I've enabled diagnostic logs for APIM which are being sent to log-analytics.
Scenario
All incoming requests to server have RequestTracking_Id header.
All backend services use RequestTracking_Id header from the request in logs to track the request.
But from in APIM logs, I'm not able to pull this header to query upon.
Is there any way it is possible to have header information of incoming requests in APIM diagnostic logs?
Query:
AzureDiagnostics
| where Type contains "Azure" and Resource contains "APIM-DEV" and backendUrl_s contains "/relativePath" and DurationMs > 2000
The columns which are available on querying are :
TenantId SourceSystem MG ManagementGroupName TimeGenerated Computer activityId_g requestResourceType_s requestResourceId_s collectionRid_s statusCode_s duration_s clientIpAddress_s requestCharge_s requestLength_s responseLength_s resourceTokenUserRid_s region_s partitionId_g error_number_d Severity user_defined_b state_d exec_type_d wait_category_s total_query_wait_time_ms_d max_query_wait_time_ms_d is_parameterizable_s statement_type_s statement_key_hash_s query_param_type_d interval_start_time_d interval_end_time_d logical_io_writes_d max_logical_io_writes_d physical_io_reads_d max_physical_io_reads_d logical_io_reads_d max_logical_io_reads_d execution_type_d count_executions_d cpu_time_d max_cpu_time_d dop_d max_dop_d rowcount_d max_rowcount_d query_max_used_memory_d max_query_max_used_memory_d duration_d max_duration_d num_physical_io_reads_d max_num_physical_io_reads_d log_bytes_used_d max_log_bytes_used_d query_id_d query_hash_s plan_id_d query_plan_hash_s statement_sql_handle_s LogicalServerName_s ElasticPoolName_s DatabaseName_s start_utc_date_t end_utc_date_t wait_type_s delta_max_wait_time_ms_d delta_signal_wait_time_ms_d delta_wait_time_ms_d delta_waiting_tasks_count_d keyProperties_curve_s keyProperties_operations_s keyProperties_attributes_enabled_b algorithm_s identity_claim_xms_mirid_s lastError_transportErrorCode_d subnetId_s backendMethod_s backendUrl_s backendResponseCode_d backendTime_d requestSize_d productId_s userId_s apimSubscriptionId_s backendProtocol_s secretProperties_attributes_enabled_b clientIp_s clientPort_s ruleSetType_s ruleSetVersion_s ruleId_s Message action_s site_s details_message_s details_data_s details_file_s details_line_s hostname_s apiId_s operationId_s apiRevision_s clientIP_s clientPort_d httpMethod_s requestQuery_s userAgent_s httpStatus_d httpVersion_s receivedBytes_d sentBytes_d timeTaken_d sslEnabled_s host_s Level_d isRequestSuccess_b location_s lastError_source_s lastError_reason_s lastError_message_s lastError_section_s method_s url_s responseCode_d responseSize_d cache_s clientProtocol_s lastError_elapsed_d clientTime_d matchedConnections_d systemId_g vnetResourceGuid_g subnetPrefix_s macAddress_s primaryIPv4Address_s ruleName_s direction_s type_s instanceId_s healthyHostCount_d unHealthyHostCount_d requestCount_d latency_d failedRequestCount_d throughput_d priority_d conditions_protocols_s conditions_sourcePortRange_s conditions_destinationPortRange_s conditions_destinationIP_s conditions_sourceIP_s conditions_None_s trustedService_s CorrelationId identity_claim_http_schemas_microsoft_com_identity_claims_scope_s isAccessPolicyMatch_b certificateProperties_attributes_enabled_b certificatePolicyProperties_certificateProperties_subject_s certificatePolicyProperties_certificateProperties_validityInMonths_d certificatePolicyProperties_keyProperties_type_s certificatePolicyProperties_keyProperties_size_d certificatePolicyProperties_keyProperties_reuse_b certificatePolicyProperties_keyProperties_export_b certificatePolicyProperties_certificateIssuerProperties_name_s certificateEnrollmentProperties_id_s certificateEnrollmentProperties_certificateProperties_subject_s certificateEnrollmentProperties_certificateProperties_sha1_s certificateEnrollmentProperties_certificateProperties_sha256_s certificateEnrollmentProperties_certificateProperties_nbf_t certificateEnrollmentProperties_certificateProperties_exp_t certificateEnrollmentProperties_keyProperties_size_d certificateEnrollmentProperties_keyProperties_type_s certificateEnrollmentProperties_secretProperties_type_s certificateEnrollmentProperties_attributes_created_d certificateEnrollmentProperties_attributes_enabled_b certificateEnrollmentProperties_attributes_updated_d ResultDescription keyProperties_type_s keyProperties_size_d secretProperties_type_s certificateProperties_subject_s certificateProperties_sha1_s certificateProperties_sha256_s certificateProperties_nbf_t certificateProperties_exp_t Category OperationName ResultType CallerIPAddress identity_claim_http_schemas_microsoft_com_identity_claims_objectidentifier_g identity_claim_http_schemas_xmlsoap_org_ws_2005_05_identity_claims_upn_s identity_claim_appid_g id_s clientInfo_s requestUri_s httpStatusCode_d vaultProperties_s ResourceId OperationVersion ResultSignature DurationMs SubscriptionId ResourceGroup ResourceProvider Resource ResourceType Type _ResourceId
If you want specific logs according to your application. You can use <log-to-eventhub/> in apim policy in the endpoint level / api level / product level.
Please see below link to know moer about this policy.
https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/api-management/api-management-log-to-eventhub-sample.md
In policy, you will get all the request and response objects from context object.
Please see the link to know more about Context variables.
https://learn.microsoft.com/en-us/azure/api-management/api-management-policy-expressions#ContextVariables
For headers, you can lookup the dictionary object context.Request.Header
Related
Bonjour !
I want to use Update-MgPrivilegedAccessResourceRoleSetting cmdlet, from the Microsoft.Graph PowerShell module, in my Azure portal.
I want to update some settings of my PIM role (for example MfaRule or ExpirationRule)
But I obtain this error :
{"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
What is this URL ??
In the debug log (I can't copy/paste the .jpg here), I have :
DEBUG: [CmdletBeginProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting begin processing with parameterSet 'UpdateExpanded'.
DEBUG: [Authentication]: - AuthType: 'Delegated', AuthProviderType: 'InteractiveAuthenticationProvider', ContextScope: 'CurrentUser', AppName: 'Microsoft Graph PowerShell'.
DEBUG: [Authentication]: - Scopes: [Application.ReadWrite.All, DelegatedPermissionGrant.ReadWrite.All, Directory.Read.All, Domain.Read.All, Group.Read.All, openid, Policy.Read.All, Policy.Read.ConditionalAccess, Policy.ReadWrite.ConditionalAccess, PrivilegedAccess.Read.AzureAD, PrivilegedAccess.Read.AzureADGroup, PrivilegedAccess.Read.AzureResources, PrivilegedAccess.ReadWrite.AzureResources, profile, RoleAssignmentSchedule.Read.Directory, RoleEligibilitySchedule.Read.Directory, RoleEligibilitySchedule.ReadWrite.Directory, RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory, User.Read, User.ReadWrite.All, email].
DEBUG: ============================ HTTP REQUEST ============================
HTTP Method:
PATCH
Absolute Uri:
https://graph.microsoft.com/beta/privilegedAccess/azureResources/resources/********-****-****-****-************/roleSettings/********-****-****-****-************
Headers:
FeatureFlag : 00000047
Cache-Control : no-store, no-cache
SdkVersion : graph-powershell/1.18.0,Graph-dotnet-1.25.1
User-Agent : Mozilla/5.0,(Windows NT 10.0; Microsoft Windows 10.0.22621; fr-CA),PowerShell/7.3.1
Accept-Encoding : gzip
Body:
{}
DEBUG: ============================ HTTP RESPONSE ============================
Status Code:
NotFound
Headers:
Transfer-Encoding : chunked
Vary : Accept-Encoding
Strict-Transport-Security : max-age=31536000
request-id : 5fb90750-367b-4976-8913-659c5b5863ba
client-request-id : 5fb90750-367b-4976-8913-659c5b5863ba
x-ms-ags-diagnostic : {"ServerInfo":{"DataCenter":"Canada East","Slice":"E","Ring":"2","ScaleUnit":"002","RoleInstance":"QB1PEPF00001038"}}
Date : Fri, 16 Dec 2022 21:00:48 GMT
Body:
{
"error": {
"code": "UnknownError",
"message": "{\"message\":\"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'.\"}",
"innerError": {
"date": "2022-12-16T21:00:48",
"request-id": "5fb90750-367b-4976-8913-659c5b5863ba",
"client-request-id": "5fb90750-367b-4976-8913-659c5b5863ba"
}
}
}
Update-MgPrivilegedAccessResourceRoleSetting_UpdateExpanded:
Line |
20 | … Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedA …
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| {"message":"No HTTP resource was found that matches the request URI 'https://api.azrbac.mspim.azure.com/api/v2/governanceResources('********-****-****-****-************')/roleSettings('********-****-****-****-************')?'."}
DEBUG: [CmdletEndProcessing]: - Update-MgPrivilegedAccessResourceRoleSetting end processing.
The first Id is always the rigth resource id, and the second the rolesettings id
My exact command is :
Update-MgPrivilegedAccessResourceRoleSetting -PrivilegedAccessId azureResources -GovernanceResourceId $RoleSetting.ResourceId -GovernanceRoleSettingId $RoleSetting.Id
And I'm sure to have the right Ids for ResourceId and RoleSettingsId.
Maybe I forgot something ?
That works with AzureAD module, but I don't want to use it anymore :
Set-AzureADMSPrivilegedRoleSetting -ProviderId AzureResources -Id $RoleSetting.Id -ResourceId $RoleSetting.ResourceId -RoleDefinitionId $RoleSetting.RoleDefinitionId -UserMemberSettings $setting
Is there someone to help me ?
Microsoft documentation page is not very complete !
Thanks, a lot
Install Governance module to run Graph Powershell Cmd.
Module Name:
Import-Module Microsoft.Graph.Identity.Goverance
Follow the MS Doc here: https://learn.microsoft.com/en-us/powershell/module/microsoft.graph.identity.governance/update-mgprivilegedaccessrolesetting?view=graph-powershell-beta
FYI, I had my response (here).
I have to use this cmdlet :
Update-MgPrivilegedAccessRoleSetting
This one is not functionnal :
Update-MgPrivilegedAccessResourceRoleSetting
So, just use :
$setting = #{
UserMemberSettings = #(
#{
RuleIdentifier = "MfaRule"
Setting = '{"mfaRequired":true}'
}
)
}
Update-MgPrivilegedAccessRoleSetting -PrivilegedAccessId "azureResources" -GovernanceRoleSettingId $RoleSetting.Id -BodyParameter $setting
I'm testing a deployment of the Eclipse IoT Cloud2Edge package and have followed the instructions here https://www.eclipse.org/packages/packages/cloud2edge/tour/ to test. After creating the new tenant and device, and configuring the connection between Hono and Ditto, I can send telemetry to the new device via the Hono http adapter as shown here:
curl -i -u my-auth-id-1#my-tenant:my-password -H 'application/json' --data-binary '{
"topic": "my-tenant/org.acme:my-device-1/things/twin/commands/modify",
"headers": {},
"path": "/features/temperature/properties/value",
"value": 53
}' http://${HTTP_ADAPTER_IP}:${HTTP_ADAPTER_PORT_HTTP}/telemetry
HTTP/1.1 202 Accepted
vary: origin
content-length: 0
and expected to see this property value updated in Ditto. The updated device property value does not update in Ditto, and when I check the Ditto logs I see the following entries:
2022-02-13 20:11:35,265 INFO [] o.e.d.c.s.m.a.AmqpConsumerActor akka://ditto-cluster/system/sharding/connection/3/hono-connection-for-my-tenant/pa/$a/c1/amqpConsumerActor-0-telemetry%2Fmy-tenant-010 - Received message from AMQP 1.0 with externalMessageHeaders: {orig_adapter=hono-http, qos=0, device_id=org.acme:my-device-1, creation-time=1644783095260, message-id=ID:AMQP_NO_PREFIX:GenericSenderLink-12, content-type=application/x-www-form-urlencoded, to=telemetry/my-tenant, orig_address=/telemetry}
2022-02-13 20:11:35,271 INFO [81c41f10-4d59-435b-8ae1-bf5194dcf6bf] o.e.d.c.s.m.InboundDispatchingSink - onMapped mappedHeaders ImmutableDittoHeaders [{ditto-entity-id=thing:my-tenant:org.acme:my-device-1, ditto-inbound-payload-mapper=default, content-type=application/x-www-form-urlencoded, hono-device-id=org.acme:my-device-1, ditto-reply-target=0, ditto-expected-response-types=["response","error"], ditto-origin=hono-connection-for-my-tenant, ditto-auth-context={"type":"pre-authenticated-connection","subjects":["pre-authenticated:hono-connection"]}, correlation-id=81c41f10-4d59-435b-8ae1-bf5194dcf6bf}]
2022-02-13 20:11:35,278 INFO [b3b11410-6df8-4bfc-a940-fafa87d65be2] o.e.d.c.s.m.InboundDispatchingSink - Got exception <connectivity:connection.id.enforcement.failed> when processing external message with mapper <default>: <The configured filters could not be matched against the given target with ID 'org.acme:my-device-1'.>
2022-02-13 20:11:35,278 INFO [b3b11410-6df8-4bfc-a940-fafa87d65be2] o.e.d.c.s.m.InboundDispatchingSink - Resolved mapped headers of ImmutableDittoHeaders [{ditto-inbound-payload-mapper=default, ditto-entity-id=thing:my-tenant:org.acme:my-device-1, response-required=false, content-type=application/x-www-form-urlencoded, hono-device-id=org.acme:my-device-1, ditto-reply-target=0, ditto-expected-response-types=["response","error"], ditto-origin=hono-connection-for-my-tenant, ditto-auth-context={"type":"pre-authenticated-connection","subjects":["pre-authenticated:hono-connection"]}, correlation-id=b3b11410-6df8-4bfc-a940-fafa87d65be2}] : with HeaderMapping Optional[ImmutableHeaderMapping [mapping={hono-device-id={{ header:device_id }}, content-type={{ header:content-type }}}]] : and external headers {orig_adapter=hono-http, qos=0, device_id=org.acme:my-device-1, creation-time=1644783095260, message-id=ID:AMQP_NO_PREFIX:GenericSenderLink-12, content-type=application/x-www-form-urlencoded, to=telemetry/my-tenant, orig_address=/telemetry}
2022-02-13 20:11:35,283 INFO [] o.e.d.c.s.m.a.AmqpConsumerActor akka://ditto-cluster/system/sharding/connection/3/hono-connection-for-my-tenant/pa/$a/c1/amqpConsumerActor-0-telemetry%2Fmy-tenant-010 - Acking <ID:AMQP_NO_PREFIX:GenericSenderLink-12> with original external message headers=<{orig_adapter=hono-http, qos=0, device_id=org.acme:my-device-1, creation-time=1644783095260, message-id=ID:AMQP_NO_PREFIX:GenericSenderLink-12, content-type=application/x-www-form-urlencoded, to=telemetry/my-tenant, orig_address=/telemetry}>, isSuccess=<true>, ackType=<1 accepted>
I think the problem is the "connectivity:connection.id.enforcement.failed" error but I don't know how to troubleshoot. Any advice appreciated.
What you configured is the Connection source enforcement which makes sure that a Hono device (identified via the AMQP header device_id) may only updates the twin with the same "thing id" in Ditto.
That enforcement fails as your thingId you set in the Ditto Protocol JSON is my-tenant:org.acme:my-device-1 - the topic's first segment is the namespace, the second segment the name - combined those 2 segments become the "thing ID", see also: Protocol topic specification.
So you probably want to send the following message instead:
{
"topic": "org.acme/my-device-1/things/twin/commands/modify",
...
}
I am currently using SDK version 3.39.0 and version 0004 of the API_MKT_CONTACT service definition to create a new Contact in Marketing Cloud with the following code:
ContactOriginData contact =
ContactOriginData.builder()
.originOfContact(origin)
.originTimestamp(ZonedDateTime.now())
.externalContactID(pii.getId().toString())
.firstName(pii.getFirstName())
.lastName(pii.getLastName())
.language(pii.getLanguage())
.countryReg(pii.getRegion())
.build();
// use low level API as a work around for https://github.com/SAP/cloud-sdk/issues/156
ODataRequestUpdate contactRequest = service
.updateContactOriginData(contact)
.withHeader("Sap-Cuan-RequestTimestamp", getFormattedTime(System.currentTimeMillis()))
.withHeader("Sap-Cuan-SequenceId", "UpdatePatch")
.withHeader("Sap-Cuan-SourceSystemType", "EXT")
.withHeader("Sap-Cuan-SourceSystemId", "sdk-test")
.toRequest();
String servicePath = "/sap/opu/odata/SAP/API_MKT_CONTACT_SRV;v=0004";
ODataRequestBatch requestBatch = new ODataRequestBatch(servicePath, ODataProtocol.V2);
requestBatch.beginChangeset().addUpdate(contactRequest).endChangeset();
HttpClient httpClient = HttpClientAccessor.getHttpClient(destination);
ODataRequestResultMultipartGeneric batchResult = requestBatch.execute(httpClient);
Running this produces the following error:
{
"error": {
"code": "/IWFND/CM_MGW/096",
"message": {
"lang": "en",
"value": "PATCH requests require components to be updated"
},
"innererror": {
"application": {
"component_id": "CEC-MKT-DM-IC",
"service_namespace": "/SAP/",
"service_id": "API_MKT_CONTACT_SRV",
"service_version": "0004"
},
"transactionid": "3B63A2A6CC920630E0060492A51E7EE7",
"timestamp": "20210310210334.4378960",
"Error_Resolution": {
"SAP_Transaction": "For backend administrators: use ADT feed reader \"SAP Gateway Error Log\" or run transaction /IWFND/ERROR_LOG on SAP Gateway hub system and search for entries with the timestamp above for more details",
"SAP_Note": "See SAP Note 1797736 for error analysis (https://service.sap.com/sap/support/notes/1797736)",
"Batch_SAP_Note": "See SAP Note 1869434 for details about working with $batch (https://service.sap.com/sap/support/notes/1869434)"
},
"errordetails": []
}
}
}
However, if I execute a similar request in postman it works without issue:
Request Payload:
--batch
Content-Type: multipart/mixed; boundary=changeset
--changeset
Content-Type: application/http
Content-Transfer-Encoding: binary
PATCH ContactOriginData(ContactOrigin='<ContactOrigin>',ContactID='24D8F7F6-440D-44F8-A24B-552435477688') HTTP/1.1
Accept: application/json
Content-Type: application/json
Content-Length: 172
Sap-Cuan-RequestTimestamp: '2021-03-10T14:07:00.000'
Sap-Cuan-SequenceId: UpdatePatch
Sap-Cuan-SourceSystemType: EXT
Sap-Cuan-SourceSystemId: postman-test
{"OriginDataLastChgUTCDateTime":"/Date(1615410479885)/","EmailAddress":"samantha.cook#theoasis.com","FirstName":"Samantha","LastName":"Cook","Country":"US","Language":"EN"}
--changeset--
--batch--
Response Payload:
--1D7E85E6BC66B34E61ACF0EF3964CBD90
Content-Type: multipart/mixed; boundary=1D7E85E6BC66B34E61ACF0EF3964CBD91
Content-Length: 430
--1D7E85E6BC66B34E61ACF0EF3964CBD91
Content-Type: application/http
Content-Length: 262
content-transfer-encoding: binary
HTTP/1.1 204 No Content
Content-Length: 0
dataserviceversion: 2.0
sap-message: {"code":"HPA_STAGING_AREA/037","message":"Payload is processed via staging area. See Import Monitor for details.","target":"","severity":"info","transition":false,"details":[]}
--1D7E85E6BC66B34E61ACF0EF3964CBD91--
--1D7E85E6BC66B34E61ACF0EF3964CBD90--
I should note that I have also tried using .replacingEntity() which doesn't work either and produces a completely different error:
Inline component is not defined or not allowed (HTTP PUT)
Is there something with the SDK that I am missing or not using correctly?
Any help would be appreciated!
Cheers!
To update an entity you should get it from the service first. That is regardless whether you are using:
PATCH which will update only changed fields
or PUT which will send the full entity object
Currently you are creating a new entity object via the builder: ContactOriginData.builder(). Instead, please use the corresponding getContactOriginDataByKey() method of your service to first retrieve the entity to update from the service. Actually many services will force you to do this to ensure you are always editing the latest version of your data. This often happens via ETags which the SDK will also handle for you automatically.
You can find more information about the update strategies from the SDK on the documentaiton.
Edit:
As you pointed out in the comments the actual goal is to create an entity and the specific service in question only allows PUT and PATCH to create objects.
In that case using replacingEntity() (which translates to PUT) should already work with your code. You can make PATCH work as well by replacing the builder approach with a constructor call + setter approach.
I tried to reserve a static IP from Azure dashboard in multiple regions but no luck,
Here is the error
{
"code":"DisallowedProvider",
"message":"The operation is not permitted for namespace 'Microsoft.ClassicNetwork'.
List of permitted provider namespaces is
'84codes.CloudAMQP,
Auth0.Cloud,
Citrix.Services,
Conexlink.MyCloudIT,
Hive.Streaming,
Incapsula.Waf,
LiveArena.Broadcast,
Lombiq.DotNest,
Mailjet.Email,
Microsoft.AAD,
Microsoft.ADHybridHealthService,
Microsoft.Advisor,
Microsoft.AlertsManagement,
Microsoft.AnalysisServices,
Microsoft.ApiManagement,
Microsoft.AppConfiguration,
Microsoft.AppPlatform,
Microsoft.Attestation,
Microsoft.Authorization,
Microsoft.Automation,
Microsoft.AutonomousSystems,
Microsoft.AVS,
Microsoft.AzureActiveDirectory,
Microsoft.AzureData,
Microsoft.AzureGraph,
Microsoft.AzureStack,
Microsoft.AzureStackHCI,
Microsoft.BareMetal,
Microsoft.Batch,
Microsoft.BatchAI,
Microsoft.Billing,
Microsoft.BingMaps,
Microsoft.Blockchain,
Microsoft.Blueprint,
Microsoft.BotService,
Microsoft.Cache,
Microsoft.Capacity,
Microsoft.Cdn,
Microsoft.CertificateRegistration,
Microsoft.ChangeAnalysis,
Microsoft.ClassicInfrastructureMigrate,
Microsoft.ClassicStorage,
Microsoft.CloudTest,
Microsoft.Codespaces,
Microsoft.CognitiveServices,
Microsoft.Communication,
Microsoft.Compute,
Microsoft.Confluent,
Microsoft.ConnectedCache,
Microsoft.Consumption,
Microsoft.ContactMaster,
Microsoft.ContainerInstance,
Microsoft.ContainerRegistry,
Microsoft.ContainerService,
Microsoft.Contoso,
Microsoft.CostManagement,
Microsoft.CostManagementExports,
Microsoft.CustomerLockbox,
Microsoft.CustomProviders,
Microsoft.DataBox
Microsoft.DataBoxEdge
Microsoft.Databricks
Microsoft.DataCatalog
Microsoft.Datadog
Microsoft.DataFactory
Microsoft.DataLakeAnalytics
Microsoft.DataLakeStore
Microsoft.DataMigration
Microsoft.DataProtection
Microsoft.DataShare
Microsoft.DBforMariaDB
Microsoft.DBforMySQL
Microsoft.DBforPostgreSQL
Microsoft.DeploymentManager
Microsoft.DesktopVirtualization
Microsoft.Devices
Microsoft.DevOps
Microsoft.DevSpaces
Microsoft.DevTestLab
Microsoft.DigitalTwins
Microsoft.DocumentDB
Microsoft.DomainRegistration
Microsoft.DynamicsTelemetry
Microsoft.EnterpriseKnowledgeGraph
Microsoft.EventGrid
Microsoft.EventHub
Microsoft.Falcon
Microsoft.Features
Microsoft.Functions
Microsoft.Genomics
Microsoft.GuestConfiguration
Microsoft.HanaOnAzure
Microsoft.HardwareSecurityModules
Microsoft.HDInsight
Microsoft.HealthcareApis
Microsoft.HybridCompute
Microsoft.HybridNetwork
Microsoft.Hydra
Microsoft.Identity
Microsoft.ImportExport
Microsoft.IndustryDataLifecycle
microsoft.insights
Microsoft.IoTCentral
Microsoft.IoTSpaces
Microsoft.KeyVault
Microsoft.Kubernetes
Microsoft.KubernetesConfiguration
Microsoft.Kusto
Microsoft.LabServices
Microsoft.Logic
Microsoft.MachineLearning
Microsoft.MachineLearningServices
Microsoft.Maintenance
Microsoft.ManagedIdentity
Microsoft.ManagedServices
Microsoft.Management
Microsoft.ManagementPartner
Microsoft.Maps
Microsoft.Marketplace
Microsoft.MarketplaceApps
Microsoft.MarketplaceOrdering
Microsoft.Media
Microsoft.Migrate
Microsoft.MixedReality
Microsoft.Network
Microsoft.Notebooks
Microsoft.NotificationHubs
Microsoft.Nutanix
Microsoft.ObjectStore
Microsoft.OffAzure
Microsoft.OperationalInsights
Microsoft.OperationsManagement
Microsoft.Peering
Microsoft.PIM
Microsoft.PolicyInsights
Microsoft.Portal
Microsoft.PowerBI
Microsoft.PowerBIDedicated
Microsoft.ProjectBabylon
Microsoft.ProviderHub
Microsoft.Quantum
Microsoft.RecoveryServices
Microsoft.RedHatOpenShift
Microsoft.Relay
Microsoft.ResourceGraph
Microsoft.ResourceGraph.PPE
Microsoft.ResourceHealth
Microsoft.Resources
Microsoft.ResourcesTopology
Microsoft.ResourcesTopology.PPE
Microsoft.SaaS
Microsoft.Scheduler
Microsoft.Search
Microsoft.Security
Microsoft.SecurityGraph
Microsoft.SecurityInsights
Microsoft.SerialConsole
Microsoft.ServiceBus
Microsoft.ServiceFabric
Microsoft.ServiceFabricMesh
Microsoft.SignalRService
Microsoft.SiteRecovery
Microsoft.SoftwarePlan
Microsoft.Solutions
Microsoft.SpoolService
Microsoft.Sql
Microsoft.SqlVirtualMachine
Microsoft.Storage
Microsoft.StorageSync
Microsoft.StorSimple
Microsoft.StreamAnalytics
Microsoft.Subscription
microsoft.support
Microsoft.Synapse
Microsoft.TimeSeriesInsights
Microsoft.Token
Microsoft.VirtualMachineImages
microsoft.visualstudio
Microsoft.VMware
Microsoft.VMwareCloudSimple
Microsoft.VnfManager
Microsoft.VSOnline
Microsoft.Web
Microsoft.WindowsESU
Microsoft.WindowsIoT
Microsoft.WorkloadBuilder
Microsoft.WorkloadMonitor
Myget.PackageManagement
Paraleap.CloudMonix
Pokitdok.Platform
RavenHq.Db
Raygun.CrashReporting
Sendgrid.Email
Sparkpost.Basic
stackify.retrace
U2uconsult.TheIdentityHub
Wandisco.Fusion'."
}
The error message says it all.
The operation is not permitted for namespace 'Microsoft.ClassicNetwork'
You have to move from Classic to ARM to be able to do it.
I want to monitor and get information regarding the different instances in an Azure Virtual Machine Scale Set (VMSS).
I used the command (Python):
vmss = compute_client.virtual_machine_scale_sets.list(resource_group, scale_set_name)
But I am not able to get the result I am expecting.
Any suggestions what to do?
You can use the following code to get the ip and powerstate.
compute_client = ComputeManagementClient(credentials, subscription_id)
vmss = compute_client.virtual_machine_scale_set_vms.list(resource_group_name="", vmss="")
for item in vmss:
print("name: ", item.name)
ni_reference = item.network_profile.network_interfaces[0].id
resource_client = ResourceManagementClient(credentials, subscription_id)
nic = resource_client.resources.get_by_id(
ni_reference,
api_version='2017-12-01')
ip_reference = nic.properties['ipConfigurations'][0]['properties']
print("ip info: ", ip_reference)
instance_view = compute_client.virtual_machine_scale_set_vms.get_instance_view(resource_group_name="", vmss="", instance_id=item.instance_id)
print(instance_view.statuses[1].code)
result:
name: yangtestvmss_1
ip info: {'provisioningState': 'Succeeded', 'privateIPAddress': '10.0.0.5', 'privateIPAllocationMethod': 'Dynamic', 'subnet': {'id': '/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/yangtestvmss/providers/Microsoft.Network/virtualNetworks/yangtestvmssVnet/subnets/default'}, 'primary': True, 'privateIPAddressVersion': 'IPv4', 'isInUseWithService': False}
PowerState/running
name: yangtestvmss_3
ip info: {'provisioningState': 'Succeeded', 'privateIPAddress': '10.0.0.7', 'privateIPAllocationMethod': 'Dynamic', 'subnet': {'id': '/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/yangtestvmss/providers/Microsoft.Network/virtualNetworks/yangtestvmssVnet/subnets/default'}, 'primary': True, 'privateIPAddressVersion': 'IPv4', 'isInUseWithService': False}
PowerState/running
If you want to get the VMs information, please use the following code.
subscription_id = 'subscription Id'
credentials = ServicePrincipalCredentials(client_id=CLIENT, secret=KEY, tenant=TENANT_ID)
client = ComputeManagementClient(credentials, subscription_id)
vmss = client.virtual_machine_scale_set_vms.list("resourcegroup Name","VMSS name")
for item in vmss:
print("id:",item.id)
print("name",item.name)
Test Result:
There is a cool tool that a guy from Microsoft has been build for monitoring VMSS
see this link VMSS Dashboard
The mentioned tool helps you to see the status of VMs in the scale set: you can see the update domain and fault domain grouping of VMs. It lets you start or deallocate a VM. The code is for more than two years ago.