlueMix service to it, and perhaps get info from the environment.
Am I doing something wrong? Or is that not the way it is supposed to work?
Also I don't really get why there is nothing in the VCAP_SERVICES.CloudIntegration[0].credentials.apis[0].resource even though I have my customAPI specifies resources.
#Rick
Make sure you "publish" your API after configuring the Cloud Integration service. Then service credentials will reflect the changes:
"CloudIntegration": [
{
"name": "Cloud Integration-v5",
"label": "CloudIntegration",
"plan": "cloudintegrationplan",
"credentials": {
"userid": "apiuser#CloudIntegration",
"password": "S!2w3e40",
"apis": [
{
"name": "SwaggerPetStore",
"desc": "SwaggerPetStore",
"resource": "http",
"baseurl": "http://mypypatchank.mybluemix.net"
}
]
}
}
]
in the same way, if you use the API management service, you will have a corresponding VCAP_SERVICES entry
"Swagger Petstore v1 : Sandbox 551b2dcf0cf2521d98d061d4 prod": [
{
"name": "Swagger Petstore v1 : Sandbox prod-w0",
"label": "Swagger Petstore v1 : Sandbox 551b2dcf0cf2521d98d061d4 prod",
"plan": "plan1 : Sandbox prod",
"credentials": {
"clientID": "55cfe3fa-ff59-474c-a1b6-46d3cc9871",
"clientSecret": "uK3xM3eF4cA1qF7yW8mC2lP6wS6aG7sQ5cL2yJ4sC6iS1dE7",
"url": "https://api.eu.apim.ibmcloud.com/garciatemx1ibmcom/sb/api"
}
}
]
Since your goal is to "to avoid hardcoding URLs in my application, since I can bind a BlueMix service to it, and perhaps get info from the environment." I would like to suggest using a user provided service.
This will create a user provided service and start interactive input for you to enter the api url and a password. You can add more parameters if you need.
cf cups servicename -p "url, password"
Bind this service to your application and restage. You can access these parameters in your Node.js application easily with the cfenv module.
var cfenv = require("cfenv");
var appEnv = cfenv.getAppEnv();
var myService = appEnv.getService("servicename");
//use myService.credentials.url to access the url value.
//use myService.credentials.password to access the password value.
The user provided services VCAP_SERVICES looks like:
{
"user-provided": [
{
"name": "servicename",
"label": "user-provided",
"credentials": {
"url": "myURL",
"password": "myPassword"
}
}
]
}