I am writing Azure CLI scripts to automate creating cloud-side components in Microsoft Azure. In particular, I am using the CLI to create Azure Function Apps. However, while I am able to create a Function App using the CLI, I have not been able to identify a way to configure authentication against Azure Active Directory, other than by using the Azure Portal user interface (see https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad for a description of the interactive process).
It's clear that the interactive process performs several steps behind the scenes, including creating an AAD Application registration and associating the registration with the Function App. My questions are:
What are details of the steps performed?
Is there a programmatic way, either with the CLI or some other interface, to perform the same set of steps?
Easy Auth is actually a module on IIS. You can enable it using Azure CLI:
az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true \
--action LoginWithAzureActiveDirectory \
--aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \
--aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \
--aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/
https://learn.microsoft.com/en-us/cli/azure/webapp/auth?view=azure-cli-latest#az_webapp_auth
Related
Is there a way to create a problem metric in Dynatrace using a shell script that can be executed from the Linux server?
Here, Problem metric means,
Let's assume that we are using a shell script to check the status of deployed services on the Linux Server.
Then,
That Shell Script should be able to be called by Dynatrace
And, based on Shell Script's response, should be able to create Problem.
What do you mean by 'problem metric'?
You can create metrics via the Metric API and Problems via the Events API
You can call either endpoint from a shell script on linux. If there is a OneAgent on the system you could also use an extension.
I have some params in Remote Config that I want to update from the Google Cloud Functions.
Should I use the Remote Config API when both Cloud Functions and Remote Config belong to the same account or project?
I am asking because Cloud Functions can directly import the data from Firestore without any authentication and API.
Remote Config provided the RESTful APIs to update the parameters or template.
You don't have to call them from a Google Cloud function. But calling them from a Google Cloud function or even Firebase Cloud function is definitely workable.
You can even call the RESTful APIs from postman or some other tools once you set up the call properly.
Check more details here: https://firebase.google.com/docs/reference/remote-config/rest
With Remote Config backend APIs, you could use Remote Config with Cloud Functions for Firebase, changing values in your app based on events that happen server-side. For example, you can use Remote Config to promote a new feature in your app, and then turn off that promotion automatically once you detect enough people have interacted with the new feature.
Using the Remote Config REST API or the Admin SDKs described in this guide, you can bypass managing the template in the Firebase console to directly integrate Remote Config changes into your own processes.
As described here, Cloud Functions can be triggered in response to changes in Firebase Remote Config in the same Cloud project as the function. This makes it possible to change the behavior and appearance of your app without publishing an app update.
Deploying via Azure Release Pipeline - and in our Deploy Azure App Service step, we set App Service's Application Settings via the
.
Our contingency if the deployment fails, is redeploy an old release (months old) to the same app-service.
However, we need to delete some of the App Service's Application Settings that were set. Just removing these in the old release pipeline does not remove them from the App Service Configuration App Settings section.
Now we don't have the luxury of deleting these app-settings manually on the App Service Configuration.
So what is the recommended way to achieve this through the pipeline?
Remove App Settings During Azure App Service Deployment
You could use the Azure CLI task in the pipeline to delete appsettings, like:
az webapp config appsettings delete --name MyWebApp --resource-group MyResourceGroup --setting-names {setting-names}
Check the az webapp config appsettings delete for some more details.
On the other hard, you also could use API Web Apps - Update Application Settings to delete application settings.
PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/appsettings?api-version=2016-08-01
You can check the answer here.
Hope this helps.
Is it possible to add license to the user using Azure CLI?
I am also trying to find whether Azure CLI can be used as a replacement for AzureAD powershell module?
I am trying to figure out what is involved to write a console application that will run as part of a VSTS Release task and that program will read a connection string (secret) from a preconfigured keyvault and then connect to an Azure SQL db using that connection string and apply some changes.
Currently I have my Web Apps connecting to KeyVault and the Azure SQL Server
using Azure AD Application Token authentication so I know what is involved on that front.
When you check "Allow scripts to access OAuth token" on agent settings page,
can this token be used (using ADAL) to connect to KeyVault and SQL Server.
(Assuming the VisualStudioSPNxxx has the appropriate access to the above resources).
If not what should I be looking for?
The vsts token (Allow scripts to access OAuth token) can’t be used to connect to KeyVault.
You need to register app with Azure Active Directory and enable to communicate with Azure Active Directory and Key Vault, then get the connectionstring dynamically.
More information, you can refer to: Protecting Secrets using VSTS and Azure Key Vault
This is made relatively very easy now with Variable Groups - https://learn.microsoft.com/en-us/vsts/pipelines/library/variable-groups?view=vsts
You can link a secret by connecting your Azure KV to a variable and then use this variable as you would normally use it in any script/task.