Bonjour !
I want to use Update-MgPrivilegedAccessResourceRoleSetting cmdlet, from the Microsoft.Graph PowerShell module, in my Azure portal.
I want to update some settings of my PIM role (for example MfaRule or ExpirationRule)
But I obtain this error :
{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
What is this URL ??
In the debug log (I can't copy/paste the .jpg here), I have :
DEBUG: [CmdletBeginProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting begin processing with parameterSet 'UpdateExpanded'.
DEBUG: [Authentication]: - AuthType: 'Delegated', AuthProviderType: 'InteractiveAuthenticationProvider', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph PowerShell'.
DEBUG: [Authentication]: - Scopes: [Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Directory.Read.All, Domain.Read.All, Group.Read.All, openid, Policy.Read.All, Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureADGroup, PrivilegedAccess.Read.AzureResources, PrivilegedAccess.ReadWrite.AzureResources, profile, RoleAssignmentSchedule.Read.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PATCH
Absolute Uri:
https://graph.microsoft.com/beta/privilegedAccess/azureResources/resources/********-****-****-****-************/roleSettings/********-****-****-****-************
Headers:
FeatureFlag : 00000047
Cache-Control : no-store, no-cache
SdkVersion : graph-powershell/1.18.0,Graph-dotnet-1.25.1
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22621; fr-CA),PowerShell/7.3.1
Accept-Encoding : gzip
Body:
{}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
NotFound
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 5fb90750-367b-4976-8913-659c5b5863ba
client-request-id : 5fb90750-367b-4976-8913-659c5b5863ba
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"QB1PEPF00001038"}}
Date : Fri, 16 Dec 2022 21:00:48 GMT
Body:
{
"error": {
"code": "UnknownError",
"message": "{\"message\":\"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'.\"}",
"innerError": {
"date": "2022-12-16T21:00:48",
"request-id": "5fb90750-367b-4976-8913-659c5b5863ba",
"client-request-id": "5fb90750-367b-4976-8913-659c5b5863ba"
}
}
}
Update-MgPrivilegedAccessResourceRoleSetting_UpdateExpanded:
Line |
20 | … Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedA …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
DEBUG: [CmdletEndProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting end processing.
The first Id is always the rigth resource id, and the second the rolesettings id
My exact command is :
Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedAccessId azureResources -GovernanceResourceId $RoleSetting.ResourceId -GovernanceRoleSettingId $RoleSetting.Id
And I'm sure to have the right Ids for ResourceId and RoleSettingsId.
Maybe I forgot something ?
That works with AzureAD module, but I don't want to use it anymore :
Set-AzureADMSPrivilegedRoleSetting -ProviderId AzureResources -Id $RoleSetting.Id -ResourceId $RoleSetting.ResourceId -RoleDefinitionId $RoleSetting.RoleDefinitionId -UserMemberSettings $setting
Is there someone to help me ?
Microsoft documentation page is not very complete !
Thanks, a lot
Install Governance module to run Graph Powershell Cmd.
Module Name:
Import-Module Microsoft.Graph.Identity.Goverance
Follow the MS Doc here: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/update-mgprivilegedaccessrolesetting?view=graph-powershell-beta
FYI, I had my response (here).
I have to use this cmdlet :
Update-MgPrivilegedAccessRoleSetting
This one is not functionnal :
Update-MgPrivilegedAccessResourceRoleSetting
So, just use :
$setting = #{
UserMemberSettings = #(
#{
RuleIdentifier = "MfaRule"
Setting = '{"mfaRequired":true}'
}
)
}
Update-MgPrivilegedAccessRoleSetting -PrivilegedAccessId "azureResources" -GovernanceRoleSettingId $RoleSetting.Id -BodyParameter $setting
Related
I have a working InfluxDb2 server and, on a Raspberry Pi, the Python client library.
I've generated the the tokens in the server UI and copied an all-areas one into the Python. The test bucket is set up in the UI too. In the Python program I have this:
bucket = "test"
org = "test-org"
#
token = "blabla=="
# Store the URL of your InfluxDB instance
url="http://10.0.1.1:8086/api/v2"
client = influxdb_client.InfluxDBClient(
url=url,
token=token,
org=org
)
Followed later by:
p = influxdb_client.Point("my_measurement").tag("location", "Prague").field("temperature", 25.3)
write_api = client.write_api(write_options=SYNCHRONOUS)
write_api.write(bucket='test', org='test-org', record=p)
I've overcome the not-authorized but now, whatever I do, I end up with this:
influxdb_client.rest.ApiException: (404)
Reason: Not Found
HTTP response headers: HTTPHeaderDict({'Content-Type': 'application/json; charset=utf-8', 'X-Influxdb-Build': 'OSS', 'X-Influxdb-Version': 'v2.2.0', 'X-Platform-Error-Code': 'not found', 'Date': 'Tue, 26 Apr 2022 14:35:50 GMT', 'Content-Length': '54'})
HTTP response body: {
"code": "not found",
"message": "path not found"
}
I've also gone back to Curl which gives me not authorized problem with the same parameters. Any help appreciated, beginning to regret trying to upgrade now.
You don't need the /api/v2 in your url parameter, just url="http://10.0.1.1:8086"
See https://github.com/influxdata/influxdb-client-python#getting-started
I am currently using SDK version 3.39.0 and version 0004 of the API_MKT_CONTACT service definition to create a new Contact in Marketing Cloud with the following code:
ContactOriginData contact =
ContactOriginData.builder()
.originOfContact(origin)
.originTimestamp(ZonedDateTime.now())
.externalContactID(pii.getId().toString())
.firstName(pii.getFirstName())
.lastName(pii.getLastName())
.language(pii.getLanguage())
.countryReg(pii.getRegion())
.build();
// use low level API as a work around for https://github.com/SAP/cloud-sdk/issues/156
ODataRequestUpdate contactRequest = service
.updateContactOriginData(contact)
.withHeader("Sap-Cuan-RequestTimestamp", getFormattedTime(System.currentTimeMillis()))
.withHeader("Sap-Cuan-SequenceId", "UpdatePatch")
.withHeader("Sap-Cuan-SourceSystemType", "EXT")
.withHeader("Sap-Cuan-SourceSystemId", "sdk-test")
.toRequest();
String servicePath = "/sap/opu/odata/SAP/API_MKT_CONTACT_SRV;v=0004";
ODataRequestBatch requestBatch = new ODataRequestBatch(servicePath, ODataProtocol.V2);
requestBatch.beginChangeset().addUpdate(contactRequest).endChangeset();
HttpClient httpClient = HttpClientAccessor.getHttpClient(destination);
ODataRequestResultMultipartGeneric batchResult = requestBatch.execute(httpClient);
Running this produces the following error:
{
"error": {
"code": "/IWFND/CM_MGW/096",
"message": {
"lang": "en",
"value": "PATCH requests require components to be updated"
},
"innererror": {
"application": {
"component_id": "CEC-MKT-DM-IC",
"service_namespace": "/SAP/",
"service_id": "API_MKT_CONTACT_SRV",
"service_version": "0004"
},
"transactionid": "3B63A2A6CC920630E0060492A51E7EE7",
"timestamp": "20210310210334.4378960",
"Error_Resolution": {
"SAP_Transaction": "For backend administrators: use ADT feed reader \"SAP Gateway Error Log\" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details",
"SAP_Note": "See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)",
"Batch_SAP_Note": "See SAP Note 1869434 for details about working with $batch (https://service.sap.com/sap/support/notes/1869434)"
},
"errordetails": []
}
}
}
However, if I execute a similar request in postman it works without issue:
Request Payload:
--batch
Content-Type: multipart/mixed; boundary=changeset
--changeset
Content-Type: application/http
Content-Transfer-Encoding: binary
PATCH ContactOriginData(ContactOrigin='<ContactOrigin>',ContactID='24D8F7F6-440D-44F8-A24B-552435477688') HTTP/1.1
Accept: application/json
Content-Type: application/json
Content-Length: 172
Sap-Cuan-RequestTimestamp: '2021-03-10T14:07:00.000'
Sap-Cuan-SequenceId: UpdatePatch
Sap-Cuan-SourceSystemType: EXT
Sap-Cuan-SourceSystemId: postman-test
{"OriginDataLastChgUTCDateTime":"/Date(1615410479885)/","EmailAddress":"samantha.cook#theoasis.com","FirstName":"Samantha","LastName":"Cook","Country":"US","Language":"EN"}
--changeset--
--batch--
Response Payload:
--1D7E85E6BC66B34E61ACF0EF3964CBD90
Content-Type: multipart/mixed; boundary=1D7E85E6BC66B34E61ACF0EF3964CBD91
Content-Length: 430
--1D7E85E6BC66B34E61ACF0EF3964CBD91
Content-Type: application/http
Content-Length: 262
content-transfer-encoding: binary
HTTP/1.1 204 No Content
Content-Length: 0
dataserviceversion: 2.0
sap-message: {"code":"HPA_STAGING_AREA/037","message":"Payload is processed via staging area. See Import Monitor for details.","target":"","severity":"info","transition":false,"details":[]}
--1D7E85E6BC66B34E61ACF0EF3964CBD91--
--1D7E85E6BC66B34E61ACF0EF3964CBD90--
I should note that I have also tried using .replacingEntity() which doesn't work either and produces a completely different error:
Inline component is not defined or not allowed (HTTP PUT)
Is there something with the SDK that I am missing or not using correctly?
Any help would be appreciated!
Cheers!
To update an entity you should get it from the service first. That is regardless whether you are using:
PATCH which will update only changed fields
or PUT which will send the full entity object
Currently you are creating a new entity object via the builder: ContactOriginData.builder(). Instead, please use the corresponding getContactOriginDataByKey() method of your service to first retrieve the entity to update from the service. Actually many services will force you to do this to ensure you are always editing the latest version of your data. This often happens via ETags which the SDK will also handle for you automatically.
You can find more information about the update strategies from the SDK on the documentaiton.
Edit:
As you pointed out in the comments the actual goal is to create an entity and the specific service in question only allows PUT and PATCH to create objects.
In that case using replacingEntity() (which translates to PUT) should already work with your code. You can make PATCH work as well by replacing the builder approach with a constructor call + setter approach.
I'm currently converting my swagger file to openapi3 and I have an endpoint thats returning a json response and I am using produces to output it as text/plain. I know the produces key for responses has been replaced in openapi3 by content: text/plain: etc.. but this is no longer converting my response. So previously if I called response.text after calling the endpoint I would get "This is a test." but now I get '"This is a test."\n'
Swagger 2 file:
/api/logs:
get:
description: Retrieve logs .
operationId: controller.get_logs
responses:
"200":
description: Job logs found
schema:
type: string
produces:
- text/plain
Openapi 3 file:
/api/logs:
get:
description: Retrieve logs .
operationId: controller.get_logs
responses:
"200":
description: Job logs found
content:
text/plain:
schema:
type: string
Below is a snippet of the application code, we call an external API and just return the response from that call. I don't have a snippet of the Api code to share but I have added some logs to display the response content:
resp = job.get_output() # Api call
try:
json_resp = resp.json()
LOGGER.info(f"Response: {resp}")
LOGGER.info(f"JSON: {json_resp}")
LOGGER.info(f"Text: {repr(resp.text)}")
LOGGER.info(f"Headers: {dict(resp.headers)}")
except Exception as error:
return (
{
"message": f"Failed to get job output for job: {job_id}"
},
HTTPStatus.NOT_FOUND,
)
return json_resp, HTTPStatus.OK, dict(resp.headers)
Log output:
LOGGER - Response: <Response [200]>
LOGGER - JSON: This is a test.
LOGGER - Text: '"This is a test."\n'
LOGGER - Headers: {'Date': 'Tue, 28 Jul 2020 15:23:31 GMT', 'Content-Type': 'application/json', 'Content-Length': '18', 'Connection': 'keep-alive'}
What am I doing wrong or am I missing something?
I am having trouble with setting up my API. The error I am getting is as follows:
[
{
"message": "Wrong data in the response. ",
"error": [
{
"code": "INVALID_TYPE",
"params": [
"object",
"string"
],
"message": "Expected type object but found type string",
"path": "#/"
}
],
"content": "{\"success\":true,\"payload\":{\"userId\":47}}"
}
]
With response headers:
connection: keep-alive
content-length: 233
content-type: application/json; charset=utf-8
date: Fri, 17 Apr 2020 08:09:38 GMT
etag: W/"e9-2OFjPp0RZp8asoi4T2vo8yXiZxE"
x-powered-by: Express
Now I expected this to work, as this very same code worked when using Swagger 2.0 instead of the oas-tools 3.0.1. This is my swagger file:
openapi: 3.0.1
info:
title: Swagger test
version: 0.0.1
servers:
- url: http://localhost:8081/
paths:
/add-user:
post:
x-router-controller: 'addUser'
description: Adds a user to the database
operationId: add
requestBody:
$ref: '#/components/requestBodies/AddUser'
responses:
201:
description: Successfully added the user to the database
content:
application/json:
schema:
type: object
properties:
success:
type: boolean
payload:
type: object
properties:
userId:
type: integer
And this is my node script in which I send the response back:
db
.query(insert_user_query, [username, password])
.then(function(result) {
var response = {
"success": true,
"payload": {
"userId": result.rows[0].user_id
}
}
res.status(201).json(response)
})
Now I am completely lost, as I am building the JSON in the response variable, and I am setting response code 201 and sending it as json (which adds the application/json content-type), and yet Swagger interprets is as a string instead of an object.
Anyone here who could please point me in the right direction?
You have to take the string and parse it back into an object.
res.json() takes your object and converts it to a string using the json format. application/json is a string format and that's how you send javascript formatted objects over the network. They get converted to a canonical string format, sent over the network and then to use them as objects, they have to be parsed and converted back into real live objects.
You don't show your receiving code, but something on the receiving side needs to call JSON.parse() on the string response. That will return to you an actual object that you can use as it converts the json string back into an object on the receiving side.
I had the same problem and was using Express 4.x.
I could be mistaken, but I think there might be an issue with "res.json" (i.e. res.status(xxx).json({ a:b });)
I worked around the issue by using send:
res.status(201).send(response); // in your case
I have written a python script in my local machine and trying to run it and getting below error:
Error
{'error': {'code': 400,
'details': [{'#type': 'type.googleapis.com/google.rpc.Help',
'links': [{'description': 'Google developer console '
'API key',
'url': 'https://console.developers.google.com/project/[project_id]/apiui/credential'}]}],
'message': 'The API Key and the authentication credential are from '
'different projects.',
'status': 'INVALID_ARGUMENT'}}
python script to Build trigger
bashCommand = "gcloud auth print-access-token"
process = subprocess.Popen(bashCommand.split(), stdout=subprocess.PIPE)
output, error = process.communicate()
if error:
print(error)
headers = {
'Authorization' : 'Bearer '+str(output)[2:-3],
'Accept' : 'application/json',
'Content-Type' : 'application/json'
}
cloudbuild = {"build":
{"source":
{"repoSource":
{"projectId":"[PROJECT_ID]",
"repoName":"[repoName]",
"branchName":".*"
}
}
},
"description":"API TRigger for all branch",
"name":"[TRIGGER NAME]"
}
data = json.dumps(cloudbuild)
response = requests.post('https://cloudbuild.googleapis.com/v1/projects/[PROJECT_ID]/triggers?key=[API KEY]', headers=headers, data=data)
results_output = response.json()
pprint(results_output)
I also set the project in my local machine
gcloud config set project [project-name]
please give some solution for this.
Thanks in advance.
I removed API Key from request
Access-token is enough to run the above python script