I am trying to list all of my ADF pipelines and their dependent triggers.
As per this article https://learn.microsoft.com/en-us/rest/api/datafactory/triggers/get there is a simple GET method which will list all the triggers with their associated pipelines.
This is working fine when I use a web activity with GET method in ADF pipeline.
I am trying to do the same using powershell. The pipeline name which is visible in ADF output is no longer visible when running via powershell.
Can someone please help me with the code below to identify what needs to be added to fetch the dependent pipeline name for a trigger when this GET method is executed. Any other approach will also be highly appreciated.
Connect-AzAccount -Identity
$azContext = Get-AzContext
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
$token = $profileClient.AcquireAccessToken($azContext.Subscription.TenantId)
$authHeader = #{
'Content-Type'='application/json'
'Authorization'='Bearer ' + $token.AccessToken
}
$restUri = 'https://management.azure.com/subscriptions/1111111-1111-1111-11111-1111111/resourceGroups/resourceGroupName/providers/Microsoft.DataFactory/factories/DataFactoryName/triggers?api-version=2018-06-01'
$response = Invoke-RestMethod -Method GET -Header $authHeader -URI $restUri
$response | ConvertTo-Json
Powershell Output - Using powershell 5.1 via Azure runbook
"value": [
{
"id": "/subscriptions/1234-1234-1234-1234/resourceGroups/ResourceGroupName/providers/Microsoft.DataFactory/factories/DataFactoryName/triggers/eventbasedtrigger",
"name": "eventbasedtrigger",
"type": "Microsoft.DataFactory/factories/triggers",
"properties": "#{description=Tets Trigger; annotations=System.Object[]; runtimeState=Stopped; pipelines=System.Object[]; type=BlobEventsTrigger; typeProperties=}",
"etag": "000000-0000-0d00-0000-0000000"
},
Cheers
Powershell command Get-AzDataFactoryV2Trigger will provide you the list of triggers for an ADF pipeline / data factory
To get information about all the triggers in ADF:
Get-AzDataFactoryV2Trigger -ResourceGroupName "<RG_NAME>"
-DataFactoryName "<ADF_NAME>"
Get information about a specific trigger
Get-AzDataFactoryV2Trigger -ResourceGroupName "<RG_NAME>" -DataFactoryName "<ADF_NAME>" -TriggerName "<TRIGGER_NAME>"
Related
I'm trying to create a 'GET' method request to see if an old Azure Cloud Service (classic) is available or not - send a request and get the status code to see if its 200 OK or not.
I tried the following code:
function Get-AzCachedAccessToken() {
$AzureContext = Get-AzContext
$CurrentAzureProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile;
$CurrentAzureProfileClient = New-Object Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient($CurrentAzureProfile);
$AzureAccessToken = $CurrentAzureProfileClient.AcquireAccessToken($AzureContext.Tenant.Id).AccessToken;
$AzureAccessToken
}
function Get-AzBearerToken() {
$ErrorActionPreference = 'Stop'
('Bearer {0}' -f (Get-AzCachedAccessToken))
}
$CloudServiceURL = "http://test-myapp.cloudapp.net"
Invoke-RestMethod $CloudServiceURL `
-Headers #{Authorization = (Get-AzBearerToken) } `
-Method Get
The error I get is:
error msg
I'm also using an old Azure module in an automation workflow such as this: PowerShell Workflow Runbook so I could run it.
Is there anyway to restart an Azure classic cloud service role every interval?
I want to retrieve the list of subscriptions having Azure Data Factory resource in it. I want to use PowerShell and get the subscription list and ADF list.
I have tried Get-AzSubscription, but it does not contain filter for resource type i.e. Microsoft.DataFactory/factories. This filter can be added to only Get-AzResource.
Get-AzSubscription Module
Get-AzResource Module
Ok here you are:
$resType = "Microsoft.DataFactory/factories"
$resTypeName = "DataFactory"
Get-AzSubscription | ForEach-Object {
$subscriptionName = $_.Name
$tenantId = $_.TenantId
Set-AzContext -SubscriptionId $_.SubscriptionId -TenantId $_.TenantId
(Get-AzResource -ResourceType $ResType) | ForEach-Object {
[PSCustomObject] #{
true_sub = $subscriptionName
}
} | get-unique
} | Select-String 'true_sub' | ForEach-Object{ "Found_" + "$resTypeName" + "_In_Subscription= $($subscriptionName)"}
EDIT: Added variables to make it easily reusable for any resource type.
I used the code available here and here to create a custom one based on the requirements. Tested in my environment - it seems to work as expected.
I should disclose that I'm not an advanced PowerShell user, so the code I'm providing could really be sub-optimal.
The code below is an API call that will run an azure pipeline but the only problem I am having is I am unable to run it on custom branches and I have tried az commands but with az commands, you can't pass though parameters. My goal is basically I have a pipeline A and I want to run Pipeline B which isn't mind so I can't edit it but Pipeline B takes in a parameter called Tag and I want to pass that though from Pineline A but struggling to do so.
$token = -join("$Username", ":", "$PAT")
$headers = #{
Authorization = "Basic "+ [System.Convert]::ToBase64String([System.Text.Encoding]::ASCII.GetBytes($token))
'Content-Type' = "application/json"
}
$uri = "https://dev.azure.com/{$Company}/{$Team}/_apis/pipelines/{$ProjectID}/runs/?api-version=6.0-preview.1"
$pipelineBody=#{
resources=#{
repositories=#{
self=#{
ref="$Branch"
}
}
}
templateParameters=#{
Tag="$Tag"
}
} | ConvertTo-Json
$result = Invoke-WebRequest -Uri $uri `
-Headers $headers `
-Body "$pipelineBody" `
-Method Post `
#-SkipCertificateCheck `
#-SkipHttpErrorCheck `
#-ErrorAction Stop
if($result.StatusCode -ne "200")
{
throw $result
}
return ($result.Content | ConvertFrom-Json).url
You can closely (not directly what you want) achieve this by following below steps:
Create single pipeline for Pipeline A (Stage 1) and Pipeline B(Stage 2).
Add a dependency of Pipeline A(Stage 1) on Pipeline B(Stage 2) that it runs only when Pipeline A succeeds.
Use Powershell script in Stage 1 to set a pipeline variable to a value you trying to set for Stage 2 - using out variable in Powershell script task of ADO.
Consume the pipeline variable set above in the desired step (of Pipeline B).
I have a number of environments in azure which utilize on-premise Restful services for one of our customers. We currently have application insights configured within a resource group, and an availability test configured to ping a URL at a specified frequency, configured with an insights alert (email when goes down)
An access token is embedded into the URL which needs to be updated frequently. Is it possible to update the URL highlighted programmatically to replace the token (Scheduled/automated basis )
Just wondering what technologies could be used to update an availability URL on a scheduled basis (every two weeks)
Azure functions?
Some sort of PowerShell script as a scheduled task?
ARM templates using the example here https://learn.microsoft.com/en-us/azure/azure-monitor/app/powershell#add-an-availability-test
Any advice on how to proceed with this task efficiently and using the most appropriate technologies would be appreciated.
I have to say seems there is no PowerShell module provided to modify the url of App Insight webtest , but we can do it via REST API . Try the PowerShell below :
$clientId = "<your Azure AD application ID>"
$clientSec="<your Azure AD application secret>"
$appInsightName ="<your app insight name>"
$webtestName="<your webtest name>"
$subscriptionId = "<your subscription ID>"
$resourceGroupName = "<your resource group name that your app insight in>"
$tenant = "<your tenant name/ID>"
$newUrl = "<the new URL>"
#get access token to fetch details of webtest
$body=#{
"grant_type"="client_credentials";
"resource"="https://management.azure.com/";
"client_id"= $clientId;
"client_secret" = $clientSec
}
$accessToken=(Invoke-RestMethod -Uri "https://login.windows.net/$tenant/oauth2/token" -Method POST -Body $body ).access_token
$uri = "https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/microsoft.insights/webtests/{2}-{3}?api-version=2015-05-01"
$uri = $uri.Replace("{0}",$subscriptionId).Replace("{1}",$resourceGroupName).Replace("{2}",$webtestName).Replace("{3}",$appInsightName)
$webtestResult = Invoke-RestMethod -Uri $uri -Method GET -Headers #{"Authorization"="Bearer $accessToken"}
#modify the url of webtest
$webTestConf = [xml]#($webtestResult.properties.Configuration.WebTest)
$webTestConf.WebTest.Items.Request.Url = $newUrl
#structure request json to update webtest
$locations = $webtestResult.properties.Locations | ConvertTo-Json
$Configuration = $webTestConf.WebTest.OuterXml | ConvertTo-Json
$Configuration = $Configuration.Replace("\u003c","<").replace("\u003e",">")
$location = $webtestResult.location
$tags = $webtestResult.tags| ConvertTo-Json
$name = $webtestResult.properties.Name
$kind = $webtestResult.properties.Kind
$json = #"
{
"location":"$location",
"tags":$tags,
"properties":{
"Name":"$name",
"Enabled": true,
"Frequency": 300,
"Timeout": 120,
"Locations":$locations,
"Configuration":{"webtest":$Configuration},
"Kind":"$kind"
}
}
"#
Invoke-RestMethod -Uri $uri -Method PUT -Body $json -Headers #{"Authorization"="Bearer $accessToken";"Content-Type"="application/json"}
Except for Azure function, you can use Azure automation powershell Runbook with scheduled task to meet your requirement .
Btw, this powershell demo uses service principle to connect to your Azure subscription, make sure your Azure ad application has permission to modify your app insight. If you have anything unclear , pls feel free to let me know . This issue shall not be passed !
I want to monitor who made a change in rbac assignment, I created powershell script for collection data from Azure Activity Log. I used below piece of code. Using this solution I am able to get items like:
caller - user who made a role assignment change,
timestamp,
Resource name - on this resource assignment change has been provided,
action type - write or delete
In Activity Log panel in Azure portal, in Summary portal (Message: shared with "user info"), I can see name of a user who has been granted permissions/assignment to the resource, but using my powershell script I am not able to catch this information, is there any method to get this info?
Get-AzureRmLog -StartTime (Get-Date).AddDays(-7) |
Where-Object {$_.Authorization.Action -like
'Microsoft.Authorization/roleAssignments/*'} |
Select-Object #{N="Caller";E={$_.Caller}},
#{N="Resource";E={$_.Authorization.Scope}},
#{N="Action";E={Split-Path $_.Authorization.action -leaf}},
EventTimestamp
script output:
Caller : username#xxx.com
Resource :/subscriptions/xxxx/resourceGroups/Powershell/providers/Microsoft.Compute/virtualMachines/xx/providers/Microsoft.Authorization/roleAssignments/xxxx
Action : write
EventTimestamp : 8/29/2019 10:12:31 AM
Your requirement of fetching the user name to whom the RBAC role is assigned is currently not supported using Az PowerShell cmdlet Get-AzLog or Get-AzureRmLog.
However, we can accomplish your requirement by leveraging Azure REST API for Activity Logs - List and Az PowerShell cmdlet Get-AzureADUser.
In this way as we are depending on Azure REST API for Activity Logs - List (but looks like you want PowerShell way of accomplishing the requirement) so call the REST API in PowerShell as something shown below.
$request = "https://management.azure.com/subscriptions/{subscriptionId}/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01&`$filter={$filter}"
$auth = "eyxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
$authHeader = #{
'Content-Type'='application/json'
'Accept'='application/json'
'Authorization'= "Bearer $auth"
}
$Output = Invoke-RestMethod -Uri $request -Headers $authHeader -Method GET -Body $Body
$ActivityLogsFinalOutput = $Output.Value
Develop your PowerShell code to get "PrincipalId" (which is under "properties") from the output of your Azure REST API for Activity Logs - List call. The fetched "PrincipalId" is the ObjectID of the user whom you want to get ultimately.
Now leverage Az PowerShell cmdlet Get-AzureADUser and have your command something like shown below.
(Get-AzureADUser -ObjectID "<PrincipalID>").DisplayName
Hope this helps!! Cheers!!
UPDATE:
Please find PowerShell way of fetching auth token (i.e., $auth) that needs to be used in above REST API call.
$ClientID = "<ClientID>" #ApplicationID
$ClientSecret = "<ClientSecret>" #key from Application
$tennantid = "<TennantID>"
$TokenEndpoint = {https://login.windows.net/{0}/oauth2/token} -f $tennantid
$ARMResource = "https://management.core.windows.net/";
$Body1 = #{
'resource'= $ARMResource
'client_id' = $ClientID
'grant_type' = 'client_credentials'
'client_secret' = $ClientSecret
}
$params = #{
ContentType = 'application/x-www-form-urlencoded'
Headers = #{'accept'='application/json'}
Body = $Body1
Method = 'Post'
URI = $TokenEndpoint
}
$token = Invoke-RestMethod #params
$token | select access_token, #{L='Expires';E={[timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($_.expires_on))}} | fl *
I see this new way as well but I didn't get chance to test this out. If interested, you may alternatively try this or go with above approach.
UPDATE2:
$ActivityLogsFinalOutput| %{
if(($_.properties.responseBody) -like "*principalId*"){
$SplittedPrincipalID = $_.properties.responseBody -split "PrincipalID"
$SplittedComma = $SplittedPrincipalID[1] -split ","
$SplittedDoubleQuote = $SplittedComma[0] -split "`""
$PrincipalID = $SplittedDoubleQuote[2]
#Continue code for getting Azure AD User using above fetched $PrincipalID
#...
#...
}
}
Does this work for you?
Get-AzureRmLog -StartTime (Get-Date).AddDays(-7) |
Where-Object {$_.Authorization.Action -like 'Microsoft.Authorization/roleAssignments/*'} |
Select-Object #{N="Caller";E={$_.Caller}},
#{N="Resource";E={$_.Authorization.Scope}},
#{N="Action";E={Split-Path $_.Authorization.action -leaf}},
#{N="Name";E={$_.Claims.Content.name}},
EventTimestamp
My output:
Caller : username#domain.com
Resource : /subscriptions/xxxx/resourceGroups/xxxx/providers/Microsoft.Authorization/roleAssignments/xxxx
Action : write
Name : John Doe
EventTimestamp : 30.08.2019 12.05.52
NB: I used Get-AzLog. Not sure if there is any difference between Get-AzLog and Get-AzureRmLog.
Fairly certain this wouldn't be exposed with this cmdlet. I dont even see this information in the Role Assignments. So not sure what do you mean exactly.