Is it possible at all to create a function key for a just created azure function from powershell script?
I have got a release pipeline to create the whole environment for azure function and it is working fine but one part I am missing is a custom function key for the function. I don't want to use the default key. I could create the new key in the portal but I need it to be done from the script.
Currently, there is no such Power Shell cmdlet, but you could use Function Api.
Creates or updates the key at the specified resource with an auto generated key:
POST /admin/functions/{functionname}/keys/{keyname}
Use the following Power Shell to use API.
$tenant = ""
$clientId = ""
$clientSecret = ""
$subscriptionId = ""
$body = #{
"grant_type"="client_credentials";
"client_id"=$clientId;
"client_secret"=$clientSecret;
"resource"="https://management.azure.com/"
}
$resourceGroup="shuiapp"
$name="shuifunction"
$authInfo = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenant/oauth2/token" -Body $body -Method Post -Headers #{"Content-Type"="application/x-www-form-urlencoded"}
$publishData = Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroup/providers/Microsoft.Web/sites/$name/publishxml?api-version=2016-08-01" -Method Post -Headers #{"Authorization"="Bearer $($authInfo.access_token)"}
$userName = $publishData.publishData.publishProfile[0].userName
$password = $publishData.publishData.publishProfile[0].userPWD
$apiBaseUrl = "https://$name.scm.azurewebsites.net/api"
$siteBaseUrl = "https://$name.azurewebsites.net"
# For authenticating to Kudu
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $username,$password)))
# Call Kudu /api/functions/admin/token to get a JWT that can be used with the Functions Key API
$jwt = Invoke-RestMethod -Uri "$apiBaseUrl/functions/admin/token" -Headers #{Authorization=("Basic {0}" -f $base64AuthInfo)} -Method GET
# Call Functions Key API to get the master key
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/host/systemkeys/_master" -Headers #{Authorization=("Bearer {0}" -f $jwt)} -Method GET
$masterKey = $x.value
# create a custom function key
$functionname="HttpTriggerPowerShell1"
$v=Invoke-RestMethod -Uri "$siteBaseUrl/admin/functions/$functionname/keys/shui" -Headers #{Authorization=("Bearer {0}" -f $jwt)} -Method POST
$v.value
# get function key value
$x = Invoke-RestMethod -Uri "$siteBaseUrl/admin/functions/HttpTriggerPowerShell1/keys" -Headers #{Authorization=("Bearer {0}" -f $jwt)} -Method GET
Note: You need create a new service principal and give contributor role. Please refer to the official document.
You can create function keys using Az Cli: az functionapp keys:
Create a function key for an Azure Function app.
az functionapp keys set `
-g MyResourceGroup `
-n MyFunctionAppName `
--key-type functionKeys `
--key-name MyKeyName `
--key-value MyKeyValue
If the --key-value is not specified, it will be auto-generated.
Related
I have a delegate App with Directory.ReadWrite.All permissions and a PS script to auth users over the app. It works when I use GET but I'm getting Forbidden when try PATCH method
Here's the part of that script:
$uri = "https://graph.microsoft.com/v1.0/devices/1111-2222-3333-4444-5555"
$method = "PATCH"
$body = '{
"extensionAttributes": {
"extensionAttribute2": "text"
}
}'
Invoke-WebRequest -Method $method -Uri $uri -Body $body -ContentType "application/json" -Headers #{Authorization = "Bearer $token"} -UseBasicParsing -ErrorAction Stop
Another thing: when using device ObjectID to construct Uri I'm getting the 403 Forbidden but if I use a $filter over a DeviceID I get 405 Method not allowed. Does it mean it doesn't like a filter and have to stick with the ObjectID? Is there a way when I run the GET with $filter to save in a variable only ObjectID within JSON query?
Thanks
sorted it, I needed Directory.AccessAsUser.All and used this to get the objectId variable:
$DsregCmdStatus = dsregcmd /status
if($DsregCmdStatus -match "DeviceId")
{
$DeviceId = $DsregCmdStatus -match "DeviceID"
$DeviceId = ($DeviceId.Split(":").trim())
$DeviceId = $DeviceId[1]
}
# Find Id
$uri = "https://graph.microsoft.com/v1.0/devices?`$filter=deviceId eq '$DeviceId'"
$method = "GET"
# Run Graph API query
$query = Invoke-WebRequest -Method $method -Uri $uri -ContentType "application/json" -Headers #{Authorization = "Bearer $token"} -UseBasicParsing -ErrorAction Stop
$output = ConvertFrom-Json $query.Content
$id = $output.value
$id = $id.id
Write-Host "Machine ID is $id"
I have defined a webhook in Rundeck to run a particular job. This job has 3 options defined: ${option.VMName}, ${option.CPU} and ${option.Memory}. The job itself is defined as a local powershell script and executes as: powershell ${scriptfile} ${option.VMName} ${option.CPU} ${option.Memory}. This is tested and works fine.
I would now like to invoke the webhook POST URL so that the job is remotely triggered (from a web dashboard, using PowerShell) with these options defined. I tried, unsuccessfully, adding the options to the end of my URL:
http://mywebhookuri#myjobname?opt.VMName=$VMName&opt.CPU=$CPU&opt.Memory=$Memory
http://mywebhookuri#myjobname?VMName=$VMName&CPU=$CPU&Memory=$Memory
The following PowerShell code is being used to invoke the webhook:
$WebHookURI = "http://mywebhookuri#myjobname"
$header = #{}
$header.add("Content-Type","text/plain")
$body = #{} | ConvertTo-Json
$result = Invoke-RestMethod -Method Post -Uri $WebHookURI -Body $body -Headers $header
The documentation for the webhook plug-in and run-job usage state that "The JSON that is received by the plugin can be used to supply options, node filter, and the Run As user", but doesn't show a clear example of either.
How do I successfully pass these options to the webhook URL?
Following the documentation, you need to define the option in this way, and later call passing a JSON data, I did an example but using cURL:
curl -H "Content-Type: application/json" -X POST -d '{"field1":"hello world"}' http://yourhost:4440/api/34/webhook/3moY0Ru1zxl5gM0tpVlecJ5BN1LPyhsx#New_Hook
That is for this Job Definition example:
<joblist>
<job>
<context>
<options preserveOrder='true'>
<option name='opt1' />
</options>
</context>
<defaultTab>nodes</defaultTab>
<description></description>
<executionEnabled>true</executionEnabled>
<id>e97efb53-99a6-4e5a-80b7-a1b055866f43</id>
<loglevel>INFO</loglevel>
<name>HelloWorld</name>
<nodeFilterEditable>false</nodeFilterEditable>
<scheduleEnabled>true</scheduleEnabled>
<sequence keepgoing='false' strategy='node-first'>
<command>
<exec>echo ${option.opt1}</exec>
</command>
</sequence>
<uuid>e97efb53-99a6-4e5a-80b7-a1b055866f43</uuid>
</job>
</joblist>
To add some detail to MegaDrive68k's accepted answer (as this is essentially two questions):
I added the following to the "Options" field in the Rundeck webhook definition:
-VMName ${data.field1} -CPU ${data.field2} -Memory ${data.field3}
And the PowerShell code was modified as follows:
$WebHookURI = 'http://mywebhookuri#myjobname'
$header = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$header.add("Content-Type", "application/json")
$body = "{`n `"field1`" : `"$VMName`",`n `"field2`" : `"$CPU`",`n `"field3`" : `"$Memory`"`n}"
$result = Invoke-RestMethod -Method 'POST' -Uri $WebHookURI -Body $body -Headers $header
With these changes I was able to successfully invoke the Rundeck webhook with options.
a bit more concise version for PowerShell:
$WebHookURI = 'http://mywebhookuri#myjobname'
$header = #{}
$header.add("Content-Type", "application/json")
$body = #{
field1 = "$VMName";
field2 = "$CPU";
field3 = "$Memory"
} | ConvertTo-Json
$result = Invoke-RestMethod -Method 'POST' -Uri $WebHookURI -Body $body -Headers $header
I need to run 1000 API calls for 1000 different URI's. I tried to run 1000 different URI in one go as shown below but the API has a limit of 1000 lines.
Is there a way to run this code 1000 times producing 1000 separate JSON files or in one JSON file without me having to run the URI with the powershell script indivdiually.
$access_token ="dfdfgdfgf45h5676rdffghfghfbazbfgjvdrtwsffrgr"
$LogPath ='C:\StackOVerflow'
$URI = 'https://api.web.ser/audits/a_80weqwepeopeoA'
'https://api.web.ser/audits/a_B0980kdfl;skfd'
'https://api.web.ser/audits/a_Csdfsdfsjlksdc'
'https://api.web.ser/audits/a_Tlksdjfalkjdff'
'https://api.web.ser/audits/a_Fldkfjlsfjdfdl'
'https://api.web.ser/audits/a_Fsdfsdfsdfsd34'
'https://api.web.ser/audits/a_G34gfgf4ffsdrf'
'https://api.web.ser/audits/a_Haere34534fdgf'
'https://api.web.ser/audits/a_Ifdl023lererew'
'https://api.web.ser/audits/a_Afrererl45645w'
$headers = #{“authorization” = “Bearer $access_token”}
$result = Invoke-RestMethod -Uri $URI -Headers $headers |ConvertTo-Json| out-file "$LogPath\id_ExtractLogs$(((get-date).ToString("yyyyMMdd"))).json"
$result
You cannot pass an array of uri to the Invoke-RestMethod cmdlet; they must be iterated.
Here's a working solution:
$uri = 'https://api.web.ser/audits'
$reportList = #(
'a_80weqwepeopeoA'
'a_B0980kdfl;skfd'
# .. etc.
)
$token = 'secret'
$headers = #{ Headers = #{ Authorization = "Bearer $token" }}
$logPath = 'C:\StackOverflow'
foreach ($report in $reportList) {
$stamp = Get-Date -Format FileDateTime
Invoke-RestMethod -Uri "$uri/$report" -OutFile "$logPath\id_$stamp.json" #headers
}
last year I created a PS script, that took care of automatically creating users and adding them to our servicedesk, we use a special user creation account for this, the credentials are locally saved in a text file. It all worked fine, however the script doesn't seem to work anymore, did the JIRA API change?
I get following error message: Invoke-Rest-Method: The remote server returned an error (401) Unauthorized at response = Invoke-Rest-Method -Uri...etc
I checked and our user creation account still has all the permissions to create users, I can manually create them and the log shows that the user also logs in normally through the script.
Hopefully somebody can help with my problem!
Here's the code:
$jiraCredentials = Get-Content -Raw -Path "C:\PowerShellScripts\New-AdUser\credentials.json" |ConvertFrom-Json
$bytes = [System.Text.Encoding]::ASCII.GetBytes("${$jiraCredentials.username}:${$jiraCredentials.password}")
$base64 = [System.Convert]::ToBase64String($bytes)
$basicAuthValue = "Basic $base64"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.add("Authorization", $basicAuthValue)
$headers.add("X-Experimentalapi", "opt-in")
$headers.add("Content-Type", "application/json")
#$headers.add("X-Atlassian-Token", "nocheck")
$JSON = #"
{
"fullName": "$emailAddressClean",
"email": "$emailAddressClean"
}
"#
$response = Invoke-RestMethod -Uri https://jira.dilax.com/rest/servicedeskapi/customer -Method POST -Body $JSON -ContentType "application/json" -Headers $headers
#add customer to servicedesk
$JSON2 = #"
{
"usernames":[
"$emailAddressClean"
]
}
"#
$response2 = Invoke-RestMethod -Uri https://jira.dilax.com/rest/servicedeskapi/servicedesk/9/customer -Method POST -Body $JSON2 -ContentType "application/json" -Headers $headers
managed to fix it because the log in credentials didn't get transmitted correctly:
$jiraCredentials = Get-Content -Raw -Path "C:\PowerShellScripts\New-AdUser\credentials.json" |ConvertFrom-Json
$user = $jiraCredentials.username
$pass = $jiraCredentials.password
$pair = "${user}:${pass}"
$bytes = [System.Text.Encoding]::ASCII.GetBytes($pair)
$base64 = [System.Convert]::ToBase64String($bytes)
$basicAuthValue = "Basic $base64"
Converting a very simple Plaid API curl data request to a powershell invoke-webrequest
what works:
curl -X POST https://tartan.plaid.com/balance \
-d client_id=client-id-value \
-d secret=secret-value \
-d access_token=access-token-value
What I'm trying unsuccessfully in Powershell
#test powershell api call
$hash = #{ client_id = "client-id-value";
secret = "secret-value"
access_token = "access-token-value"
}
$JSON = $hash | convertto-json
#Invoke-WebRequest -uri "https://tartan.plaid.com/balance" -Method POST -Body $JSON
This returns a plaid error 1100 (client id missing), so I know some API functionality is working, but it's not parsing input data correctly.
My biggest misunderstanding is how to translate a "curl -data" value into the proper Powershell parameter.
Is this a header value, body value? etc.
Unless the target url expects the POST body to be in JSON format, skip the ConvertTo-JSON step completely.
When the chosen HTTP method is POST, Invoke-WebRequest will automatically take all the keys in the hashtable supplied to the -Body parameter and construct a body payload similar to that of curl -d:
$POSTParams = #{
client_id = "client-id-value"
secret = "secret-value"
access_token = "access-token-value"
}
Invoke-WebRequest -Uri "https://tartan.plaid.com/balance" -Method POST -Body $POSTParams