I have the following scenario:
InfluxDB is deployed to Azure App Service and running as a Linux Container. It's pulled from the DockerHub in the App Service Container Settings.
Grafana is also deployed to Azure App Service and running as a Linux Container. And it's also pulled from the DockerHub in the App Service Container Settings. Azure AD login is configured on the Grafana App using Grafana's relevant Env. variables.
After this it's a straight forward integration to add InfluxDB as a data source in Grafana.
However, there is now a requirement for the InfluxDB Web App to be AAD authenticated - therefore, I have the AAD authentication configured in the App Service -> Authenticaton/Authorization section in Azure. Obviously, adding the InfluxDB app as a data source returns 401 because there's an AAD authentication.
I was wondering if there's any way to generate a JWT token and pass it to the InfluxDB. This is where I get a bit out of my depth as I am relatively new to Grafana and InfluxDB.
I read about the plugin authentication doc but wasn't sure how to progress with this.
Is what I am trying to achieve even possible? I appreciate any pointers / help on this.
Thank you!
Related
I have configured WSO2 API in Azure Kubernetes service and I have integration with Azure AD for devportal and publisher portals. When I tried to login to devportal it was throwing "OAuth2Service Provided Callback URL does not match with the provided one." in the logs. I'm going with default WSO2 helm charts and accessing the application using https://am.wso2. com/devportal URL Really appreciate any pointers to fix this issue.
I am using Azure ML, I made my models and now I want to connect them to Data Factory to run some process.
I implement an endpoint, but I can't find the API key for the endpoints. Right now, I have the REST endpoint, but not in key-based authentication enabled, it's false. Do you know how to generate the API key?
Currently the only way to retrieve the token is by using the Azure Machine Learning SDK or the Azure CLI machine learning extension.
Key-based auth is supported for Azure Container Instance and Azure Kubernetes Service deployed web-services, and token-based auth is only available for Azure Kubernetes Service deployments.
You can find more information here
I am able to create a new Azure App Service on my Azure subscription from VS code. If I then try to deploy my python web application to the App Service that I just created I get a "401 - Unauthorized: Access" error. If I logon to the Azure portal I can view my newly created App Service. I can see on the Access Control page that I am listed as a contributor. I am not sure why I can not deploy my code or view files. Does anyone have suggestions as to security settings to check? I need to be able to deploy my code. Thank you.
#Kachopsticks, Apologies! If my response is to too late. To benefit the community, sharing the steps that could help isolate such issues:
There is a way to disable basic auth access to the WebDeploy port and SCM site with basicPublishingCredentialsPolicies, see if this is the case.
basicPublishingCredentialsPolicies --parent sites/ --set properties.allow=false
https://learn.microsoft.com/azure/app-service/deploy-configure-credentials?tabs=cli#webdeploy-and-scm
You could re-download the publish profile from Azure portal, and import publish settings in Visual Studio for deployment.
In the Azure portal, open the Azure App Service.
Go to Get publish profile and save the profile locally.
A file with a .publishsettings file extension has been generated in the location where you saved it and you may import that in VS and then attempt to re-deploy.
Additionally, Azure App Service supports two types of credentials for local-Git and FTP/S deployment:
User-level credentials one set of credentials for the entire Azure account.
App-level credentials (one set of credentials for each app. It can be used to deploy to that app only) -. They can't be configured manually, but can be reset anytime. For a user to be granted access to app-level credentials via (RBAC), that user must be contributor or higher on the app (including Website Contributor built-in role). Readers are not allowed to publish, and can't access those credentials.
I'm using Azure App Services with Docker Compose support enabled. I'm using both DockerHub and Azure Container Registry for my project. I'm looking for Azure App Service REST API that can update the details in the container settings in App Services.
You can do it via the SDK Microsoft.WindowsAzure.Management.WebSites with the code or use the API
I am writing an auto deployment service and I am already able to create my App Service resource via ARM Template using the ARM API but now I need to deploy the content there, Im planning use the Kudu Zip deployment API (https://github.com/projectkudu/kudu/wiki/Deploying-from-a-zip-file) but Im missing how to set or get the deploy username and password automatically through some api based process (not using the UI).
I know the site credentials are actually account-tied users, if you know a different kind of credential can be used to deploy, please point me the direction that would allow me release without a specifc person-oriented credential (an app credential instead)
If you want to get the publish credentials, you could use the
Web Apps - List Publishing Credentials Rest API to do that.
POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Web/sites/{name}/config/publishingcredentials/list?api-version=2016-08-01
About how to call the Azure Resource Manager REST API, please refer to this tutorial.
We also could use Azure SDK to get the publish credentials. For more information about how to use Kudu API or Azure SDK to get the publish credential, please refer to another SO thread.