Is it possible to add license to the user using Azure CLI?
I am also trying to find whether Azure CLI can be used as a replacement for AzureAD powershell module?
Related
I am looking for Is there a way to create a custom connector for other tenants or as guests?
A connector is a wrapper or a proxy around an API that interact between Power Automate or Power Apps and the back-end service or data source.
The custom connector (API connector) enables you to connect your own web API (REST API) in Power Automate and Power Apps. To create a custom connector first we need to enable authentication in Azure Active Directory then register one of the APIs as a custom connector and lastly connect to it in Power Automate.
Authentication in Azure Active Directory
First, you need to create an Azure Active Directory (AAD) application that performs the authentication when calling the API endpoint.
First create an App registration in Azure Active Directory.
Now in the settings of the registered App, go to required permission and Add API.
For more detailed information check this Enable authentication in Azure Active Directory section of the Microsoft document.
Custom connector
After configuring the AAD Application we can now create the custom connector.
After clicking the Settings at the top of Power Automate web page, select custom connector.
Select Create custom connector, then Import an OpenAPI file .
In Security page, provide AAD information for the application and set Resource URL.
For detailed information check this Create a custom connector section of the Microsoft document.
It seems that this page contains all the functionality that Azure CLI supports in regard to Azure API Management. But it doesn't show how to manage entities such as users, products, certificates, subscriptions, and APIs using Azure CLI.
Does Azure CLI lack these functionalities or is there a way to manage those entities using Azure CLI? Can Azure CLI be considered as a replacement for ARM templates in the case of APIM?
Azure CLI is missing those. Please raise on aka.ms/apimwish
According to my research, the Azure CLI API management command is in preview. SO it will miss some commands. For more details, please refer to the document. So if you want to manage Azure API management entities such as users, products, certificates, subscriptions, and APIs, I suggest you use Azure PowerShell to do that : https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/?view=azps-3.0.0.
The Azure CLI currently seems to support this, see here for Microsoft docs. Make sure you upgrade your CLI to the latest version to be able to leverage this.
To get the CLI docs:
az apim --help
I am writing Azure CLI scripts to automate creating cloud-side components in Microsoft Azure. In particular, I am using the CLI to create Azure Function Apps. However, while I am able to create a Function App using the CLI, I have not been able to identify a way to configure authentication against Azure Active Directory, other than by using the Azure Portal user interface (see https://learn.microsoft.com/en-us/azure/app-service/configure-authentication-provider-aad for a description of the interactive process).
It's clear that the interactive process performs several steps behind the scenes, including creating an AAD Application registration and associating the registration with the Function App. My questions are:
What are details of the steps performed?
Is there a programmatic way, either with the CLI or some other interface, to perform the same set of steps?
Easy Auth is actually a module on IIS. You can enable it using Azure CLI:
az webapp auth update -g myResourceGroup -n myUniqueApp --enabled true \
--action LoginWithAzureActiveDirectory \
--aad-allowed-token-audiences https://webapp_name.azurewebsites.net/.auth/login/aad/callback \
--aad-client-id ecbacb08-df8b-450d-82b3-3fced03f2b27 --aad-client-secret very_secret_password \
--aad-token-issuer-url https://sts.windows.net/54826b22-38d6-4fb2-bad9-b7983a3e9c5a/
https://learn.microsoft.com/en-us/cli/azure/webapp/auth?view=azure-cli-latest#az_webapp_auth
I am trying to figure out what is involved to write a console application that will run as part of a VSTS Release task and that program will read a connection string (secret) from a preconfigured keyvault and then connect to an Azure SQL db using that connection string and apply some changes.
Currently I have my Web Apps connecting to KeyVault and the Azure SQL Server
using Azure AD Application Token authentication so I know what is involved on that front.
When you check "Allow scripts to access OAuth token" on agent settings page,
can this token be used (using ADAL) to connect to KeyVault and SQL Server.
(Assuming the VisualStudioSPNxxx has the appropriate access to the above resources).
If not what should I be looking for?
The vsts token (Allow scripts to access OAuth token) can’t be used to connect to KeyVault.
You need to register app with Azure Active Directory and enable to communicate with Azure Active Directory and Key Vault, then get the connectionstring dynamically.
More information, you can refer to: Protecting Secrets using VSTS and Azure Key Vault
This is made relatively very easy now with Variable Groups - https://learn.microsoft.com/en-us/vsts/pipelines/library/variable-groups?view=vsts
You can link a secret by connecting your Azure KV to a variable and then use this variable as you would normally use it in any script/task.
I am using Node-RED on IBM Bluemix. I am trying to connect to MySQL hosted by ClearDB, but I cannot find a suitable node in the database category.
How can I bind to existing ClearDB service that I already have bound to another app?
You can take a look at this MySQL node for Node-RED in the flow and node library, it is an extension. The steps to add additional node types to the editor is explained in the Node-RED documentation in general, however it does not directly apply to Bluemix. For your Bluemix environment you would need to access and modify the environment. See this post on how to deploy your customized Node-RED environment to Bluemix.