For web deployment using FTP;I came across a situation, where i'm using Azure CLI command to create an app service plan in FREE tier to deploy the web app in it.
Here is how i am approaching:
used command:
az login --allow-no-subscriptions
sign in, use a web browser to open the page https://microsoft.com/devicelogin and enter the code xxxxxxx to authenticate. Working fine with below result.
[
{
"cloudName": "AzureCloud",
"id": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"isDefault": true,
"name": "N/A(tenant level account)",
"state": "Enabled",
"tenantId": "1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx",
"user": {
"name": "email#gmail.com",
"type": "user"
}
}
]
Then, create basic app service plan using :
"az appservice plan create -g MyResourceGroup -n MyPlan"
This gives me error saying "The subscription 1fdacf7a-xxxxx-xxxx-xxxx-
xxxxxxxxxxxxx could not be found.
How to resolve this problem? Thanks.
I can reproduce your issue, to fix the issue, please don't use the --allow-no-subscriptions parameter.
You just need to login with:
az login
or
az login --use-device-code
Then use the command below to set the subscription:
az account set --subscription 1fdacf7a-xxxxx-xxxx-xxxx-xxxxxxxxxxxxx
Run az appservice plan create -g MyResourceGroup -n MyPlan:
Related
I am trying to fetch Azure Artifacts through Service Principal in PowerShell but not able to do it.
Reproduction step:
az login --service-principal --username "" -p="" --tenant ""
Above command works fine and returns the following output:
[
{
"cloudName": "",
"homeTenantId": "",
"id": "",
"isDefault": true,
"managedByTenants": [],
"name": "Microsoft Azure Enterprise",
"state": "Enabled",
"tenantId": "",
"user": {
"name": "",
"type": "servicePrincipal"
}
}
]
Then I ran the following command to download the artifacts:
az artifacts universal download --organization "" --project "" --scope project --feed "" --name "" --version "" --path .
Error:
python.exe : WARNING: Could not retrieve credential from local cache for service principal under tenant
. Trying credential under tenant , assuming that is an app credential.
At C:\Program Files (x86)\Microsoft SDKs\Azure\CLI2\wbin\az.ps1:2 char:1
& "$PSScriptRoot..\python.exe" -IBm azure.cli $args
+ CategoryInfo : NotSpecified: (WARNING: Could ...app credential.:String) [], RemoteException
+ FullyQualifiedErrorId : NativeCommandError
WARNING: Could not retrieve credential from local cache for service principal under tenant
. Trying credential under tenant , assuming that is an app credential.
ERROR: Failed to update Universal Packages tooling.
Before you can run Azure DevOps commands, you need to run the login command(az login if using AAD/MSA identity else az devops login if using PAT token)
to setup credentials. Please see https://aka.ms/azure-devops-cli-auth for more information.
I am able to download the artifacts when I simply run az login, then pass the authentication through browser and then run the az artifact download command. But I want to automate this process through code so I need to login programmatically.
Please let me know what can I do? I have already spent a lot of days for this issue.
Thanks
I am attempting to setup and install this reference app from Azure, created by the Microsoft patterns & practices team: https://github.com/mspnp/serverless-reference-implementation - the setup is via Azure CLI not the UI.
However it uses Azure AD Graph, which has just very recently been deprecated and replaced by Microsoft.Graph as documented here: https://learn.microsoft.com/en-gb/cli/azure/microsoft-graph-migration
This breaks the installation instructions in the app, specifically the az ad app create command:
export API_APP_ID=$(az ad app create --display-name $API_APP_NAME --oauth2-allow-implicit-flow true \
--native-app false --reply-urls http://localhost --identifier-uris "http://$API_APP_NAME" \
--app-roles ' [ { "allowedMemberTypes": [ "User" ], "description":"Access to device status", "displayName":"Get Device Status", "isEnabled":true, "value":"GetStatus" }]' \
--required-resource-accesses ' [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" } ] }]' \
--query appId --output tsv)
Fails with: ERROR: unrecognized arguments: --native-app false
If I try to update the command with the new parameters for Microsoft.Graph as per the migration guide above:
export API_APP_ID=$(az ad app create --display-name $API_APP_NAME --enable-access-token-issuance true \
--is-fallback-public-client false --web-redirect-uris http://localhost --identifier-uris "http://$TENANT_NAME.onmicrosoft.com/$API_APP_NAME" \
--app-roles ' [ { "allowedMemberTypes": [ "User" ], "description":"Access to device status", "displayName":"Get Device Status", "isEnabled":true, "value":"GetStatus" }]' \
--required-resource-accesses ' [ { "resourceAppId": "00000003-0000-0000-c000-000000000000", "resourceAccess": [ { "id": "e1fe6dd8-ba31-4d61-89e7-88639da4683d", "type": "Scope" } ] }]' \
--query appId --output tsv)
The create command works - but the app's manifest does not have the expected data:
export API_IMPERSONATION_PERMISSION=$(az ad app show --id $API_APP_ID --query "oauth2Permissions[?value == 'user_impersonation'].id" --output tsv)
This returns NULL - the new Microsoft.Graph API does not even create this field in the app's manifest. I manually confirmed this by looking at the manifest in the Azure UI. This means the following commands that rely on this field existing are unusable.
How can I fix this so I can install this reference app given that the install instructions refer to the no longer available Azure AD Graph API? What is the correct az ad app create command that lets Microsoft.Graph API create the API app with oauth?
I am using following az api call command az apim show -n Namexxx -g RGxxx. As an output I am getting below:
{
"additionalLocations": null,
"apiVersionConstraint": {
"minApiVersion": null
},
"certificates": null,
"createdAtUtc": "2021-10-15T08:49:38.486813+00:00",
"customProperties": {
"Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Backend.Protocols.Tls11": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168": "true",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Ssl30": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls10": "false",
"Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Protocols.Tls11": "false"
},
I need to modify one of the customProperties. I tried to use command: az apim update -n xxNamexx -g xxRGxx --set customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168=false but I am getting an error like below:
Couldn't find 'Microsoft' in 'customProperties.Microsoft.WindowsAzure.ApiManagement.Gateway.Security'. Available options: ['Microsoft.WindowsAzure.ApiManagement.Gateway.Protocols.Server.Http2'
In MS API dos didn't find any useful information --> AZ apim API
#tester81
Command group 'apim' is experimental and under development.I tested the functionality at my end and I was encountering the same issue in a WinPowershell.
I did find an different behavior at the Ubuntu Terminal.
If you are not making use of Win Powershell/cmd for invoking the az commandlet, you could probably try the below script at your end in your linux terminal.
customPropertiesUpdated=$(az apim show -n <APIM NAME> -g <APIM RESOURCE GROUP> --query customProperties | jq '."Microsoft.WindowsAzure.ApiManagement.Gateway.Security.Ciphers.TripleDes168" = "True"')
az apim update -n <APIM NAME> -g <APIM RESOURCE GROUP> --set customProperties="$customPropertiesUpdated"
The above script helped in changing the state. However, a relative script in Win Powershell / Commad prompt / Cloud shell did not.
The Alternative or the recommended approach would be to make use of the REST API - until it is out of the experimental stage.
Please do see properties.customProperties - Api Management Service - Create Or Update - REST API (Azure API Management) | Microsoft Docs
I have a File Share setup in a Storage Account. When I try to mount it in my Web App I get the following response:
"nexport-shared": {
"accessKey": "hidden==",
"accountName": "hidden",
"mountPath": "\\\\nexportshared",
"shareName": "nexportcampusbetashare",
"state": "InvalidCredentials",
"type": "AzureFiles"
}
I am using the az CLI command below :
az webapp config storage-account add --resource-group "GROUPNAME" --name "WEBAPPNAME" --custom-id nexport-shared --storage-typeAzureFiles --share-name nexportcampusbetashare --account-name STORAGEACCOUNT --access-key "hidden==" --mount-path "\\nexportshared" --verbose --debug
When I run 'az webapp config list' it shows up in the list but still with InvalidCredentials
A possible reason is that you have input an invalid key or storage account to mount the Azure files. Correcting these parameters fixes this issue for me.
Fixed as below
You may need to turn off or modify the firewall on the storage account for the Azure-Cli and the App Service to be able to see it.
I'm getting same response and file share is working as expected.
Also I just found an issue created about this, seems to be an error in the response message from the API:
https://github.com/Azure/azure-cli/issues/21571
So I'm following this guide in order tosuse Azure 2.0 CLI to create an app service to deploy.
https://learn.microsoft.com/en-us/azure/app-service-web/app-service-web-get-started
I have set up the resource group, the app service plan and the app but instead of setting up the deployment with a Git repository like this
az appservice web source-control config-local-git --name <app_name> --resource-group my-first-app-group
I would like to put all my files into a folder in DropBox.
This step can be done by using the Azure web site but I would like to know if it is possible to using the Azure 2.0 CLI? If so, what is the command?
I would like to put all my files into a folder in DropBox.
This step can be done by using the Azure web site but I would like to
know if it is possible to using the Azure 2.0 CLI?
We can use CLI 2.0 command like this:
C:\Users>az appservice web source-control config --repo-url https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0 --repository-type mercurial --name jasonapp2 --resource ubuntu
Here is my result:
C:\Users>az appservice web source-control config --repo-url https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0 --repository-type mercurial --name jasonapp2 --resource ubuntu
{
"branch": null,
"deploymentRollbackEnabled": false,
"id": "/subscriptions/5384xxxx-xxxx-xxxx-xxxx-0361e29a7b15/resourceGroups/ubuntu/providers/Microsoft.Web/sites/jasonapp2/sourcecontrols/web",
"isManualIntegration": false,
"isMercurial": false,
"kind": null,
"location": "Central US",
"name": "jasonapp2",
"repoUrl": "https://www.dropbox.com/sh/ar7n31ozqgchnb2/AABxdZN4v4pklk3USCnFBWdVa?dl=0",
"resourceGroup": "ubuntu",
"tags": {
"hidden-related:/subscriptions/5384xxxx-xxxx-xxxx-xxxx-0361e29a7b15/resourcegroups/AppResource/providers/Microsoft.Web/serverfarms/palian160919": "empty"
},
"type": "Microsoft.Web/sites/sourcecontrols"
}