how to reorder a CDN Endpoint rules using az cli
The documentation does not help
https://learn.microsoft.com/en-us/cli/azure/cdn/endpoint/rule?view=azure-cli-latest
Thanks.
Related
I know how to get repositories, we can use
az acr repository list --name myregistry.
But, how to get repositories with tags that are having security/vulnerability issues after security scans using azure cli?
There is no way to get repositories with tags that are having security/vulnerability issues after security scans using Azure CLI.
You can get the scan results (security vulnerabilities, recommendations) of the scanned resource using Azure Portal, Azure Resource Graph and REST API as given in this MS Doc.
If you have the assessment Ids, then you can get the scan results using combination of REST API and Az CLI Cmdlets:
REST API:
Azure CLI:
az rest --method get --url GET {api to get security vuls} --url-parameters
Does anyone know how to configure the selected public network for a Batch Account?
I only found this article that explains how to do it from the Azure Portal: https://learn.microsoft.com/en-us/azure/batch/public-network-access?WT.mc_id=Portal-Microsoft_Azure_Batch
The Azure CLI documentation has a --public-network-access {Disabled, Enabled}, but how can one set an IP range as described in the link above through the command line?
Likewise we do have Az CLI command for IP Network rule configuration in Azure Storage Account and Key Vault Unfortunately we don't have az cli command to configure IP network rules for Azure Batch acount.
I have checked in the Azure Batch CLI commands doc. The only thing I found was batch account creation with public network access disabled/enabled command:
az batch account create --location westus2 --name testaccount --resource-group v-rXXXXXXdtree --public-network-access Enabled
The Start-AzPolicyComplianceScan works fine in PowerShell. I am trying to achieve the same using az cli but am unable to find an equivalent.
Looks there is no built-in command in azure cli, the workaround is to use az rest to call the REST API directly.
Sample:
1.Start a compliance scan at resource group scope - https://learn.microsoft.com/en-us/rest/api/policy-insights/policystates/triggerresourcegroupevaluation
az rest --method POST --uri https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01
2.Start a compliance scan at subscription scope - https://learn.microsoft.com/en-us/rest/api/policy-insights/policystates/triggersubscriptionevaluation
az rest --method POST --uri https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.PolicyInsights/policyStates/latest/triggerEvaluation?api-version=2019-10-01
After running the command, you could check the result in the Activity log in the resource group/subscription, it works fine.
This is currently possible using:
az policy state trigger-scan
More in the documentation: https://learn.microsoft.com/en-us/cli/azure/policy/state?view=azure-cli-latest#az-policy-state-trigger-scan
Could someone please let me know how to list all the DBR workspaces under a particualr subscription in Azure.
I have tried Az Cli Option but it doesn't have any option to list any workspace.
you can always use something like this:
az resource list --resource-type "Microsoft.Databricks/workspaces"
so use a generic command to query the rest api directly (what the other answer suggests) but using Azure CLI, so you dont need to handle the auth\tokens\etc
ps. you'd first need to change your Azure CLI context to that subscription with:
az account set -s "sub_name_goes_here"
You can use the REST API,
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Databricks/workspaces?api-version=2018-04-01
I'm trying to follow this guide to setting up a K8s cluster with external-dns' Azure DNS provider.
The guide states that:
When your Kubernetes cluster is created by ACS, a file named /etc/kubernetes/azure.json is created to store the Azure credentials for API access. Kubernetes uses this file for the Azure cloud provider.
When I create a cluster using aks (e.g. az aks create --resource-group myResourceGroup --name myK8sCluster --node-count 1 --generate-ssh-keys) this file doesn't exist.
Where do the API credentials get stored when using AKS?
Essentially I'm trying to work out where to point this command:
kubectl create secret generic azure-config-file --from-
file=/etc/kubernetes/azure.json
From what I can see when using AKS the /etc/kubernetes/azure.json doesn't get created. As an alternative I followed the instructions for use with non Azure hosted sites and created a service principal (https://github.com/kubernetes-incubator/external-dns/blob/master/docs/tutorials/azure.md#optional-create-service-principal)
Creating the service principal produces some json that contains most of the detail. This can be used to manually create the azure.json file and the secret can be created from it.
Use this command to get credentials:
az aks get-credentials --resource-group myResourceGroup --name myK8sCluster
Source:
https://learn.microsoft.com/en-us/azure/aks/kubernetes-walkthrough
Did you try this command ?
cat ~/.kube/config
It provided all i needed for my CI to connect to the Kubernetes Cluster and use API