In the Azure Portal I can look up a Storage Account and go to the Settings/Properties section and see the list of properties which contains PRIMARY STATIC WEBSITE ENDPOINT. Alternatively I can see the same information in the Settings/Static Website section marked as Primary endpoint
How do I get that with the Azure PowerShell "Az" module?
Alternatively, I can piece together the URL if I can find the zone information from somewhere. e.g. From this template https://<ACCOUNT_NAME>.<ZONE_NAME>.web.core.windows.net/<FILE_NAME>
Or is there another way I can get the information I need easily from within a PowerShell script?
You can get the PRIMARY STATIC WEBSITE ENDPOINT details using Az module with the below command or snippet.
(Get-AzStorageAccount -ResourceGroupName <RESOURCEGROUPNAME> -Name <STORAGEACCOUNTNAME>|select PrimaryEndpoints).PrimaryEndpoints.Web
For illustration, please see below screenshot.
Hope this helps!! Cheers!!
I've found a sort of solution. It doesn't feel ideal. I would hope that there is a more concise and less fragile way to get this information but the following gets me what I am looking for in PowerShell, after a fashion.
I had to install an additional PowerShell module, that I would have thought be installed already, but...
Install-Module Az.ResourceGraph
And then I was able to use the Search-AzGraph function like this:
(Search-AzGraph -Subscription <SubscriptionGuidHere> `
-Query "where type == 'microsoft.storage/storage
accounts' | where name == '<StorageAccountName>' | limit 1")`
.aliases `
.'Microsoft.Storage/storageAccounts/primaryEndpoints.web'
I don't know if this is the best query syntax, as I managed to cobble it together from a variety of documentation I've only just found and a bit of brute force and ignorance.
The above is also a little fragile - I suspect there is caching going on somewhere, or maybe where this function gets its information from simply hasn't got the latest information. If you run this too quickly after creating the storage account you get nothing back, but wait a few seconds and it returns the information. The longest I've had to wait for the above to bring back results is about 30 seconds.
If anyone has a better solution, I'd love to go down that route instead, as Search-AzGraph is probably okay for monitoring, but not good when you want to get the name of an end point so the next part of a script can use that to continue what it is doing.
Related
I have a script that retrieves a webhook (meaning it has to be deployed as a publicly accessible App), and then uses an API to send a message.
The API requires using a key and secret, which I obviously don't want accessible to the public.
Q1: Is there a way to hide an API key/secret in another script and somehow have it accessible?
(Or any other similar solution - doesn't have to be fancy, just functional/safe).
Alternate Question:
Q2: What can a stranger actually see in my public Apps Script project? The full code? If I hide keys in a functions with an underscore ie. function name_(){}, can they read it?
IMPORTANT INFO: I have not 'shared' the project or spreadsheets with anyone, they're still private. But I've 'deployed' the Web App with permissions for 'anyone'. I assume that means anyone can access?
Everything in the script is visible to whoever has access (script owner, workspace admins, added users). Unless only the url of the webapp is shared and if the script itself is not shared then they are not able to access the script, so technically you can still keep them in your script. It is safe there and only the owner and workspace admins (if it is for Google workspace) can access it.
A way you can store/save the key is by storing it in script properties. Doing this you only need to run the script once to store the API key, moving forward you can remove the API key from the script and it will still run:
https://developers.google.com/apps-script/guides/properties#saving_data
Also refer to this post for more information, in my posted answer I have also provided alternatives and reference links:
Is it safe to put in secrets inside Google App Script code?
My project meet this issue, too. Because the amount of functions is not too much , So i hide my main GAS behind an dummy one .
So far I had 2 GAS
the main GAS with key , and all functions , and I deploy it as Web APP
Of cause u need doGet or doPost to do as entrance of API
The dummy one to share with users.
Then you can call something like below in dummy GAS
var url = 'https://script.google.com/macros/s/xxxxxxxxxxx/exec';
UrlFetchApp.fetch(url,{'method': 'get'});
I hope its useful in your case.
Today I am facing a problem:
I am trying to automate an azure logic app deployment with a VideoIndexer service from Azure, using Terraform but it ask me for a parameter called API Key (on the web side).
The official documentation is this:
https://learn.microsoft.com/en-us/azure/azure-video-analyzer/video-analyzer-for-media-docs/logic-apps-connector-tutorial
But I cannot find the name of the apiKey parameter (and no, it isn't apiKey)
Anyone could help here? And for help me to avoid doing a question like that: how can I check an Apiconnection to see which parameters are registered?
Maybe this example could help you (I didn't find the answer there, but maybe you have better eyes than me): https://www.returngis.net/2021/04/como-desplegar-azure-logic-apps-con-terraform/
The apiKey for the videoindexer is named 'Ocp-Apim-Subscription-Key'
See also the example on this page: https://learn.microsoft.com/en-us/azure/azure-video-analyzer/video-analyzer-for-media-docs/video-indexer-use-apis
I am trying to add a custom security rule to one of my network security groups through Java SDK API. The code I am using is below (taken from reference):
NetworkSecurityGroup nsg = azure.networkSecurityGroups().getById(nsgID);
nsg.update()
.defineRule("Custom")
.allowInbound()
.fromAnyAddress()
.fromAnyPort()
.toAnyAddress()
.toPortRange(5405)
.withProtocol(SecurityRuleProtocol.UDP)
.withDescription("Allow Custom")
.withPriority(180)
.attach()
.apply();
}
The code seems to execute fine with no errors or exceptions, but at the end of it - I am not able to see my new rule listed at all as seen from my azure console. I need some help to understand why this could be so or any pointers to debug further!
From looking on your code, the only thing I see that might be problematic is the call to toPortRange with just one parameter. Try switching to a call to toPort.
Take a look at WithDestinationPort definitions (there are 4 of them for different types) on the Azure SDK for Java site.
Hope it helps!
As I know (and Microsoft is always pointing), Runbooks will help you to do automation progress. Related to the Azure Webhook documents, it's possible to call (start/run) a Runbook, from external application using HTML POST request. and there is some simple response code to determine what is the status of post request, But seems there is no more possibility to get more response from the progress.
Am I searching wrong place and using wrong tool to make automation in Azure Could or there is some ways to send a request to Runnbok and get some response?
Extra Note: I know that it's possible to Call a Runbook from another Runbook using WorkFlow and get some responses, but the problem is if I Start a Runbook using webhook, and if there is no way to get any more response except those simple status codes, then how I can determine what is the result of my first call to do some automation? There should be some ways to get the Final result of a Runbook progress to make a decision for next step, else, Runbooks will be meaningless for automation!
Azure Automation is built as a fire and forget solution. It was the first piece in the event-driven architecture. Where something occurs on one system, and there is a call made to react to that.
The intention is that the runbook itself has all of the logic needed to act on its own behalf. That any further processing is done via that runbook firing another process, that could then go and inspect the output and make decisions based on that.
It does seem counter-intuitive initially - I have previously jumped through all sorts of hoops to make Automation more informative - but once you realise its purpose in the Azure infrastructure intention, it begins to kinda make sense.
If you are specifically looking for something you can fire and get a response from, Azure Functions would be the way to go.
As per documentation of Microsoft.Automation/automationAccounts/modules (https://learn.microsoft.com/en-us/azure/templates/microsoft.automation/automationaccounts/modules#ContentLink) it's expecting URI parameter. What exactly supposed to be at the end of that parameter? I want to push my custom module and it's possible through UI via ZIP file and I expected that I can specify ZIP with custom DSC resource but it did not work. There is no documentation I was able to find what shall appear in that URI.
You need to provide uri to your zipped dsc module ;) There are a bunch of article online that you can salvage data from. Like this.
Also, take a look here