I am using following az api call command az apim show -n Namexxx -g RGxxx. As an output I am getting below:
{
"additionalLocations": null,
"apiVersionConstraint": {
"minApiVersion": null
},
"certificates": null,
"createdAtUtc": "2021-10-15T08:49:38.486813+00:00",
"customProperties": {
"Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "true",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false"
},
I need to modify one of the customProperties. I tried to use command: az apim update -n xxNamexx -g xxRGxx --set customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168=false but I am getting an error like below:
Couldn't find 'Microsoft' in 'customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security'. Available options: ['Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2'
In MS API dos didn't find any useful information --> AZ apim API
#tester81
Command group 'apim' is experimental and under development.I tested the functionality at my end and I was encountering the same issue in a WinPowershell.
I did find an different behavior at the Ubuntu Terminal.
If you are not making use of Win Powershell/cmd for invoking the az commandlet, you could probably try the below script at your end in your linux terminal.
customPropertiesUpdated=$(az apim show -n <APIM NAME> -g <APIM RESOURCE GROUP> --query customProperties | jq '."Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168" = "True"')
az apim update -n <APIM NAME> -g <APIM RESOURCE GROUP> --set customProperties="$customPropertiesUpdated"
The above script helped in changing the state. However, a relative script in Win Powershell / Commad prompt / Cloud shell did not.
The Alternative or the recommended approach would be to make use of the REST API - until it is out of the experimental stage.
Please do see properties.customProperties - Api Management Service - Create Or Update - REST API (Azure API Management) | Microsoft Docs
Related
I am trying to get the command az bot create to run inside of a docker container. More specifically, this is the full command:
az bot create `
--app-type $appType `
--appid $appInfo.AppId `
--name $botName `
--resource-group $resourceGroupName `
--endpoint $messagingEndpoint `
--sku $sku
Where $appType is equal to "MultiTenant"; $appInfo.AppId comes from using the command Get-AzADApplication on a valid application registration and its object id; $botName is set to "TestingScriptBot"; $resourceGroupName is set to the name of a valid resource group; $messagingEndpoint is set to a valid url; $sku is set to "FO".
However, I receive a rather strange error inside of the docker container:
(InvalidBotData) Bot is not valid. Errors: The schema transformation version is not supported. See https://docs.microsoft.com/azure/bot-service/bot-service-resources-bot-framework-faq?view=azure-bot-service-4.0 for detailed requirements.
Code: InvalidBotData
Message: Bot is not valid. Errors: The schema transformation version is not supported. See https://docs.microsoft.com/azure/bot-service/bot-service-resources-bot-framework-faq?view=azure-bot-service-4.0 for detailed requirements.
Furthermore, when enabling the --debug flag on the command above, I notice the following parameter "schemaTransformationVersion" inside of the request body is set to "0.0":
cli.azure.cli.core.sdk.policies: Request body:
cli.azure.cli.core.sdk.policies: {"location": "global", "sku": {"name": "F0"}, "kind": "azurebot", "properties": {"displayName": "AutomationTestingScriptBot", "iconUrl": "", "endpoint": <working_endpoint>, "msaAppType": "MultiTenant", "msaAppId": <working_app_id>, "isCmekEnabled": false, "publicNetworkAccess": "Enabled", "isStreamingSupported": false, "schemaTransformationVersion": "0.0"}}
However, when I run this same command on local, this parameter is not even inside of the request body. The az bot create command does not even allow me to change this parameter - so I am at a bit of a loss of what to do here. I have tried re-building the container with different versions of the Azure CLI as well (starting from 2.38.0 to the latest version of 2.43.0) and the same behavior occurs.
Since I originally thought this was a module version issue I have tried re-building the container with different versions of Powershell and Azure CLI. Furthermore, I have tried different versions of Python as well.
I have also tried to login into each respective client (Powershell and Azure CLI) with the tenant id, as I had a shared token/refresh token warning - but that did not seem to help either.
Regardless of what I attempted, the same error occurred.
This command was working for me inside of the docker container up until recently - this past Friday (12/2/22) was when I rebuilt the container and this behavior started.
So I do not really understand why this parameter is suddenly in the request body of this command and am currently at a loss of how to fix it. I thought it might have been a module version issue, but after playing around with different versions of the Azure CLI and updating software inside of the container, I am not really sure how/why this behavior is occurring and what I need to do to fix it.
**
Here are all of the versions/packages I have:**
The docker container is running with the following version: Alpine Linux v3.16.
I am running the latest version of Powershell: 7.3.0.
I am running the latest version of Azure CLI:
{
"azure-cli": "2.43.0",
"azure-cli-core": "2.43.0",
"azure-cli-telemetry": "1.0.8",
"extensions": {}
}
I installed the latest version of the Az module via Install-Module -name Az and the latest version of the Az.BotService module via Install-Module -Name Az.BotService.
I have libffi installed and OpenSSL version 1.1.1s.
I have Python version 3.10.8 installed.
This is the powershell script I have been testing with:
$appInfo = Get-AzADApplication -ObjectId <valid_obj_id>
$appType = "MultiTenant"
$botName = "TestingScriptBot"
$resourceGroupName = <valid_resource_group_name>
$messagingEndpoint = <valid_endpoint>
$sku = "F0"
az bot create `
--app-type $appType `
--appid $appInfo.AppId `
--name $botName `
--resource-group $resourceGroupName `
--endpoint $messagingEndpoint `
--sku $sku `
--debug
I am running the same script locally and inside of the docker container and have compared the commands with the --debug flag enabled and from a text compare of the two outputs, the two major differences I see are:
The "schemaTransformationVersion" parameter inside of the request body is set to "0.0" - but only when the command is run within the docker container - this parameter is not in the request body of the command when the command is run locally
The docker container uses the auth token before making the request with the az bot create command, whereas local uses a refresh token - although I do not suspect this is causing the problem, as this occurred in the past when the command was working inside of the docker container for me
Please let me know if any further information is needed.
Looking into it some more, I was able to find an alternative solution that does work. Granted, I do not love this solution as it feels like a bit of a hack, but I think it can hold until I can dig further into what is going wrong with the az bot create command.
After doing some more research, I think I might know the issue, or this is another difference I noticed. The api-version when running this command for local is the following: 2021-05-01-preview. On the other hand, the docker container api-version when running this command is 2022-06-15-preview.
So, I used az rest command with the same request url (including the api-version) as local and used the same body as local. As a result, bot creation worked for me. This did allow me to circumvent the failure of the az bot create command. Here is the script I tested that allowed me to do what I wanted to with az bot create:
$body = '{\"location\": \"global\", \"sku\": {\"name\": \"F0\"}, \"kind\": \"azurebot\", \"properties\": {\"displayName\": \"TestingScriptBot\", \"endpoint\": \"<valid_endpoint>\", \"msaAppType\": \"MultiTenant\", \"msaAppId\": \"<valid_app_id>\", \"isCmekEnabled\": false, \"publicNetworkAccess\": \"Enabled\", \"isStreamingSupported\": false}}'
$uri = "/subscriptions/<subscription_id>/resourceGroups/<resoure_group_name>/providers/Microsoft.BotService/botServices/<bot_name>?api-version=2021-05-01-preview"
az rest --uri $uri `
--method put `
--body $body `
--debug
Note that you may need to adapt your json body depending on what os you are using. This specific body worked on my macos. To get it to work in the docker container I removed the escape character (\ before each double quote in the json body).
However, I do not think using az rest is a great solution to the problem and would still appreciate some insight into why az bot create command is failing for me inside of the docker container.
My guess as of now is that the api version difference in the request url might be why the "schemaTransformationVersion" parameter is included and has an invalid value, especially since I do not have control over its value in this command.
Does anyone know if there is a way I can change what version of the api is being used for Azure CLI commands? Because if that is possible I would like to test the az bot create command with the older api version, rather than just mimicking what I would like the call to do via az rest.
I am trying to use Az Cli to configure an Azure Function TLS/SSL Binding to switch the "HTTPS Only" setting from Off to On, as depicted below.
All attempts appear to have failed so far, using either of the below commands.
az webapp config set -g test-poc -n r-egm-test-fc --http20-enabled true
az functionapp config set -g test-poc -n r-egm-test-fc --http20-enabled true
Any ideas on:
Which command I should be using?
What is the correct syntax required to achieve my desired goal?
After some bit of digging around, I manage to find and successfully test the following as the right command:
az functionapp update -n 'r-egm-test-fc' -g 'test-poc' --set httpsOnly=true
Works like a charm !!
For web deployment using FTP;I came across a situation, where i'm using Azure CLI command to create an app service plan in FREE tier to deploy the web app in it.
Here is how i am approaching:
used command:
az login --allow-no-subscriptions
sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxxx to authenticate. Working fine with below result.
[
{
"cloudName": "AzureCloud",
"id": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"user": {
"name": "email#gmail.com",
"type": "user"
}
}
]
Then, create basic app service plan using :
"az appservice plan create -g MyResourceGroup -n MyPlan"
This gives me error saying "The subscription 1fdacf7a-xxxxx-xxxx-xxxx-
xxxxxxxxxxxxx could not be found.
How to resolve this problem? Thanks.
I can reproduce your issue, to fix the issue, please don't use the --allow-no-subscriptions parameter.
You just need to login with:
az login
or
az login --use-device-code
Then use the command below to set the subscription:
az account set --subscription 1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx
Run az appservice plan create -g MyResourceGroup -n MyPlan:
I have a File Share setup in a Storage Account. When I try to mount it in my Web App I get the following response:
"nexport-shared": {
"accessKey": "hidden==",
"accountName": "hidden",
"mountPath": "\\\\nexportshared",
"shareName": "nexportcampusbetashare",
"state": "InvalidCredentials",
"type": "AzureFiles"
}
I am using the az CLI command below :
az webapp config storage-account add --resource-group "GROUPNAME" --name "WEBAPPNAME" --custom-id nexport-shared --storage-typeAzureFiles --share-name nexportcampusbetashare --account-name STORAGEACCOUNT --access-key "hidden==" --mount-path "\\nexportshared" --verbose --debug
When I run 'az webapp config list' it shows up in the list but still with InvalidCredentials
A possible reason is that you have input an invalid key or storage account to mount the Azure files. Correcting these parameters fixes this issue for me.
Fixed as below
You may need to turn off or modify the firewall on the storage account for the Azure-Cli and the App Service to be able to see it.
I'm getting same response and file share is working as expected.
Also I just found an issue created about this, seems to be an error in the response message from the API:
https://github.com/Azure/azure-cli/issues/21571
I'm trying to deploy Kubernetes through ACS. The deployment works perfectly but as soon as I try connect to the cluster with kubectl proxy it fails.
Every kubectl command fails.
I SSH'ed to the server and found out only one container started. Not a single other one in sight even with -a.
Anyone got a clue to why this happens?
According to your description, it seems you have not configured the Service Principal correctly.
You may need to check to ensure the credentials were provided accurately, and that the configured Service Principal has read and write permissions to the target Subscription.
If your Service Principal is misconfigured, none of the kubernetes components will come up in a healthy manner. We can check to see if this the problem:
root#k8s-master-D9DE702A-0:~# journalctl -u kubelet | grep --text autorest
If you see output that looks like the following, it means you have not configured the service Principal correctly.
May 18 07:09:36 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:36.901937 5920 kubelet.go:1186] Cannot get Node info: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400
May 18 07:09:37 k8s-master-D9DE702A-0 docker[5534]: E0518 07:09:37.119646 5920 kubelet_node_status.go:70] Unable to construct api.Node object for kubelet: failed to get external ID from cloud provider: autorest#WithErrorUnlessStatusCode: POST https://login.microsoftonline.com/1fcf418e-66ed-4c99-9449-d8e18bf8737a/oauth2/token?api-version=1.0 failed with 400 Bad Request: StatusCode=400
More information about how to create /configure a service principal for ACS-Engin Kubernetes cluster, please refer to this Azure CLI 2.0 or PowerShell.
We can use CLI 2.0 to get the information about ACS, the clientId is the service principal.
C:\Users>az acs show -g k8s -n containerservice-k8s
{
"agentPoolProfiles": [
{
.
.
.
.
},
"provisioningState": "Succeeded",
"resourceGroup": "k8s",
"servicePrincipalProfile": {
"clientId": "1498b171-xxxx-xxxx-xxxx-8ef56a178b89",
"secret": null
},
"tags": null,
"type": "Microsoft.ContainerService/ContainerServices",
"windowsProfile": null
}
We can use PowerShell to get the service principal:
PS C:\Users> Get-AzureRmADServicePrincipal | ?{ $_.ApplicationId -eq "1498b171-xxxx-xxxx-xxxx-8ef56a178b89" } | fl *
ServicePrincipalNames : {http://azure-cli-2017-04-13-08-16-07, 1498b171-xxxx-xxxx-xxxx-8ef56a178b89}
ApplicationId : 1498b171-xxxx-xxxx-xxxx-8ef56a178b89
DisplayName : azure-cli-2017-04-13-08-16-07
Id : d86886b9-xxxx-xxxx-xxxx-25ab57803a33
Type : ServicePrincipal