Update Azure APIM Operation Name After Creation - azure

Is it possible to change the operation name (a.k.a. operationId) of an Azure APIM operation after it has been created?
In the example below, I would like the auto-generated name of 5dk6e437e1fd991b3df455ff to be get-branding-information:
Changing the name is not currently supported through the Azure portal UI, but perhaps it is possible through another method? Since this URL only relates to the APIM documentation pages and is not the actual API URL, changing the name wouldn't be a breaking API change for our customers.
Developers who created the original operations on my team got a little lazy and just let the Azure portal assign an auto-generated name to multiple operations. As a result, I cannot create relative URL reference to different operations within the APIM documentation as the name value is unique in our development, QA, and production APIM environments.

Your screenshot didn't go quite high enough to show the 'OpenAPI specification View' button. Click this and you can edit the name.

Related

How to add HTTP trigger in Azure Logic Apps

I want add a functionality in my ADF pipeline which will send me email notification in case of failure. On searching the internet, I came to know that Azure Logic Apps helps with this. I am trying to follow below link to achieve this.
https://microsoft-bitools.blogspot.com/2018/03/add-email-notification-in-azure-data.html
I have tried searching up many tutorials, guides and the official docs as well. However, all of them have some templates already there in the Logic Apps Designer. I cannot find the templates and the 'When a HTTP request is received' trigger is also not available in the drop-down.
Please let me know how to proceed.
EDIT :
If you start with a blank Logic App, search for 'HTTP' or 'Request' and select Request.
On the next screen under triggers, select "When a HTTP request is received" and you should be good to go.
EDIT:
It looks like you created a Standard Logic App, which works in a slightly different way. For instance it can contain multiple workflows, which means you create workflows yourself. In the Consumption model, there's one workflow withing a Logic App, so you can open up the editor for that one directly. If there's no explicit reason for you to use Standard, a Consumption Logic App will be easier to work with.
If you really need a Standard Logic App, go to 'Workflows' and create a new workflow:
Then click the newly created workflow to edit it, go to 'Designer' and search for 'HTTP' to add an HTTP trigger:
Here's some information on the Consumption model for Logic Apps:
Resource type
Benefits
Resource sharing and usage
Limits management
Logic App (Consumption) Host environment: Multi-tenant Azure Logic Apps
- Easiest to get started - Pay-for-what-you-use - Fully managed
A single logic app can have only one workflow. Logic apps created by customers across multiple tenants share the same processing (compute), storage, network, and so on.
Azure Logic Apps manages the default values for these limits, but you can change some of these values, if that option exists for a specific limit.
See Resource type and host environment differences for a comparison with the other hosting options.
I was able to solve this. I wasn't able to view a few functionalities because of another error : Functions runtime error Microsoft.WindowsAzure.Storage: Value cannot be null. (Parameter 'connectionString').
AzureWebJobsStorage App Setting was missing which caused the error. I added that and now I can see the triggers and other stuff.
Thanks #rickvdbosch

Azure SQL Permissions: How to allow using Query Performance Insight, but not changing settings such as the pricing tier?

I would like to give our team members the necessary permissions to use the Query Performance Insight feature for an Azure SQL database, including the possibility to see the query text of long-running queries.
They already have "Reader" and "Monitoring Contributor" roles, so they can access the Query Performance Insight feature in the Azure Portal and see the IDs of long-running queries. However, when they click on a long-running query, they cannot see the query text. An error is shown indicating that "The connection timed out while running the query".
If I assigned them the "SQL DB Contributor" role, they would be able to use that feature, but they could then also change database settings such as the pricing tier, which I do not want.
Is there a role assignment that does what I need?
I think you will need to create an Azure Custom Role, as described in https://learn.microsoft.com/en-us/azure/role-based-access-control/custom-roles .
You can start with Reader, and then include permissions you want, or start with SQL DB Contributor, and remove permissions you don't want. This will require experimentation.
From your subscription, create a new Custom Role:
Then from that role, you will add or exclude permissions:
Permissions that would be interesting to me would be:
List Query Store texts - for adding to a Reader
and Update Database - for excluding from a DB Contributor
Once that's done, you would go to the Access Control blade for the server that contains your database, and then add your users with that new custom role. Test, tweak, repeat until you have the security profile you want. Which role you use as your basis depends upon how close to a least-privilege security model you wish to adopt.
Edit: One possible way to figure out the permission to assign would be:
Scale the database up
Scale it back down
Go to the resource group, select your database, and Export Template
Inspect the JSON, which will be the ARM that was applied during the operation (you might need to look at multiple deployments to figure this out)
Once you find the operation, the provider in the JSON should give you a clue as to what to exclude from any roles you create.
Adding to #WaitingForGuacamole's answer: We ended up creating a custom role definition containing Microsoft.Sql/servers/databases/queryStore/write and Microsoft.Sql/servers/databases/topQueries/queryText/action. Assigning this custom role definition to team members who already had the Reader role on the Azure SQL Server then allowed them to view the query texts in Query Performance Insight.
The actual two permissions were provided to us by a very helpful Azure support engineer. YMMV, it might also work with just Microsoft.Sql/servers/databases/topQueries/queryText/action (in addition to the read permissions), as indicated by an Azure Docs Github issue. However, the support engineer was positive we'd also need the Microsoft.Sql/servers/databases/queryStore/write one and we didn't follow up by researching why.

Are my Function Apps dependent on Storage Accounts? I want to move my Function Apps to a new Resource Group

Goal: Move all the necessary, and only the necessary, function apps and their dependencies from one resource group to another. This resource group they are currently in contains an App Configuration, 2 App Services (Function Apps), their Application Insights, a Storage account, and an App Service Plan.
The resource group I want to move them into already has things like Storage accounts, other Function apps, Logic apps, etc.
I have tried consulting the docs, maybe I am consulting the wrong ones. I am still puzzled about the dependencies Function Apps may have, and why this resource group needed to spin up a Storage account and what azure-webjobs-host and what the files populating within it mean or do.
Q1: How can I move them to the new resource group? I am thinking of using their ARM templates, but am vague on details.
Q2: Do I need to bring their Storage account with them?
Q3: Could I instead integrate them with the Storage account in their new resource group, after I moved them? How?
Q4: Can I simply delete Function Apps' Application Insights if I have no further use for them?
Q5: Any good resources or knowledge you want to share about Logic Apps / Function Apps being dependent on other resource types?
Thank you.
Are my Function Apps dependent on Storage Accounts?
Yes, function app on azure needs you to specified a storage account. This is because triggers other than httptrigger needs storage emulator.(This is built-in feature.)
How can I move them to the new resource group?
If you dont have too many function apps to move, just click 'Move' -> 'Move to another resource group' in the overview of your resource group and then select the function app you want to move.
Do I need to bring their Storage account with them?
No. No matter built-in feature or your function app need to deal with some storage accounts, it just needs you to offer connection string to link to.
Could I instead integrate them with the Storage account in their new
resource group, after I moved them? How?
Yes.(If you are talking about built-in feature.) But you need to change this value:
And the value is getting from this place:
Can I simply delete Function Apps' Application Insights if I have no
further use for them?
Yes, you can. It is just a way to monitor your function app. You can delete or re-create it whenever you want.
Any good resources or knowledge you want to share about Logic Apps /
Function Apps being dependent on other resource types?
One thing I want to remind. Please keep your resources in the same region if you dont have some special requirement. This is not only because of some built-in restrictions, but it can also help you save costs. (For resources in Azure, data transmission between resources located in different regions requires additional bandwidth fees.)

How Modifying Azure Analysis services roles using a logic app?

With Azure Data Factory I have built a pipeline to orchestrate the processing of my Azure Analysis Services model trough a dedicated Logic App as explicated in this article, and it works properly.
Now, always using Azure Data Factory (through Logic App), I wish I could also update the list of the user in a specific roles.
In the article mentioned above, to process the Azure Analysis Services models, the Logic App calls a specific API that has the following format:
https:// <rollout>.asazure.windows.net/servers/<serverName>/models/<resource>/refreshes
but this API doesn't seem to work for update the model's roles.
Is there anyone who knows the correct method to be able to update model roles using a specific Logic App?
Thanks for any suggestions
If you don't necessarily need to use the logic app for this, I think it might be possible using Azure automation and the powershell cmdlets for managing azure analysis services:
https://learn.microsoft.com/en-us/azure/analysis-services/analysis-services-refresh-azure-automation
https://learn.microsoft.com/en-us/azure/analysis-services/analysis-services-powershell
https://learn.microsoft.com/en-us/powershell/module/sqlserver/Add-RoleMember?view=sqlserver-ps
One alternative approach might be to have fixed AD groups as members of the tabular model roles and add / remove members from those AD groups. Therefore the tabular model roles would not need to be refreshed, it would simply be a matter of adding or removing members from the AD groups as part of your governance process.
A second approach would be to use dynamic row-level security. Adding records to a Azure SQL DB table is perfectly possible with Logic Apps and could be used to drive security, depending on your requirements. You can then refresh your security dimension with the Logic App. See here for more details:
https://learn.microsoft.com/en-us/power-bi/desktop-tutorial-row-level-security-onprem-ssas-tabular
To answer your question however, the Azure Analysis Services REST API is useful but is not that fully featured, ie it does not contain all possible operations for tabular models or the service. One other missing example I found was backups, ie although it is possible to trigger a pause or resume of the service, it is not possible to trigger a backup of a tabular model via the REST API. I do not believe it is possible to alter role members or at least, the operation is not listed in the REST API, although happy to be corrected if I am wrong. To be more specific, Roles is not mentioned in the list of available objects which can be passed in to the Objects array using the POST / Refreshes eg here. table and partition are the only ones I'm aware of.
There are also no examples on the MS github site:
https://github.com/microsoft/Analysis-Services
Finally, consider calling TMSL via Powershell in an Azure Function, which you can call from Azure Data Factory.
HTH

Transfer SQL Azure servers, Storage Accounts away from CSP subscription

We have a CSP subscription through a partner, and the whole experience is rubbish. Costing / billing APIs not available, can't use our Office 365 Azure AD, can't use SendGrid, can't see the cost of resources in the portal, loads of features missing. It's rubbish.
We're moving away and want to transfer a substantial number of SQL Azure servers (with many pools and databases) and Storage Accounts (with lots of items) to another, new PAYG subscription, which uses our O365 Azure AD.
#AzureSupport on Twitter pointed me to - https://learn.microsoft.com/en-us/azure/azure-resource-manager/resource-group-move-resources
But this says, "The source and destination subscriptions must exist within the same Azure Active Directory tenant."
It suggests two ways forward:
https://learn.microsoft.com/en-us/azure/active-directory/fundamentals/active-directory-how-subscriptions-associated-directory
But... The "Change Directory" option is not present for CSP accounts (lo and behold! another missing feature)
https://learn.microsoft.com/en-us/azure/billing/billing-subscription-transfer
But.. Heading to https://account.windowsazure.com/Subscriptions as instructed gives me a 500 error, with "We are sorry, but we could not complete that operation.".
Also.. Of course, the CSP (Ingram) do not offer any of these kinds of options on their sub management portal.
#AzureSupport then recommended I post here.
Can anyone advise / help please? Would be very much appreciated, thank you.
You are currently blocked, as there is not a good workflow to migrate from CSP to Pay-as-you-go, as the below User Voice entry suggests others are looking for the same. Please up vote and comment on this.
Change subscription from CSP to pay-as-you-go
As for getting switched back to PAYG, I suggest exporting your data and importing in to new services that have been set-up under your desired account set-up. If you need the instance names, these will need to be deleted before the data can be imported into the newly created service with the existing instance names, in cases where instances names can be reused after deletion of the particular service.
There is currently no supported means to migrate a subscription away from CSP once migrated, from my investigation.
Use Azure Data Migration Service to migrate from source to target. This though, will not allow you to keep the same instance names, as both the source and target will need to exist at the same time.

Resources