If I use Get-AzAutomationVariable -Name EncryptedVar, then the value of the variable is showing as null in the output and I can't make use of it.
I have used Get-AutomationVariable -Name EncryptedVar . It works fine, but it exposes the value of the variable in plain text.
Is there a way to use the encrypted variable with the help of the first script(Get-AzAutomationVariable) ?
First of all, answering your direct question precisely:
Is there a way to use the encrypted variable with the help of the first script(Get-AzAutomationVariable) ?
By design, Get-AzAutomationVariable does not retrieve secrets. It does not return encrypted variable values in any form.
Your concern and your goal are not entirely clear though. If Get-AzAutomationVariable returned the variable value, wouldn't you have exactly the same concern as with Get-AutomationVariable? How exactly do you intend to use the value of this variable? Are you going to pass the secret to any external system? In what form would this external system accept the secret?
Please note that Get-AutomationVariable does not expose the value on its own: as a runbook author, you are free to do anything with it. Obviously, if you print it out to the logs, it will be exposed to all log readers. But, if you don't do that, it will not be exposed. For example, you can immediately wrap it into a SecureString. Ultimately, this is up to the runbook code owner.
Related
I've been trying to use Set-AzVmRunCommand instead of the invoke alternative, as it gives more options like protected params and better feedback. I've used the equivalent in Az CLI for some time with good results. Documentation is here https://learn.microsoft.com/en-us/powershell/module/az.compute/set-azvmruncommand?view=azps-9.2.0
I'm struggling to form the parameter object that it expects, which is described as follows:
ALIASES
COMPLEX PARAMETER PROPERTIES
To create the parameters described below, construct a hash table containing the appropriate properties. For information on hash tables, run Get-Help about_Hash_Tables.
PARAMETER <IRunCommandInputParameter[]>: The parameters used by the script.
Name <String>: The run command parameter name.
Value <String>: The run command parameter value.
PROTECTEDPARAMETER <IRunCommandInputParameter[]>: The parameters used by the script.
Name <String>: The run command parameter name.
Value <String>: The run command parameter value.
In az CLI the params are formed rather simply, using a format like the below:
--parameters "serverName =xyz" "databaseName =abc"
I've tried creating an array of hashtables, an individual hashtable containing multiple entries, etc. but all to no avail. I'm sure that it's obvious to someone out there, so thought I'd ask if anyone knew how to use this correctly? I can't find much out there in terms of extra info or documented examples.
I think I may be supposed to create a hashtable within a parameter object of type IRunCommandInputParameter, just not sure yet, ref: https://learn.microsoft.com/en-us/dotnet/api/microsoft.azure.powershell.cmdlets.compute.models.api20210701.iruncommandinputparameter?view=az-ps-latest
From MathiasR.Jessen in comments =
Set-AzVMRunCommand ... -Parameter #(#{Name='serverName';Value='xyz'},#{Name='databaseName';Value='abc'})
Array containing hashtable for each parameter required. Works just fine, thank you!
I’m wondering if someone can help us out here as we are going round in circles.
In short we are trying to;
Read a value from a SQL table via a stored procedure in a lookup task.
We want to use that value to set a variable so we can use it in a copy data task.
However our set variable task using (#activity('Lookup1').output) returns the value but its wrapped in lots of JSON (see attached).
In the attached we are only interested in the TokenGUID value, not the rest of the JSON.
So can someone please point us in the direction of how we would set a variable to be a string value.
Thanks,
Nic
You can use this expression to get TokenGUID:
#activity('Lookup1').output.firstRow.TokenGUID
My test:
Output of Lookup activity
Output of Set variable activity
I am trying to deploy a load balancer template in which I port in various names to form a concatenation. This is so that the parameters template affects the naming of back end address pools and other outputs. My current concatenation code is this:
"[concat(resourceId('Microsoft.Network/loadBalancers/', variables('loadBalancerName'), '/frontendIpConfigurations/', variables('subnet1name'), '-FrontEnd'))]"
However, when I attempt to run this in Jenkins, I get the following error message:
"Unable to process template language expressions for resource '/subscriptions/****/resourceGroups/test-networks-hub-rg/providers/Microsoft.Network/loadBalancers/test-firewall-lb' at line '1' and column '2581'. 'Unable to evaluate template language function 'resourceId': function requires exactly one multi-segmented argument which must be resource type including resource provider namespace. Current function arguments 'Microsoft.Network/loadBalancers/,test-firewall-lb,/frontendIpConfigurations/,test-firewall-subnet,-FrontEnd'
It seems like the resourceId is not recognised because it is not being concatenated properly. I checked the Microsoft guidance, but I can't seem to work out where I am going wrong.
Can anyone see my error?
Okay, turns out I just had a bracket in the wrong place. The correct syntax is this:
"[concat(resourceId('Microsoft.Network/loadBalancers/', variables('loadBalancerName')), '/frontendIpConfigurations/', variables('subnet1name'), '-FrontEnd')]"
Remove concat() and just use the resourceID function, e.g.
[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('loadBalancerName'), concat(variables('subnet1name'), '-FrontEnd'))]
Learning that function/pattern will help quite a bit when you start using resources in other groups or subscriptions.
Is there a Way to get the BuiltInParameterId (Ex:BuiltInParameter.SHEET_SIZE)
from a Parameter ElementId.
I have a number extracted from an Schedule Field (-1010106)
and I want to get the BuildInParameter-id.
Currently I am doing it like this:
BIPdic = {i.value__ : i for i in BuiltInParameter.GetValues(BuiltInParameter)}
bipid= BIPdic[-1010106]
I could not find an easier way. (Its easy, but I have to built a dictionary
from all (over 3000 BuiltInParameters)).
THX
tillbaum
I am not absolutely sure I know what you mean. Check out the description of the ElementId constructor taking a BuiltInParameter input argument.
You can also take a look at the built-in parameter checker BipChecker and its BipChecker GitHub repo. It iterates over all built-in parameter values and tries to retrieve a parameter value for each one.
That sounds pretty similar to what you are after with your dictionary.
Meekrodb is a simple php-->mysql library. How do I test/verify that it is secure, such as against sql injection attacks?
The first option is to read the FAQ:
Are there any extra precautions I should take to prevent SQL injection?
MeekroDB makes SQL injection 100% impossible if you follow 2 simple rules. First, never use the %l (literal) placeholder with user-supplied data. This placeholder doesn't escape your data the way all of the others do. Second, never change the character set at runtime using MySQL commands SET NAMES or SET CHARACTER SET. If you need to change the character set, only use DB::$encoding at the same place where you set your MySQL username/password.
The second option, assuming you have a license:
Use a query/input field by filling in:
'\"
Which could potentially cause the weirdest errors you have ever seen. It might just be converted, in which case you prove it's secure.
Update
For example, going from there first claim (in combination with security):
"MeekroDB takes care of quotes and escaping for you."
Now for testing this specific claim they have provided there way of handling this situation:
DB::query("SELECT * FROM login WHERE username=%s AND password=%s",
$username,
$password);
To prove that this claim is actually true, you could write a small application which would (for example) input:
$username = "''""\";