I am pretty new to Devops and I am trying to make a connection with the GCP. While creating the generic connection, what url do I have to provide? should it be the api endpoint? or the auth token url.
I am trying to connect with Bigquery api, and I am also confused about how should I authenticate?
Is there also any other way? I could not find any single blog that helps to InvokeRestApi task to the GCP alongwith the authentication.
Thanks for helping:)
enter image description here
I tried with the gcloud shell in Azure but I am not sure how can I get the api response back from gcloud script.
You can refer to Generic Service Connection and know about parameter and Description.
The url is the url of your service(e.g:https://gcr.io/PROJECT_ID).
The Token Key generated in the path of GCP:
Service account->create service account->create key
Related
I have been looking at this issue for days and I know from experience that I usually work these things out but this time I have hit a brick wall.
Scenario
I have a python app that gets instantiated inside an Azure DevOps YAML pipeline.
The app calls the Azure DevOps REST API to create a repository
The app uses a PAT (personal access token) to authenticate
Firstly issue is, a personal access token is connected to me as a human user. If I leave the company the PAT will be revoked which is not good for an app that needs to run in a non-user context.
So now I want to setup my Python app to authenticate to the Azure DevOps REST API using client credentials flow.
My issue is, I can't find consistent information about this.
I have created an app in Azure DevOps:
My plan would be to get this all working in Postman and then port my finding to Python code.
So really, I am looking for help with the setup I do in Postman and I can work the rest out myself in Python.
Many posts talk about Azure DevOps and Azure AAD (Azure Active Directory) together but, seeing as I create my app registration in Azure DevOps, as shown in the picture, I don't see why I would do anything in AAD.
(Note, my Azure DevOps instance was created outside Azure. Azure knows nothing about my Azure DevOps instance)
Any pointers to the CORRECT information about how to do this would be good. And remember, I definitely need the client credentials type flow. There is no human interaction between my app and the Azure DevOps REST API.
Update
Here is what I have in Postman right now:
Note:
You can see the check boxes which I am using to toggle application/x-www-form-urlencoded key / value pairs on and off
the resource - 499b84ac-1321-427f-aa17-267ca6975798 is apparently the GUID for Azure DevOps and doesn't change
If I look inside the HTML from the 500 error I see this: Could not find partition for hostId: 499b84ac-1321-427f-aa17-267ca6975798 which is the DevOps resource GUID mentioned above.
And here is the 500 error I get from Azure Devops:
It's all very confusing but I am sure I just need to tweak one or two things to get it working.
I want to use client_credential flow in Azure DevOps for the same reasons as you! Last time I spoke to support they told me it was planned for Q3 2020. Reviewing the roadmap I can't see it on there at the moment. I also couldn't see any feature requests currently raised on Dev Community so you could consider trying to raise the profile of this issue on there.
Here is the steps to connect to a SQL Server or Azure SQL database from Azure Logic apps using the Azure portal.
https://learn.microsoft.com/en-us/azure/connectors/connectors-create-api-sqlazure
But, I have to create SQL Server Connector's API Connection using the DotNet SDK.
Currently, I can't find the creating logicApp connector API connection function from Azure SDK document.
If use the Rest API is possible, we could use the following rest API to do that.
put https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourcegroup}/providers/Microsoft.Web/connections/sql?api-version=2016-06-01
I also test it on my side with postman with following body.
{"properties":{"api":{"id":"/subscriptions/{subscriptionid}/providers/Microsoft.Web/locations/eastus/managedApis/sql"},"parameterValues":{"server":"{yourserverName}.database.windows.net","database":"{databaseName}","username":"{username}","password":"{password}"},"displayName":"{name}"},"location":"{location}"}
How to get the authorization token, please refer to another SO thread.
I am trying to deploy the Spring Cloud Data Flow Server to an enterprise Pivotal Cloud Foundry instance using an application manifest.yml.
My first concern is externalizing the SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_USERNAME and SPRING_CLOUD_DEPLOYER_CLOUDFOUNDRY_PASSWORD properties from the manifest so I'm not storing them in plain text in version control. Is there a best practice to accomplish that? Where does that fit into the workflow of deploying a Data Flow Server and associated Streams/Tasks? My initial idea is to create a new Cloud Foundry user for the Data Flow Server that can deploy applications to the org/space I am using, then potentially use Spring Cloud Config to inject the credentials into the env. Is that a typical solution?
My second concern is requiring TLS/HTTPS for all of the Data Flow Server's web endpoints. I again attempted to omit the properties concerning the key store locations from the manifest in the SPRING_APPLICATION_JSON env entry, but that again caused initialization to fail. Does the Cloud Foundry Java buildpack have a standard location for those certificate stores, or is that specific to my Cloud Foundry instance? I also want to redirect all HTTP requests to HTTPS? Do I need to create a custom build of the Cloud Foundry Data Flow Server to do that?
Thanks for any help.
UPDATE:
Based on other SO posts, I have now resolved that I do not need to enable HTTPS/TLS from the Data Flow Server config in its embedded Tomcat server because it is sitting behind Cloud Foundry's proxy. However, I cannot see a way to require and redirect to HTTPS endpoints other than creating a customized build of the Data Flow Server for Cloud Foundry with the proper configuration.
You can refer the documentation for this here.
The Security section from the docs linked in the previous answer should be useful. I'll attempt to reply few specific questions.
I'm not storing them in plain text in version control
A few of our customers use Config-Server + Vault integration for encrypted password credentials.
My initial idea is to create a new Cloud Foundry user for the Data Flow Server that can deploy applications to the org/space I am using, then potentially use Spring Cloud Config to inject the credentials into the env. Is that a typical solution?
This whole experience will be automated with e2e OAuth/SSO workflow with Spring Cloud Data Flow's tile, which will be available as a BETA tile by this month. There won't be any clear-text passwords - everything will be OAuth token driven, and the service-broker will control the lifecycle of SCDF's service-instance. Please reach out to PCF account rep and we would gladly add you to the BETA program.
G'day Everyone.
I have a Web application running with AWS S3, RDS, Lambda and API Gateway using an AWS Cognito user pool as login service. This is working good so far. But now i would like to integrate it with Azure ID.
Does someone has a good documentation about it. I can only find documentation for the other way round or for integration Azure AD into the AWS Console.
The reason could be that this feature just went from beta to production a few weeks ago.
The steps are quite long, but I've created a tutorial on setting this up.
There is a current bug within the AzureAD web console that prevents changing the App ID to a URN, but it can be worked around by modifying the parameter with AzureAD powershell.
See the following blog post here:
https://www.idea11.com.au/how-to-set-up-aws-cognito-federation-office365/
I ran into some troubles while logging in via personal live/hotmail accounts using SAML, turns out there's no proper support for that yet, try OIDC.
Follow:
https://www.terminalbytes.com/azure-ad-integration-as-an-idp-with-aws-cognito/
According to the releases a few day ago by Scottgu, its now possible to use the windows azure management api without client certificates.
Are there any examples of doing this?
I have a Azure Cloud Service Package that I would like to let people deploy from my website. Therefore I would like to, from javascript, to authenticate the user to their Azure subscription ( some oauth against the WAAD ) and then by rest api deploy my package for them.
I dont need a concrete examples, but just some pointers on how I could do this.
I dont want users to give me their passwords offcause, therefore i need some guidance on how I can do SSO of the user against WAAD/Windows Azure management api and from there use the access token to deploy the package.
As of today, the Service Management API documentation regarding this new authentication mechanism (http://msdn.microsoft.com/en-us/library/windowsazure/ee460782.aspx) is not updated. Since the new login mechanism is supported in PowerShell which is essentially a REST Wrapper over this API and is open source, one thing you could do is take a look at the source code of the Cmdlets on Github (https://github.com/WindowsAzure/azure-sdk-tools) to see how it is accomplished there and write something of your own (and share it here:)).