I have an application hosted in Azure PAAS. The connection string for the application is stored under 'Configuration' -> 'Connection strings'
My application has a PowerShell instance. I want to iterate through all the Connection strings present under 'Configuration' -> 'Connection strings'
I have seen the Azure document. As my application itself is the app, can there be a way to skip the details like 'subscriptionId', 'resourceGroupName' and 'name'?
This will help to make the code more generic.
As my application itself is the app, can there be a way to skip the
details like 'subscriptionId', 'resourceGroupName' and 'name'?
AFAIK, Its not possible to acquire the connection strings using Rest API, or PowerShell of an Azure web application without providing Resource group name or subscription.
The MS DOCUMENT you have followed is to list the connection strings which is correct but we need to pass those credentials to achieve the same.
If my understanding is correct as its your own application and if its publicly hosted then anyone will not be able to get the resource group name, application name(If you are using custom domain) or subscription details.
Alternatively, we can use the Az cli by providing the resource group only :-
For more information please refer the below links:-
SO THREAD|Get the list of azure web app settings to be swapped using PowerShell
If you are going to use the REST API calls for your code, then the simple answer is just: No.
I think in all cases the answer is going to be no honestly..
You can't drop those unique IDs, because those are required parameters to retrieve the correct data.
If you want to make the code more generic, then you should write the code to retrieve the values for those parameters. Instead of hardcoding the values.
Your powershell code will always need to authenticate, or use a Managed Identity, and the identity used to authenticate will always have the subscriptionid as value in its object. As for the rest, well i think you get the gist of what im suggesting.
Related
I am trying to use a template to deploy a managed Kubernetes cluster (AKS). My problem is that the template has a parameter aadSessionKey that I seem to be unable to locate.
I assume the expanded name of the parameter is Azure AD SessionKey. When I look in the portal, I can see that my Azure AD has a Name, Application ID and Object ID, but nothing that looks like a session key, nor a way to generate such a thing.
I am using a free trial account if that matters.
Can you try entering any random value and try deploying it. It seems like this is system generated value which is not to be filled by clients. This has been present in template for some other reason.
Ref - https://twitter.com/ashtonkj/status/1196384865672925184
Is it possible to use the cross-resource query (with 2 subscriptions) from the an Application-Insights resource's, Logs(Analytics) blade in the Azure portal?
I've managed to use the full qualified name for the same app I'm using!
i.e. using
app("/subscriptions/sub1/resourceGroups/rg1/providers/microsoft.insights/components/apptelemetry1").requests in apptelemetry1 returns the same result as the query requests. But trying to use a similar query for an app in another subscription doesn't work (I've double checked the resources names many times).
I've Tried using the all of the options listed in app-expression,
cross-workspace-query.
(Resource name, Qualified Name, ID, Azure Resource ID).
The only response I'm getting is: "The following application isn’t available anymore".
Since you cannot use this query app("/subscriptions/sub1/resourceGroups/rg1/providers/microsoft.insights/components/apptelemetry1").requests in the application insights instance apptelemetry1 itself, there must be some problem with the instance apptelemetry1.
You can check if you have the read access to the application.
And if it's still cannot after assign read access, you can submit a support ticket where you can get professional help from Microsoft.
What are best practices for :
managing app settings
including connection string-access key for other resources
inside/outside of the resource group?
Some of the examples utilize using listKeys function inside templates, but I'm wondering if there is better way of doing this, especially, when I need to include resource access keys outside of my subscription and resource group.
Also, the example utilizes concat functino, is there a way to retrieve the whole connectionstring-access key string from the resource directly? or maybe store them inside keyvault of external paramters file?
Thanks
Best Practice is to use the functions (list*, reference), here: https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-template-functions#resource-functions
They will work across subscriptions provided you have the full resourceId passed in.
For the other questions, it would help to see the code you're thinking about to provide advice...
In terms of managing app settings, I think it would depends on what type of settings you are referring, is it sensitive? Do you want it to be securely stored?
If the key is sensitive to your business requirement, then it wouldn't be suitable for having it directly in your function app in plaintext, what you could do is to use listkeys to retrieve keys while provisoning your keyvault and then get them in runtime from your function probably is better approach.
I'm trying to build a small program to change the autoscale settings for our Azure WebApps, using the Microsoft.WindowsAzure.Management.Monitoring and Microsoft.WindowsAzure.Management.WebSites NuGet packages.
I have been roughly following the guide here.
However, we are interested in scaling WebApps / App Services rather than Cloud Services, so I am trying to use the same code to read the autoscale settings but providing a resource ID for our WebApp. I have already got the credentials required for making a connection (using a browser window popup for Active Directory authentication, but I understand we can use X.509 management certificates for non-interactive programs).
This is the request I'm trying to make. Credentials already established, and an exception is thrown earlier if they're not valid.
AutoscaleClient autoscaleClient = new AutoscaleClient(credentials);
var resourceId = AutoscaleResourceIdBuilder.BuildWebSiteResourceId(webspaceName: WebSpaceNames.NorthEuropeWebSpace, serverFarmName: "Default2");
AutoscaleSettingGetResponse get = autoscaleClient.Settings.Get(resourceId); // exception here
The WebApp (let's call it "MyWebApp") is part of an App Service Plan called "Default2" (Standard: 1 small), in a Resource Group called "WebDevResources", in the North Europe region. I expect that my problem is that I am using the wrong names to build the resourceId in the code - the naming conventions in the library don't map well onto what I can see in the Azure Portal.
I'm assuming that BuildWebSiteResourceId is the correct method to call, see MSDN documentation here.
However the two parameters it takes are webspaceName and serverFarmName, neither of which match anything in the Azure portal (or Google). I found another example which seemed to be using the WebApp's geo region for webSpaceName, so I've used the predefined value for North Europe where our app is hosted.
While trying to find the correct value for serverFarmName in the Azure Portal, I found the Resource ID for the App Service Plan, which looks like this:
/subscriptions/{subscription-guid}/resourceGroups/WebDevResources/providers/Microsoft.Web/serverfarms/Default2
That resource ID isn't valid for the call I'm trying to make, but it does support the idea that a 'serverfarm' is the same as an App Service Plan.
When I run the code, regardless of whether the resourceId parameters seem to be correct or garbage, I get this error response:
<string xmlns="http://schemas.microsoft.com/2003/10/Serialization/">
{"Code":"SettingNotFound","Message":"Could not find the autoscale settings."}
</string>
So, how can I construct the correct resource ID for my WebApp or App Service Plan? Or alternatively, is there a different tree I should be barking up to programatially manage WebApp scaling?
Update:
The solution below got the info I wanted. I also found the Azure resource explorer at resources.azure.com extremely useful to browse existing resources and find the correct names. For example, the name for my autoscale settings is actually "Default2-WebDevResources", i.e. "{AppServicePlan}-{ResourceGroup}" which I wouldn't have expected.
There is a preview service https://resources.azure.com/ where you can inspect all your resources easily. If you search for autoscale in the UI you will easily find the settings for your resource. It will also show you how to call the relevant REST Api endpoint to read or update that resorce.
It's a great tool for revealing a lot of details for your deployed resources and it will actually give you an ARM template stub for the resource you are looking at.
And to answer your question, you could programmatically call the REST API from a client with updated settings for autoscale. The REST API is one way of doing this, the SDK another and PowerShell a third.
The guide which you're following is based on the Azure Service Management model, aka Classic mode, which is deprecated and only exists mainly for backward compatibility support.
You should use the latest
Microsoft.Azure.Insights nuget package for getting the autoscale settings.
Sample code using the nuget above is as below:
using Microsoft.Azure.Management.Insights;
using Microsoft.Rest;
//... Get necessary values for the required parameters
var client = new InsightsManagementClient(new TokenCredentials(token));
client.AutoscaleSettings.Get(resourceGroupName, autoScaleSettingName);
Besides, the autoscalesettings is a resource under the "Microsoft.Insights" provider and not under the "Microsoft.Web" provider, which explains why you are not able to find it with your serverfarm resourceId.
See the REST API Reference below for getting the autoscale settings.
GET
https://management.azure.com/subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/providers/microsoft.insights/autoscaleSettings/{autoscale-setting-name}?api-version={api-version}
I am developing a client-server application where I want the client (Azure VM) to send its instance ID to the server. The server will use this instance ID to link it with the corresponding VM from the list of imported Azure instances (using Azure cloud credentials).
I am facing some problems:
I am using the web endpoint which the client talks to , to get its instance ID. However, as mentioned in the article (https://azure.microsoft.com/en-us/blog/what-just-happened-to-my-vm-in-vm-metadata-service/), I get empty info returned. How do I get the instance ID?
From the imported VMs, I don't get any attribute which is the instance ID but rather just instance Name and Private ID along with a bunch of other information.
I didn't have this problem for AWS as I clearly get instance ID on both sides.
Maybe you could use something like:
curl -H Metadata:true "http://169.254.169.254/metadata/instance/compute/vmId?api-version=2017-08-01&format=text"
As described here:
https://learn.microsoft.com/en-us/azure/virtual-machines/windows/instance-metadata-service
Which instance ID is this? (i.e. how do you get the list of ID's and what is their format?) Is it the one mentioned in the article below? If so, then the article below shows how to get it :).
https://azure.microsoft.com/en-us/blog/accessing-and-using-azure-vm-unique-id/
How are You acquiring this data, by means of which tools (xPlat Cli, PowerShell, MAML, REST API...?) maybe look here too https://azure.microsoft.com/en-us/blog/accessing-and-using-azure-vm-unique-id/