Develop Reference

return only part of Whois information

Hi we are trying to use NodeJS to return IP address WHOIS information before we send the requesting IP address to the rest of our app - That part is easy.
However the part that is not easy is, selecting only the Organization part of the whois information.
for example this is a whois and what it returns
whois 137.184.236.168
% IANA WHOIS server
% for more information on IANA, visit http://www.iana.org
% This query returned 1 object
refer: whois.arin.net
inetnum: 137.0.0.0 - 137.255.255.255
organisation: Administered by ARIN
status: LEGACY
whois: whois.arin.net
changed: 1993-05
source: IANA
# whois.arin.net
NetRange: 137.184.0.0 - 137.184.255.255
CIDR: 137.184.0.0/16
NetName: DIGITALOCEAN-137-184-0-0
NetHandle: NET-137-184-0-0-1
Parent: NET137 (NET-137-0-0-0-0)
NetType: Direct Allocation
OriginAS: AS14061
Organization: DigitalOcean, LLC (DO-13)
RegDate: 2019-11-13
Updated: 2020-04-03
Comment: Routing and Peering Policy can be found at https://www.as14061.net
Comment:
Comment: Please submit abuse reports at https://www.digitalocean.com/company/contact/#abuse
Ref: https://rdap.arin.net/registry/ip/137.184.0.0
OrgName: DigitalOcean, LLC
OrgId: DO-13
Address: 101 Ave of the Americas
Address: FL2
City: New York
StateProv: NY
PostalCode: 10013
Country: US
RegDate: 2012-05-14
Updated: 2022-05-19
Ref: https://rdap.arin.net/registry/entity/DO-13
OrgAbuseHandle: ABUSE5232-ARIN
OrgAbuseName: Abuse, DigitalOcean
OrgAbusePhone: +1-347-875-6044
OrgAbuseEmail: abuse#digitalocean.com
OrgAbuseRef: https://rdap.arin.net/registry/entity/ABUSE5232-ARIN
OrgTechHandle: NOC32014-ARIN
OrgTechName: Network Operations Center
OrgTechPhone: +1-347-875-6044
OrgTechEmail: noc#digitalocean.com
OrgTechRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
OrgNOCHandle: NOC32014-ARIN
OrgNOCName: Network Operations Center
OrgNOCPhone: +1-347-875-6044
OrgNOCEmail: noc#digitalocean.com
OrgNOCRef: https://rdap.arin.net/registry/entity/NOC32014-ARIN
The only thing we are interested in is Organization: DigitalOcean, LLC (DO-13)
As we want to drop all IP addresses from this host provider.
We noticed that we have been successful at stopping Google and AWS via using host command but Digital Ocean does not work this way and we need to do it via Whois.
I know in NodeJS I would request the information
exec("whois "+ip, (error, stdout, stderr) => {
console.log(stdout);
}

Could use a regular expression:
const organizationPattern = /^organization:\s*(.+)$/im;
const match = organizationPattern.exec(stdout);
const organization = match ? match[1] : 'unknown';
console.log(organization);

CloudFormation stack deletion failing to remove VPC

I have created aws infrastructure with collection EC2, Redshift, VPC etc. via CLOUDFORMATION. Now I want to delete it in particular reverse order. Exa. All resources are dependent on VPC. VPC should be deleted at the end. But somehow every stack is deleting but VPC stack is not deleting via python BOTO3.It shows some subnet or network interface dependency error. But when I try to delete via console, It deletes it successfully.
Has anyone faced this issue?
I have tried to delete everyting like loadbalancer which is attached to it. But still VPC is not deleting.

AWS CloudFormation creates a dependency graph between resources based upon DependsOn references in the template and references between resources.
It then tries to deploy resources in parallel, but takes dependencies into account.
For example, a Subnet might be defined as:
Subnet1:
Type: AWS::EC2::Subnet
Properties:
CidrBlock: 10.0.0.0/24
VpcId: !Ref ProdVPC
In this situation, there is an explicit reference to ProdVPC, so CloudFormation will only create Subnet1 after ProdVPC has been created.
When a CloudFormation stack is deleted, the reverse logic is applied. In this case, Subnet1 will be deleted before ProdVPC is deleted.
However, CloudFormation is not aware of resources created outside of the stack. This means that if a resource (eg an Amazon EC2 instance) is created inside the Subnet, then stack deletion will fail because the Subnet cannot be deleted while there is an EC2 instance using it (or, more accurately, an ENI is attached to it).
In such situations, you will need to manually delete the resources that are causing the "delete failure" and then try the delete command again.
A good way to find such resources is to look in the Network Interfaces section of the EC2 management console. Make sure that there are no interfaces connected to the VPC.

As you specified that you are having issues with deleting VPC within stacks containing lambdas which themselves are in VPC, this most probably could be because of the network interfaces being generated by lambdas to connect to other resources in the VPC.
Technically these network interfaces should be auto-deleted when lambdas are undeployed from the stack but in my experience, I have observed orphaned ENI's which doesn't let the VPC be undeployed.
For this reason, I created a custom resource backed lambda which cleans up the ENI's after all lambdas within VPC's have been undeployed.
This is the cloud formation part where you setup the custom resource and pass the VPC ID
##############################################
# #
# Custom resource deleting net interfaces #
# #
##############################################
NetInterfacesCleanupFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src
Handler: cleanup/network_interfaces.handler
Role: !GetAtt BasicLambdaRole.Arn
DeploymentPreference:
Type: AllAtOnce
Timeout: 900
PermissionForNewInterfacesCleanupLambda:
Type: AWS::Lambda::Permission
Properties:
Action: lambda:invokeFunction
FunctionName:
Fn::GetAtt: [ NetInterfacesCleanupFunction, Arn ]
Principal: lambda.amazonaws.com
InvokeLambdaFunctionToCleanupNetInterfaces:
DependsOn: [PermissionForNewInterfacesCleanupLambda]
Type: Custom::CleanupNetInterfacesLambda
Properties:
ServiceToken: !GetAtt NetInterfacesCleanupFunction.Arn
StackName: !Ref AWS::StackName
VPCID:
Fn::ImportValue: !Sub '${MasterStack}-Articles-VPC-Ref'
Tags:
'owner': !Ref StackOwner
'task': !Ref Task
And this is the corresponding lambda. This lambda tries 3 times to detach and delete orphaned network interfaces and if fails if it can't which means there's still a lambda which is generating new network interfaces and you need to debug for that.
import boto3
from botocore.exceptions import ClientError
from time import sleep
# Fix this wherever your custom resource handler code is
from common import cfn_custom_resources as csr
import sys
MAX_RETRIES = 3
client = boto3.client('ec2')
def handler(event, context):
vpc_id = event['ResourceProperties']['VPCID']
if not csr.__is_valid_event(event, context):
csr.send(event, context, FAILED, validate_response_data(result))
return
elif event['RequestType'] == 'Create' or event['RequestType'] == 'Update':
result = {'result': 'Don\'t trigger the rest of the code'}
csr.send(event, context, csr.SUCCESS, csr.validate_response_data(result))
return
try:
# Get all network intefaces for given vpc which are attached to a lambda function
interfaces = client.describe_network_interfaces(
Filters=[
{
'Name': 'description',
'Values': ['AWS Lambda VPC ENI*']
},
{
'Name': 'vpc-id',
'Values': [vpc_id]
},
],
)
failed_detach = list()
failed_delete = list()
# Detach the above found network interfaces
for interface in interfaces['NetworkInterfaces']:
detach_interface(failed_detach, interface)
# Try detach a second time and delete each simultaneously
for interface in interfaces['NetworkInterfaces']:
detach_and_delete_interface(failed_detach, failed_delete, interface)
if not failed_detach or not failed_delete:
result = {'result': 'Network interfaces detached and deleted successfully'}
csr.send(event, context, csr.SUCCESS, csr.validate_response_data(result))
else:
result = {'result': 'Network interfaces couldn\'t be deleted completely'}
csr.send(event, context, csr.FAILED, csr.validate_response_data(result))
# print(response)
except Exception:
print("Unexpected error:", sys.exc_info())
result = {'result': 'Some error with the process of detaching and deleting the network interfaces'}
csr.send(event, context, csr.FAILED, csr.validate_response_data(result))
def detach_interface(failed_detach, interface):
try:
if interface['Status'] == 'in-use':
detach_response = client.detach_network_interface(
AttachmentId=interface['Attachment']['AttachmentId'],
Force=True
)
# Sleep for 1 sec after every detachment
sleep(1)
print(f"Detach response for {interface['NetworkInterfaceId']}- {detach_response}")
if 'HTTPStatusCode' not in detach_response['ResponseMetadata'] or \
detach_response['ResponseMetadata']['HTTPStatusCode'] != 200:
failed_detach.append(detach_response)
except ClientError as e:
print(f"Exception details - {sys.exc_info()}")
def detach_and_delete_interface(failed_detach, failed_delete, interface, retries=0):
detach_interface(failed_detach, interface)
sleep(retries + 1)
try:
delete_response = client.delete_network_interface(
NetworkInterfaceId=interface['NetworkInterfaceId'])
print(f"Delete response for {interface['NetworkInterfaceId']}- {delete_response}")
if 'HTTPStatusCode' not in delete_response['ResponseMetadata'] or \
delete_response['ResponseMetadata']['HTTPStatusCode'] != 200:
failed_delete.append(delete_response)
except ClientError as e:
print(f"Exception while deleting - {str(e)}")
print()
if retries <= MAX_RETRIES:
if e.response['Error']['Code'] == 'InvalidNetworkInterface.InUse' or \
e.response['Error']['Code'] == 'InvalidParameterValue':
retries = retries + 1
print(f"Retry {retries} : Interface in use, deletion failed, retrying to detach and delete")
detach_and_delete_interface(failed_detach, failed_delete, interface, retries)
else:
raise RuntimeError("Code not found in error")
else:
raise RuntimeError("Max Number of retries exhausted to remove the interface")
The link to the lambda is https://gist.github.com/revolutionisme/8ec785f8202f47da5517c295a28c7cb5
More information about configuring lambdas in a VPC - https://docs.aws.amazon.com/lambda/latest/dg/vpc.html

Querying Azure APIM Diagnostic Logs

I've enabled diagnostic logs for APIM which are being sent to log-analytics.
Scenario
All incoming requests to server have RequestTracking_Id header.
All backend services use RequestTracking_Id header from the request in logs to track the request.
But from in APIM logs, I'm not able to pull this header to query upon.
Is there any way it is possible to have header information of incoming requests in APIM diagnostic logs?
Query:
AzureDiagnostics
| where Type contains "Azure" and Resource contains "APIM-DEV" and backendUrl_s contains "/relativePath" and DurationMs > 2000
The columns which are available on querying are :
TenantId SourceSystem MG ManagementGroupName TimeGenerated Computer activityId_g requestResourceType_s requestResourceId_s collectionRid_s statusCode_s duration_s clientIpAddress_s requestCharge_s requestLength_s responseLength_s resourceTokenUserRid_s region_s partitionId_g error_number_d Severity user_defined_b state_d exec_type_d wait_category_s total_query_wait_time_ms_d max_query_wait_time_ms_d is_parameterizable_s statement_type_s statement_key_hash_s query_param_type_d interval_start_time_d interval_end_time_d logical_io_writes_d max_logical_io_writes_d physical_io_reads_d max_physical_io_reads_d logical_io_reads_d max_logical_io_reads_d execution_type_d count_executions_d cpu_time_d max_cpu_time_d dop_d max_dop_d rowcount_d max_rowcount_d query_max_used_memory_d max_query_max_used_memory_d duration_d max_duration_d num_physical_io_reads_d max_num_physical_io_reads_d log_bytes_used_d max_log_bytes_used_d query_id_d query_hash_s plan_id_d query_plan_hash_s statement_sql_handle_s LogicalServerName_s ElasticPoolName_s DatabaseName_s start_utc_date_t end_utc_date_t wait_type_s delta_max_wait_time_ms_d delta_signal_wait_time_ms_d delta_wait_time_ms_d delta_waiting_tasks_count_d keyProperties_curve_s keyProperties_operations_s keyProperties_attributes_enabled_b algorithm_s identity_claim_xms_mirid_s lastError_transportErrorCode_d subnetId_s backendMethod_s backendUrl_s backendResponseCode_d backendTime_d requestSize_d productId_s userId_s apimSubscriptionId_s backendProtocol_s secretProperties_attributes_enabled_b clientIp_s clientPort_s ruleSetType_s ruleSetVersion_s ruleId_s Message action_s site_s details_message_s details_data_s details_file_s details_line_s hostname_s apiId_s operationId_s apiRevision_s clientIP_s clientPort_d httpMethod_s requestQuery_s userAgent_s httpStatus_d httpVersion_s receivedBytes_d sentBytes_d timeTaken_d sslEnabled_s host_s Level_d isRequestSuccess_b location_s lastError_source_s lastError_reason_s lastError_message_s lastError_section_s method_s url_s responseCode_d responseSize_d cache_s clientProtocol_s lastError_elapsed_d clientTime_d matchedConnections_d systemId_g vnetResourceGuid_g subnetPrefix_s macAddress_s primaryIPv4Address_s ruleName_s direction_s type_s instanceId_s healthyHostCount_d unHealthyHostCount_d requestCount_d latency_d failedRequestCount_d throughput_d priority_d conditions_protocols_s conditions_sourcePortRange_s conditions_destinationPortRange_s conditions_destinationIP_s conditions_sourceIP_s conditions_None_s trustedService_s CorrelationId identity_claim_http_schemas_microsoft_com_identity_claims_scope_s isAccessPolicyMatch_b certificateProperties_attributes_enabled_b certificatePolicyProperties_certificateProperties_subject_s certificatePolicyProperties_certificateProperties_validityInMonths_d certificatePolicyProperties_keyProperties_type_s certificatePolicyProperties_keyProperties_size_d certificatePolicyProperties_keyProperties_reuse_b certificatePolicyProperties_keyProperties_export_b certificatePolicyProperties_certificateIssuerProperties_name_s certificateEnrollmentProperties_id_s certificateEnrollmentProperties_certificateProperties_subject_s certificateEnrollmentProperties_certificateProperties_sha1_s certificateEnrollmentProperties_certificateProperties_sha256_s certificateEnrollmentProperties_certificateProperties_nbf_t certificateEnrollmentProperties_certificateProperties_exp_t certificateEnrollmentProperties_keyProperties_size_d certificateEnrollmentProperties_keyProperties_type_s certificateEnrollmentProperties_secretProperties_type_s certificateEnrollmentProperties_attributes_created_d certificateEnrollmentProperties_attributes_enabled_b certificateEnrollmentProperties_attributes_updated_d ResultDescription keyProperties_type_s keyProperties_size_d secretProperties_type_s certificateProperties_subject_s certificateProperties_sha1_s certificateProperties_sha256_s certificateProperties_nbf_t certificateProperties_exp_t Category OperationName ResultType CallerIPAddress identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s identity_claim_appid_g id_s clientInfo_s requestUri_s httpStatusCode_d vaultProperties_s ResourceId OperationVersion ResultSignature DurationMs SubscriptionId ResourceGroup ResourceProvider Resource ResourceType Type _ResourceId

If you want specific logs according to your application. You can use <log-to-eventhub/> in apim policy in the endpoint level / api level / product level.
Please see below link to know moer about this policy.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-log-to-eventhub-sample.md
In policy, you will get all the request and response objects from context object.
Please see the link to know more about Context variables.
https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ContextVariables
For headers, you can lookup the dictionary object context.Request.Header

Monitoring instances in Azure Virtual Machine Scale Set (VMSS) using Python

I want to monitor and get information regarding the different instances in an Azure Virtual Machine Scale Set (VMSS).
I used the command (Python):
vmss = compute_client.virtual_machine_scale_sets.list(resource_group, scale_set_name)
But I am not able to get the result I am expecting.
Any suggestions what to do?

You can use the following code to get the ip and powerstate.
compute_client = ComputeManagementClient(credentials, subscription_id)
vmss = compute_client.virtual_machine_scale_set_vms.list(resource_group_name="", vmss="")
for item in vmss:
print("name: ", item.name)
ni_reference = item.network_profile.network_interfaces[0].id
resource_client = ResourceManagementClient(credentials, subscription_id)
nic = resource_client.resources.get_by_id(
ni_reference,
api_version='2017-12-01')
ip_reference = nic.properties['ipConfigurations'][0]['properties']
print("ip info: ", ip_reference)
instance_view = compute_client.virtual_machine_scale_set_vms.get_instance_view(resource_group_name="", vmss="", instance_id=item.instance_id)
print(instance_view.statuses[1].code)
result:
name: yangtestvmss_1
ip info: {'provisioningState': 'Succeeded', 'privateIPAddress': '10.0.0.5', 'privateIPAllocationMethod': 'Dynamic', 'subnet': {'id': '/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/yangtestvmss/providers/Microsoft.Network/virtualNetworks/yangtestvmssVnet/subnets/default'}, 'primary': True, 'privateIPAddressVersion': 'IPv4', 'isInUseWithService': False}
PowerState/running
name: yangtestvmss_3
ip info: {'provisioningState': 'Succeeded', 'privateIPAddress': '10.0.0.7', 'privateIPAllocationMethod': 'Dynamic', 'subnet': {'id': '/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/yangtestvmss/providers/Microsoft.Network/virtualNetworks/yangtestvmssVnet/subnets/default'}, 'primary': True, 'privateIPAddressVersion': 'IPv4', 'isInUseWithService': False}
PowerState/running

If you want to get the VMs information, please use the following code.
subscription_id = 'subscription Id'
credentials = ServicePrincipalCredentials(client_id=CLIENT, secret=KEY, tenant=TENANT_ID)
client = ComputeManagementClient(credentials, subscription_id)
vmss = client.virtual_machine_scale_set_vms.list("resourcegroup Name","VMSS name")
for item in vmss:
print("id:",item.id)
print("name",item.name)
Test Result:

There is a cool tool that a guy from Microsoft has been build for monitoring VMSS
see this link VMSS Dashboard
The mentioned tool helps you to see the status of VMs in the scale set: you can see the update domain and fault domain grouping of VMs. It lets you start or deallocate a VM. The code is for more than two years ago.

How to overload built-in Solr permissions

I tried to combine a predefined permission with a custom permission in Solr's security.json. That does not seem to work with Solr 7.1.0.
security.json:
{
"authentication":{
"blockUnknown": true,
"class":"solr.BasicAuthPlugin",
"credentials":{"user1":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c=",
"user2":"IV0EHq1OnNrj6gvRCwvFwTrZ1+z1oBbnQdiVC3otuq0= Ndd7LKvVBAaZIF0QAVi1ekCfAJXr1GGfLtRUXhgrF8c="}
},
"authorization":{
"class":"solr.RuleBasedAuthorizationPlugin",
"user-role":{"user1":"admin","user2":"user"}
"permissions":[{"name":"shard-management","role":"*","path":"/admin/collections","params":{"action":["CREATESHARD", "DELETESHARD"]}},
{"name":"collection-admin-edit","role":"admin"}],
}}
This configuration tries to assign collection-admin-edit permission to user1 and give access to CREATESHARD and DELETESHARD to user2. (Password is "SolrRocks" for both users, btw)
Effectively, user2 cannot call DELETESHARD:
o.a.s.s.RuleBasedAuthorizationPlugin This resource is configured to have a permission {
"name":"collection-admin-edit",
"role":"admin"}, The principal [principal: user2] does not have the right role
o.a.s.s.HttpSolrCall USER_REQUIRED auth header Basic dXNlcjI6U29sclJvY2tz context : userPrincipal: [[principal: user2]] type: [ADMIN], collections: [TeamSlide, TeamSlide,], Path: [/admin/collections] path : /admin/collections params :indent=true&action=DELETESHARD&shard=TestShard&collection=TestColl&wt=json
Same result when changing the order of permissions. Any way to solve this?