I've got an old azure subscription with an ampersand (&) in the name.
I can't switch to it with az account set -s "Salt & Pepper" and have been passing the subscription ID instead of the name. The usual escape methods produce the same result as the original name:
$ az account list
[
{
"id": "foo-000-0000",
"isDefault": true,
"name": "Salt & Pepper",
"state": "Enabled",
...
}
]
$ az account set -s "Salt & Pepper"
CommandNotFoundError: 'Salt & Pepper' is misspelled or not recognized by the system.
Try this: 'az account list'
How can I form the -s argument such that it can recognize my cluster name?
Related
I'm trying to write a simple script to retrieve a key value from Azure Storage account. Below is the code:
az login
az account set --subscription 1111-222-3333-444-55555555
$azure_blob_login = "teststorage123"
$azure_blob_access_key = az storage account keys list --account-name $azure_blob_login
Write-Output $azure_blob_access_key
Write-Output $azure_blob_access_key[0]
The output from the first write-output is:
[
{
"creationTime": "2022-02-23T06:45:00.085500+00:00",
"keyName": "key1",
"permissions": "FULL",
"value": "11111111111111111111111111111111111111111111111"
},
{
"creationTime": "2022-02-23T06:45:00.085500+00:00",
"keyName": "key2",
"permissions": "FULL",
"value": "22222222222222222222222222222222222222222222"
}
]
However the output from the second write-output where I am trying to index to just get the first value in the array is just:
[
Anyone know how I can return the value from this az command and only get the first "value" entry from the first entry in the array?
Thanks,
The default output from Az cli is JSON.
If you want to create an array of properties you would have to convert the az cli output to a psobject
$keys = $azure_blob_access_key | ConvertFrom-Json
$keys[0]
When I use az login using service principal
e.g az login --service-principal -u “12121” -p “1212” --tenant “12121”
It will show the all the list of subscriptions which it has access like
[
{
"cloudName": "AzureCloud",
"homeTenantId": "123",
"id": "215645",
"isDefault": true,
"managedByTenants": [],
"name": "Sub1",
"state": "Enabled",
"tenantId": "123",
"user": {
"name": "123456",
"type": "servicePrincipal"
}
},
{
"cloudName": "AzureCloud",
"homeTenantId": "123",
"id": "rr",
"isDefault": false,
"managedByTenants": [
{
"tenantId": "123"
}
],
"name": "Sub2",
"state": "Enabled",
"tenantId": "123",
"user": {
"name": "123456",
"type": "servicePrincipal"
}
},
...
...
]
Among the list for some sub the SPN have direct reader access(RBAC) to the subscription. But for the other sub (lets say sub2) the access is not directly given to the subscription level, instead the access has been given to resource(s) level.
Question: How to get all the list of resources within sub2 that have access provided to the service principal ?in other words, I have to find(list) what kind of access the service principal assigned to any/all the resources within sub2.
I know azure cli doing this behind the scene to retrieve this information.That why it can show all the list of subscription after the successful login. But i don't know what that is
Is there any cli command or graph API to retrieve that information ?
P.S:I don't know the scope or resource where the SPN is assigned too
If you want to list the role assignments for a specific user, you can use the az role assignment list command.
az role assignment list --assignee {assignee}
Note: To view role assignments for the current subscription and below, add the --all parameter:
az role assignment list --assignee {assignee} --all
If you are already logged in with the service principal, you can omit the --assignee parameter
Using Azure Machine Learning CLI extension, how do we get the Model ID for the latest version of a Model (with known model name)?
To get the entire list of Model Details with a given name the command is
az ml model list --model-name [Model_Name] --resource-group [RGP_NAME] --subscription-id [SUB_ID] --workspace-name [WS_NAME]
Running this will give a list of all the models:
[
{
"createdTime": "2021-03-19T07:02:03.814172+00:00",
"framework": "Custom",
"frameworkVersion": null,
"id": "model:2"
"name": "model",
"version": 3
},
{
"createdTime": "2021-03-19T06:46:34.301054+00:00",
"framework": "Custom",
"frameworkVersion": null,
"id": "model:2",
"name": "model",
"version": 2
},
{
"createdTime": "2021-03-19T06:38:56.558385+00:00",
"framework": "Custom",
"frameworkVersion": null,
"id": "model:1",
"name": "model",
"version": 1
}
]
The Microsoft Documentation mentions, we can use a -l parameter to get the latest version details:
az ml model list --model-name [Model_Name] --resource-group [RGP_NAME] --subscription-id [SUB_ID] --workspace-name [WS_NAME] -l
However, running this gives the following error:
ERROR: UnrecognizedArgumentError: unrecognized arguments: -l
What is the syntax to use this -l flag?
I've just spent a fun few hours wrestling with this. Running something like
az ml model list -w your_workspace_name -g your_resource_group_name -l -n name_of_your_registered_model
will get you back some JSON that looks like this:
[
{
"createdTime": "2022-03-04T16:05:47.103407+00:00",
"framework": "Custom",
"frameworkVersion": null,
"id": "name_of_your_registered_model:3",
"name": "name_of_your_registered_model",
"version": 3
}
]
This is well and good for a human, but not much use to a machine. The azure cli supports something called JMESPath, which allows you to write a query against the result of a CLI command. Running
az ml model list -w your_workspace_name -g your_resource_group_name -l -n name_of_your_registered_model --query "[0].{id:id}" -o tsv
should get you back
"name_of_your_registered_model:3"
Which you can then use in an env var or whatever other use case you have.
If we wish to obtain the model-id for the latest model, instead of using az ml model list with -l flag, using az model show will return the details for the latest model. The syntax to get a string for model-id will be:
az ml model show --model-id $(TRN_MODEL_ID) --resource-group $(AML_TRN_RG) --subscription-id $(AML_TRN_SUB_ID) --workspace-name $(AML_TRN_WS) --query name -o tsv
I have to use this API : PATCH https://vsaex.dev.azure.com/{organisation}/_apis/userentitlements/{userId} to give read access to some projects to all users in my organisation. I am able to call this API, with success, but I don't know how to get the right GUID for the users. (To get the right Guid for the user I used Fiddler to spy the request).
When I use this API, (GET https://vssps.dev.azure.com/{organisation}/_apis/graph/users?api-version=6.0-preview.1) I get all users of my organisation, but in the list, there no the userId, I have only the originId, and it is the guid from the AAD, and I cannot update the user with that information.
I tried too to use the descriptor field, without any success. Does somebody have an idea to get this specific userId?
Example of User list I get with this API :
{
"count": 133,
"value": [{
"subjectKind": "user",
"metaType": "member",
"directoryAlias": "COD0001",
"domain": "10a83eaa-05c5-4b22-a201-63cddba4fe8c",
"principalName": "bidon.person#example.com",
"mailAddress": "bidon.person#example.com",
"origin": "aad",
"originId": "7c3408d6-62f4-43ff-bdbe-5be97000ba30",
"displayName": "Personne bidon",
"_links": {
"self": {
"href": "https://vssps.dev.azure.com/BIDON/_apis/Graph/Users/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
},
"memberships": {
"href": "https://vssps.dev.azure.com/BIDON/_apis/Graph/Memberships/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
},
"membershipState": {
"href": "https://vssps.dev.azure.com/BIDON/_apis/Graph/MembershipStates/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
},
"storageKey": {
"href": "https://vssps.dev.azure.com/BIDON/_apis/Graph/StorageKeys/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
},
"avatar": {
"href": "https://dev.azure.com/BIDON/_apis/GraphProfile/MemberAvatars/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
}
},
"url": "https://vssps.dev.azure.com/BIDON/_apis/Graph/Users/aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx",
"descriptor": "aad.ZDYzNzUwNzctNWJjYy03ZTkzLWIzZGUtMDEzNTdhM2JiMDIx"
},
...
]
}
To get id you should use User Entitlements - Search User Entitlements which is
GET https://vsaex.dev.azure.com/{organization}/_apis/userentitlements?api-version=6.0-preview.3
then you will get response like
"members": [
{
"id": "<YOUR ID HERE>",
"user": {
"subjectKind": "user",
"metaType": "member",
"domain": "Windows Live ID",
Another option is use az cli.
1 - First you need to install the az cli extension if it is not installed.
az extension list-available --output table | grep devops
az extension add --name azure-devops
2 - Configure organization if is needed
az devops configure --defaults organization=https://dev.azure.com/myorganization
3 - maybe you need to do a login and insert de devops PAT token (paste it)
az devops login
token:
4 - Use de command user list with the option --top if you need to show more than 200 users
az devops user list --top 15000
5 - Use pipe with grep command to filter or send it to a file to find the user that you want to find.
az devops user list --top 15000 > devops-users.txt
az devops user list --top 5000 | grep myemail#mycompany.com
6 - the field that you want is the id:
"id": "a69fdd3c-yyyyy-6fa6-90ba-xxxxxx",
If you has permissions you can use also de command az devops user show
az devops user show --user myemail#mycompany.com
Docs:
install az cli extension
az devops user
az storage account keys list -g <resourcegroupname> -n <accountname>
[
{
"keyName": "key1",
"permissions": "Full",
"value": "<key1value>=="
},
{
"keyName": "key2",
"permissions": "Full",
"value": "<key2value>=="
}
]
--query is used to execute a JMESPath query on the results of commands. The --query argument is supported by all commands in the Azure CLI. You could get properties in an array by this.
key=$(az storage account keys list -g <resourcegroupname> -n <accountname> --query '[<index>].<parameter>')
echo $key
To extract the first key and store it in a variable, you can use the following command:
var=$(az storage account keys list -g rgname -n storagAccName -o json --query "[0].value")