Using Azure CLI, it is possible to generate a SAS Token easily:
SAS_TOKEN=$( \
az iot hub generate-sas-token \
--hub-name $IOT_HUB \
--device-id $DEVICE \
--query sas \
--output tsv)
I would like to generate the SAS token using curl, calling an Azure public API.
Is it possible?
There is no such API, the workaround is that you can use Azure Functions to generate an IoT SAS Token, then call Azure function using curl to get the SAS token.
Reference:
Using Azure Functions to generate an IoT SAS Token
Related
I cannot find any documentation on how to generate/renew the masterkey of CosmosDB for Read/Write or only for Read.
I can do it on Azure Portal, but I wish to do this with python or with a REST API.
For lot of ressource in Azure, we can use the Service Principal to generate a Token and then access other API. Like in Databricks.
curl -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
https://login.microsoftonline.com/${TENANT_ID}/oauth2/v2.0/token \
-d 'client_id=${CLIENT_ID}' \
-d 'grant_type=client_credentials' \
-d 'scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default' \
-d 'client_secret=${CLIENT_SECRET}'
With the scope=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d%2F.default it will grant me access to Databricks API. https://vault.azure.net/.default is for Azure KeyVault. But I can't find anything for cosmos-DB
Any Idea on how to manage cosmosdb from a Service Principal?
Yes you can do this using the Python Azure Management Library for Cosmos DB.
Pip install these
azure-identity
azure-mgmt-resource==15.0.0
azure-mgmt-cosmosdb==6.4.0
azure-cosmos==4.2.0
Some samples that show you how to get started using this library here
The API article on how to regenerate a key is here
I tried the below code to generate the SAS key for the Azure IoT Central.
az iot central device compute-device-key --pk {primaryKey} --device-id {deviceid}
But it gives the below error.
Please let me know how to generate the SAS key for the Azure IoT Central using PowerShell
You need to update your azure-iot extension for Azure CLI. You might also need to update Azure CLI itself.
az extension update --name azure-iot
https://github.com/Azure/azure-iot-cli-extension#installation
I am trying to create an Azure Key Vault but I am getting below error:
az keyvault create --location ${regionName} --name ${MyKeyVault} --resource-group ${resourceGroupName}
Error: (VaultAlreadyExists) The name 'check' is already in use.
Please help me write a code to check if the Key Vault name is avaialable.
There is no built-in CLI command to do this, your option is to use az rest call the REST API directly.
Sample:
az rest --method post --uri 'https://management.azure.com/subscriptions/<subscription-id>/providers/Microsoft.KeyVault/checkNameAvailability?api-version=2019-09-01' --headers 'Content-Type=application/json' --body '{"name": "joykeyvault","type": "Microsoft.KeyVault/vaults"}'
You can use Azure API to check that Keyvault name is valid and is not already in use.
https://learn.microsoft.com/en-us/rest/api/keyvault/vaults/checknameavailability
I'm trying to create a file share in Azure CLI command:
az storage share create --account-name storeactjan --name filesharejan --account-key key1
but having below error:
The server failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
ErrorCode: AuthenticationFailed AuthenticationFailedServer
failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
RequestId:42b399c2-701a-006f-4630-1d9aad000000
Time:2020-04-28T07:39:27.0899771ZThe
MAC signature found in the HTTP request
'QVn0bi79ZIhaO+LS3w/VzaiI5cAMfJiVRav6RbgfbtA=' is not the same as any
computed signature. Server used following string to sign: 'PUT'
You haven't the right format for the account-key argument.
Here is what you have to do according to the microsoft documentation ( https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-cli ). For your information, I use CLI in PowerShell.
1) Retrieve the key with the right format
$key1 = az storage account keys list --account-name storeactjan --query "[0].value" | tr -d '"'
2) Create your file share
az storage share create --account-name storeactjan --name filesharejan --account-key $key1
Hope it will help you.
I will say, you can create arm template for the same and can call it.
PFB the link -
https://github.com/Azure/azure-quickstart-templates/tree/master/101-storage-file-share
I am able to generate SAS token for the storage account from the Azure portal but the problem which I am facing is explained below-
Storage account consists of two Containers. One container file has to be given access for the users whom I will provide the SAS token and one container should be completely private means user cannot see this container.
Problem is if I am generating SAS token and login into Azure explorer using that SAS token,I am seeing both the containers but my requirement is to see only 1 container. Is there any way to give permission for only one container by generating SAS token using Azure portal without creating any custom application for generating these tokens.
Easiest way to do that would be to use powershell:
Set-AzureRmStorageAccount -Name 'name'
$sasToken = New-AzureStorageContainerSASToken -Permission r -ExpiryTime (Get-Date).AddHours(2.0) -Name 'container name'
you could issue this command with -debug switch, capture the rest call and use that call to mimic it, using arm client, or custom app or whatever.
The Azure CLI alternative:
az storage container generate-sas --account-name ACCOUNT_NAME --account-key ACCOUNT_KEY --https-only --expiry 'YYYY-MM-DD' --name CONTAINER_NAME --permissions r
Valid permissions: (a)dd (c)reate (d)elete (l)ist (r)ead (w)rite
For more information, check out: az storage container generate-sas -h