I'm trying to remove a specific URL from Azure App Registrations. I tried the below command.
az ad app update --id <app-id> --remove web-redirect-uris 0
I used '0' (Index) as it doesn't allow us to delete the URL value. But it gives below error.
Couldn't find 'web' in 'web.redirect'. Available options: []
UPDATED
az rest \
--method PATCH \
--uri "https://graph.microsoft.com/v1.0/applications/<object-id>" \
--headers 'Content-Type=application/json' \
--body “{web:{redirectUris: https://URL1}}”
unrecognized arguments: https://URL1}}”
New
az rest \
--method "delete" \
--uri "https://graph.microsoft.com/v1.0/applications/<object-id>" \
--headers "{'Content-Type': 'application/json'}" \
--body "{'web': 'redirectUris': [ 'https://URL1' ] }"
As per august 2022, it is not supported anymore (due to MS Graph Migration).
From the documentation:
Generic update arguments --add, --set and --remove currently don't work. You may use az rest to directly call Microsoft Graph API for non-supported properties.
You can track the github issue here: Azure CLI cannot set values on nested properties.
so in your case something like that should work
az rest \
--method "patch" \
--uri "https://graph.microsoft.com/v1.0/applications/<object-id>" \
--headers "{'Content-Type': 'application/json'}" \
--body "{'web': 'redirectUris': [ 'https://URL1' ] }"
Related
Quarkus Azure function apps currently rely on the Maven azure-functions-maven-plugin plugin to perform a deployment of the function. However, this means that I need to package the application source code and rebuild it with each deployment. This is not ideal, as I really want an immutable package that I can deploy, promote, and roll back without rebuilding.
Is there any way to deploy a prepackaged Quarkus app without the Maven plugin?
The reality is that Microsoft has done a poor job of supporting Java developers deploying to Azure functions. The requirement to recompile the app with each deployment, which is the only option available to you when using the Maven plugin, is an anti-pattern for repeatable and reliable deployments.
Digging through the source code of the Maven plugin eventually leads you to the RunFromBlobFunctionDeployHandler class, which uploads a ZIP file as a blob, creates a long lived SAS token, and then sets the WEBSITE_RUN_FROM_PACKAGE setting to the SAS URL.
To recreate this process, we first need a function.json file, which will redirect all requests to the Quarkus io.quarkus.azure.functions.resteasy.runtime.Function.run class. You can get this class by generating a sample Quarkus project, as documented here:
{
"scriptFile" : "../products-microservice-runner.jar",
"entryPoint" : "io.quarkus.azure.functions.resteasy.runtime.Function.run",
"bindings" : [ {
"type" : "httpTrigger",
"direction" : "in",
"name" : "req",
"route" : "{*path}",
"methods" : [ "GET", "POST", "HEAD", "PUT", "OPTIONS", "DELETE" ],
"dataType" : "binary",
"authLevel" : "ANONYMOUS"
}, {
"type" : "http",
"direction" : "out",
"name" : "$return"
} ]
}
You then need a host.json file, again generated by the sample Quarkus project:
{
"version": "2.0"
}
Once we build your Quarkus Azure function app, you'll have a self contained JAR file. In my case it was called products-microservice-runner.jar. The next step is to recreate the directory structure documented here:
rm -rf /tmp/octopubproductservice
mkdir /tmp/octopubproductservice
mkdir /tmp/octopubproductservice/octopubproductservice
cp target/products-microservice-runner.jar /tmp/octopubproductservice
cp azure-config/host.json /tmp/octopubproductservice
cp azure-config/function.json /tmp/octopubproductservice/octopubproductservice
pushd /tmp/octopubproductservice
zip -r $ZIP_FILE .
popd
This produces a ZIP file like this:
Now create the resource group, storage account, and function as documented here:
REGION=australiaeast
RESOURCE_GROUP=octopubproductservice
FUNCTION_NAME=octopubproductservice
STORAGE_ACCOUNT=octopubproductservice
STORAGE_SKU="Standard_LRS"
ZIP_FILE=product-service-azure.zip
CURRENT_DATE=$(date +%Y%m%d)
SAS_EXPIRY=$(date -d "$CURRENT_DATE +10 years" +%Y-%m-%d)
# Create a resource group
az group create --location $REGION --name $RESOURCE_GROUP
# Create a storage account
az storage account create --name $STORAGE_ACCOUNT --resource-group $RESOURCE_GROUP --sku $STORAGE_SKU
# Create a function app
az functionapp create \
--name $FUNCTION_NAME \
--resource-group $RESOURCE_GROUP \
--storage-account $STORAGE_ACCOUNT \
--consumption-plan-location $REGION \
--functions-version 4 \
--os-type linux \
--runtime java \
--runtime-version 11.0
Next upload the function package and generate an SAS token:
# Upload the function package
az storage blob upload \
--account-name $STORAGE_ACCOUNT \
--container-name java-functions-run-from-packages \
--name product-service-azure.zip \
--file /tmp/octopubproductservice/product-service-azure.zip \
--overwrite \
--auth-mode key
# Create a SAS key for the function package
URL=$(az storage blob generate-sas \
--account-name $STORAGE_ACCOUNT \
--container-name java-functions-run-from-packages \
--name product-service-azure.zip \
--permissions r \
--expiry $SAS_EXPIRY \
--auth-mode key \
--full-uri)
# The URL is quoted. We treat this as a JSON string, and use jq to return the raw string
FIXED_URL=$(echo $URL | jq -r '.')
Finally, set the WEBSITE_RUN_FROM_PACKAGE setting to the SAS URL, which is required when deploying Linux functions:
# The raw string is set as the WEBSITE_RUN_FROM_PACKAGE value, which indicates Azure
# must download the function from the URL.
az functionapp config appsettings set \
--name $FUNCTION_NAME \
--resource-group $RESOURCE_GROUP \
--settings "WEBSITE_RUN_FROM_PACKAGE=$FIXED_URL"
At that point your Quarkus app should be working.
I am trying to get the AML token using CLI.
I am able to get the token using the command -> token=$(az account get-access-token --subscription {subscri ID} --resource-type arm --query accessToken --output tsv)
but when I use this token to get the AMLToken I get below error, however it is working fine if I make this query using postman :
curl -d POST --header "Authorization: Bearer $token" "https://management.azure.com/subscriptions/{subcri id}/resourceGroups/{res_grup}/providers/Microsoft.MachineLearningServices/workspaces/{workspace}/onlineEndpoints/{endpoint}/token?api-version=2022-05-01"
the error which I get is below :
{
"error": {
"code": "UnsupportedApiVersion",
"message": "The HTTP resource that matches the request URI 'https://cert-eastus2.experiments.azureml.net/mferp/managementfrontend/subscriptions/{sub_id}/resourceGroups/{r_group}/providers/Microsoft.MachineLearningServices/workspaces/{workspace}/onlineEndpoints/{endpoint}/token' does not support the API version '2022-05-01'.",
"innerError": null
}
}
any helps or pointers please, why I am getting this error? Not able to find any documentation for it.
I tried to reproduce the same in my environment and got the below results
I ran the same commands as you and got the same error as below:
token=$(az account get-access-token --subscription subscriptionID --resource-type arm --query accessToken --output tsv)
url="https://management.azure.com/subscriptions/subscriptionID/resourceGroups/rgname/providers/Microsoft.MachineLearningServices/workspaces/workspace_name/onlineEndpoints/endpoint_name/token?api-version=2022-05-01"
curl -d POST --header "Authorization: Bearer $token" $url
Response:
When I did the same via Postman, I got the AML token successfully like below:
Alternatively, make use of below Azure CLI command to get AML token like below:
az ml online-endpoint get-credentials --name <endpoint_name> --resource-group <rg_name> --workspace-name <workspace_name>
I ran the same command and got AML token successfully like below:
When I decoded the token in jwt.ms, I got the claims same as token from Postman like below:
I am trying to pass parameters in via the parameter file in Azure Cli
The script below ignores my file
What am I doing wrong?
I have also tried ParameterTemplateFile as mentioned in another post here but that doesnt work either
templateFile="Path\template.json"
parameterFile="Path\parameters.json"
az deployment group create \
--name <NAME> \
--resource-group <RESOURCE GROUP>\
--template-file $templateFile \
--parameter-file $parameterFile
When running via Azure Cli I should have been using #parameters.json
I am attempting to reverse engineer this command so I can move it into Terraform:
az aks create --resource-group "..." --name "..." \
--network-plugin azure \
--enable-managed-identity \
-a ingress-gateway --appgw-name "myAksGateway" --appgw-subnet-id "..." \
--node-vm-size "..." \
--service-cidr "..." \
--vnet-subnet-id "..." \
--docker-bridge-address "..." \
--dns-service-ip "..." \
--generate-ssh-keys
Everything is going fine except for the Application Gateway part.
Is there any way to ask the Azure CLI to do a dry run and simply show me all the creation data it is using?
I looked at az aks create --help but it didn't have a dry run option.
The basics for azurerm_kubernetes_cluster are straight-forward, as is the azurerm_application_gateway; something is off and I want to see what it is doing under the covers to get it just right. There's some differences I am trying to get ironed out and it would be much easier to just see what it's doing.
I can't run az aks create --debug because of resource limits and the basic JSON output on the AKS resource isn't verbose enough for what I am looking for.
You can't get all the creating data from the CLI command even if you use the parameter --debug, it only shows you the REST API behind the CLI command. You can get all the steps to install the AGIC for the AKS cluster here. Then you can transfer all the steps into Terraform.
I would like to create application insights using AZURE CLI. I can't find any documentation on this topic. Is it possible?
The link provided by Rohit works
az resource create \
--resource-group $RESOURCE_GROUP \
--resource-type "Microsoft.Insights/components" \
--name $NAMESPACE_PREFIX-appinsights \
--location $PRIMARY_LOCATION \
--properties '{"Application_Type":"web"}'
https://github.com/Azure/azure-cli/issues/5543#issuecomment-365001620
The az monitor app-insights component provide commands for creating, inspecting modifying, and deleting application insights components from the command line.
Use: az monitor app-insights component create
az monitor app-insights component create --app
--location
--resource-group
[--application-type]
[--ingestion-access {Disabled, Enabled}]
[--kind]
[--query-access {Disabled, Enabled}]
[--retention-time]
[--tags]
[--workspace]
If you need to associate the generated instrumentation key with another resource, such as a function app, you can use grep and xargs as follows:
# Creates insights component for monitoring. Note generated instrumentation key
# is set in function app.
az resource create \
--resource-group ${RESOURCE_GROUP_NAME} \
--resource-type "Microsoft.Insights/components" \
--name ${FUNCTION_APP_NAME} \
--location ${LOCATION} \
--properties '{"Application_Type":"web"}' \
| grep -Po "\"InstrumentationKey\": \K\".*\"" \
| xargs -I % az functionapp config appsettings set \
--name ${FUNCTION_APP_NAME} \
--resource-group ${RESOURCE_GROUP_NAME} \
--settings "APPINSIGHTS_INSTRUMENTATIONKEY = %"
Application Insights is an extensible Application Performance Management (APM) service for web developers on multiple platforms. You can use it to monitor your live web application. You can get more details about Application Insights.
It belongs to the Azure Monitor. You can find appropriate CLI command from az monitor. Hope this will be helpful.