Deployment script needs to enumerate existing public IP addresses from public IP prefix. Public IP Prefix object contains an array of resource identifies of individual public IP address.
I'd like to retrieve individual public ip addresses using provided resource identifier. Something like this:
Get-AzPublicIpAddress -ResourceId $resourceId;
Unfortunately, such signature doesn't exist. Get-AzPublicIpAddress expects ip address name as input parameter.
I understand that I can do:
Call Get-AzResource and get needed information from returned object [it means extra network call]
Parse needed information out of resource identifier [would like to avoid implementing this logic in PowerShell]
Question - are these the only options? Or maybe Az provides a built-in way of parsing resource identifiers?
You can use Get-AzResource -resourceId xxx -ExpandProperties | fl * for such requests. its a generic cmdlet that will work for any resource.
How is calling Get-AzResource an extra network call, compared to Get-AzPublicIpAddress? Its 1 call vs 1 call.
No, Az doesnt provide any parsing capabilities, they are not needed. You have tools to use resource id as well as individual names.
getting resource name out of resource id is fairly easy:
$resourceId -split '/' | Select-Object -Last 1
I don't think you can pass the -ResourceId directly to the command, all the built-in parameters are here : https://learn.microsoft.com/en-us/powershell/module/az.network/get-azpublicipaddress?view=azps-1.4.0. The most close way I can find is your option 2.
Not sure why you want to use Get-AzPublicIpAddress via ResourceId, even if we use -Name and -ResourceGroupName i.e. Get-AzPublicIpAddress -Name <publicIpName> -ResourceGroupName <ResourceGroupName>, it essentially also passes them into the request url of the rest api which the command called.
GET https://management.azure.com/subscriptions/xxxxxxxxx/resourceGroups/joywebapp/providers/Microsoft.Network/publicIPAddresses/joyVM-ip?api-version=2018-10-01
Actually, you could find /subscriptions/xxxxxxxxx/resourceGroups/joywebapp/providers/Microsoft.Network/publicIPAddresses/joyVM-ip is the ResourceId.
So I think it should be not too difficult for Microsoft to add the -ResourceId as a bulit-in parameter of the Get-AzPublicIpAddress command, if you want to improve it, you could give the feedback here.
Update:
Microsoft has replied to the this issue, see : https://github.com/Azure/azure-powershell/issues/8704#issuecomment-470604852
thanks for opening this feature request -- to provide more insight as to why the issues you mentioned above were closed: all new cmdlets that we ship in Az must conform to the pattern of having parameter sets that allow the user to do the following:
Provide the components of a resource (e.g., resource group name, resource name, etc.)
Provide the resource id of a resource
Provide the object representation of the resource (some cmdlets won't use this, like Get-*)
Later this year, we will begin generating our cmdlets using AutoRest (see this blog post for more details), and the above patterns will be enforced in the generator. Our goal then is to generate cmdlets for existing Azure services and replace our existing cmdlets with the generated ones.
Related
I have a web application in azure and I want to make sure that only my build server (or any other VM on the same subnet) are the only ones which are able to access the SCM site. I thought the most obvious thing would be to create an access restriction rule and in fact that works, I am able to create it from the portal with no issue whatsoever.
The problem, however, happens when I try to automate this using powershell. My build server subnet is located on a subscription different from the one where my web application is.
I am executing the following powershell script:
$subnetId = "/subscriptions/$VNETSubscriptionId/resourceGroups/$VNETResourceGroup/providers/Microsoft.Network/virtualNetworks/$buildServerVNET/subnets/$buildServerSubNet"
Add-AzWebAppAccessRestrictionRule -ResourceGroup $webAppRg -WebAppName $webAppname -Name VNETAccess -Priority 1000 -Action Allow -SubnetId $subnetId
And I get the following error:
Add-AzWebAppAccessRestrictionRule : The client '{{my user credential}}' with object id '81fa4eb1-5553-4daa-af44-3c717b19eda2' does not have authorization to perform action 'Microsoft.Network/virtualNetworks/subnets/read' over scope '/subscriptions/{{websiteSubscriptionId}}/resour
ceGroups/{{VNETResourceGroup}}/providers/Microsoft.Network/virtualNetworks/{{buildServerVNET}}/subnets/{{buildServerSubNet}}' or
the scope is invalid. If access was recently granted, please refresh your credentials.
The error seems to indicate that the cmdlet is searching for the subnet on the same subscription id than the website instead of the subscription where the subnet is located, since the resourceId string that is being returned on the error messsage has the wrong subscription Id. It is using the one where the website is instead of using the one where the build server is.
What else needs to be done in order to create this rule through powershell?
The error message is confused.
In fact, after my validation, you need to add the -IgnoreMissingServiceEndpoint parameter when adding a subnet from a different subscription. Read this GitHub case WebApp:Add-AzWebAppAccessRestrictionRule.md - incorrect use of subscription context over SubnetId param
When using a subnet from a different subscription, we cannot validate
the subnet to see if the correct service endpoint (Microsoft.Web) has
been set. If you use -IgnoreMissingServiceEndpoint the rule can be
added.
How can I get the Object Id of an Azure resource using PowerShell cmdlets?
I tried using Get-AzureRmResource -ResourceName 'my-resource' | fl but it fails with error: Parameter set cannot be resolved using the specified named parameters
I also tried using Get-AzResource -Name 'my-resource' but among the information it retrieves it doesn't include the Object Id.
In Azure, there is no such Object Id for azure resources in the subscription, there is just a ResourceId with the format /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/{resource-provider-namespace}/{resource-type}/{resource-name}.
You can get it via Get-AzResource you used, it returns the ResourceId.
With the Partner center Powershell module I can get all the info of my customers billing profile with the command Get-CustomerSubsctionUsage.
Now This command doesn't give back the Resource name. So I tried getting the name from Get-AzureRmResource which will provide the name , resourcegroupname , ... It even can do that based on an Id Get-AzureRmResource -ResourceId /subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/resourceGroups/testRG/providers/Microsoft.Compute/virtualMachines/testVM But The problem is, The Id that I can provide from the usage data is not the same as the id that the command needs.
I tried to get the resource uri from another command inside the partner center module. But because I really need to have the first command for the cost data. It was hard to get the resourceUri per resource I found inside the first command. That's why now I just want to get the resource name from the AzureRm module. But It can't seem to find any right way to get it properly. The reason why i want to do this is because the resourceID or the resource name that the partner center module provided is not presentable on a power bi report
TL;DR : I want to get the Azure Resource name based on the Resource GUID
Similar question has been asked on this forum related to Azure resource GUID and billing.
GUID(Resource Id) in this usage data does not refer to the Id of any resource like Virtual machine or storage. Look like its merely deployment GUID
ref.
How to get resource name from Azure Resource GUID?
https://social.msdn.microsoft.com/Forums/vstudio/en-US/01695990-a309-4a07-9c7e-e2cf0acfa3d6/resource-guid-in-azure-portal?forum=windowsazurepurchasing
I want to check whether a traffic manager is unique or not.
I am using Powershell Commandlets to get the information.
$profile = Get-AzureRmTrafficManagerProfile -Name $ResourceName -ResourceGroupName $ResourceGroupName
This command only checks for the traffic manager profile in the specified group. But traffic manager's are deployed globally. So, when I try to deploy with same traffic manager name in different resource group then error is thrown.
To avoid this error, I want to check at first only if that traffic manager exists globally. Didn't find any solution in documentation.
Is there any way to achieve this?
You can use the Test-AzureTrafficManagerDomainName powershell cmdlet.
C:\> get-help Test-AzureTrafficManagerDomainName
NAME
Test-AzureTrafficManagerDomainName
SYNOPSIS
Checks whether a domain name is available as a Traffic Manager profile.
SYNTAX
Test-AzureTrafficManagerDomainName [-DomainName] <String> [<CommonParameters>]
DESCRIPTION
The Test-AzureTrafficManagerDomainName cmdlet checks whether a domain name is available as a Microsoft Azure
Traffic Manager profile. If the domain name is available, this cmdlet returns a value of $True.
Or you could use a rest call to this endpoint:
https://management.core.windows.net/SUB_GUID/services/WATM/operations/isavailable/%NAME%.trafficmanager.net
The New-AzureDeployment cmdlet is not updating the Deployment Name with the value from the -Name parameter. As per MSFT's documentation here, the -Name parameter maps to the Deployment Name but when I tested, it was the Deployment Unique name that got updated with the value of -Name parameter. Moreover, I could use special characters like '.' and '/' in deployment name when uploading the package directly from portal, but the cmdlet wouldn't let me use any special characters
Wondering if someone had run into this issue?
Here is the screenshot of the error that I am seeing when using special characters
New-AzureDeployment : HTTP Status Code: BadRequest - HTTP Error
Message: The deployment name is invalid
Use the -Label option to specify user friendly name (your custom desired name that will be shown in the portal).
-Name option is for system-use, and is assigned to a GUID if not specified.
Here is where in the portal these switches are represented: