Is it possible to get Azure Service Bus primaryConnectionString with AZ CLI?
Input parameters:
Resource Group
Service Bus Name
Years later it's now supported. In case anyone else stumbles upon this question like me, it can be done this way:
az servicebus namespace authorization-rule keys list --resource-group myresourcegroup --namespace-name mynamespace --name RootManageSharedAccessKey --query primaryConnectionString -o tsv
For now, Azure CLI 2.0 does not support service bus. You could use az -h to check. Power Shell and Azure CLI 1.0(asm mode) support service bus now.
You could use Power Shell to get primary ConnectionString.
$CurrentRule = Get-AzureRmServiceBusNamespaceAuthorizationRule -ResourceGroup $ResGrpName -NamespaceName $Namespace -AuthorizationRuleName $AuthRule
$AuthRule=$CurrentRule.Name
(Get-AzureRmServiceBusNamespaceKey -ResourceGroup shuibus -NamespaceName shuitest -AuthorizationRuleName $AuthRule).PrimaryConnectionString
More information please refer to this link.
Update:
On a Linux VM, you could use this Rest API to automation generate connectionstring.
POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ServiceBus/namespaces/{namespaceName}/AuthorizationRules/{authorizationRuleName}/listKeys?api-version=2015-08-01
Related
Just want to know how can I get the service buses in the portal through powershell
I was able to access the app insights through this piece of script
az monitor app-insights component show | ConvertFrom-Json
Now I wish to access the service bus , app service and app service plans as well through powershell
I was using this
az monitor servicebus component show | ConvertFrom-Json
for service bus but it is not working.
You are using Azure CLI there, not the PowerShell modules.
If you want to list / show the details around the following services, then you need to use the corresponding Azure CLI commands:
ServiceBus
az servicebus namespace show --resource-group myresourcegroup --name mynamespace
Reference: https://learn.microsoft.com/en-us/cli/azure/servicebus/namespace?view=azure-cli-latest#az-servicebus-namespace-show
App Service
az webapp show --name MyWebapp --resource-group MyResourceGroup
Reference: https://learn.microsoft.com/en-us/cli/azure/webapp?view=azure-cli-latest#az-webapp-show
App Service Plans
az appservice plan show --name MyAppServicePlan --resource-group MyResourceGroup
Reference: https://learn.microsoft.com/en-us/cli/azure/appservice/plan?view=azure-cli-latest#az-appservice-plan-show
Here is the full CLI reference: https://learn.microsoft.com/en-us/cli/azure/reference-index?view=azure-cli-latest
To get service bus namespace list in your current subscription, you use below command:
az servicebus namespace list
To get the service bus queue list you below command:
az servicebus queue list --resource-group myresourcegroup --namespace-name mynamespace
If you want for topic, keep topic in place of queue in above command.
If you want to get app service plans use the below command:
az appservice plan list
Alternatively, you can use azure resource graph query like below for servicebus:
resources
| where type =~ 'microsoft.servicebus/namespaces'
You can use azure resource graph query like below to get app services:
resources
| where type == 'microsoft.web/sites'
References taken from:
https://learn.microsoft.com/en-us/cli/azure/appservice/plan?view=azure-cli-latest#az-appservice-plan-list
https://learn.microsoft.com/en-us/cli/azure/servicebus?view=azure-cli-latest
Edit:
Yes if you want apim use below query:
resources
| where type == "microsoft.apimanagement/service"
Get apim Using cli :
az account set -s "Subscription name"
$Resources = az resource list
$Resources | Where type -in "Microsoft.ApiManagement/service"
I am trying to configure my app service to use user assigned managed identity to pull image from ACR. I figured how to do it by using az cli tool.
az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name>/config/web --set properties.acrUseManagedIdentityCreds=True
az resource update --ids /subscriptions/<subscription-id>/resourceGroups/myResourceGroup/providers/Microsoft.Web/sites/<app-name>/config/web --set properties.AcrUserManagedIdentityID=$clientId
For certain resons I cannot utilize az cli in my release pipelines. My question is if it would be possible to achieve the same by using Az.Websites, looks like Set-AzWebApp doesn't support this option.
As mentioned in the docs, the current version of the Azure PowerShell cmdlets for Azure App Service do not support user-assigned identities.
You could instead try setting those properties with the Set-AzResource cmdlet.
I am trying to get the subscription keys for my products as well as default subscription key using cli. I have gone through the documentation https://learn.microsoft.com/en-us/cli/azure/apim/api?view=azure-cli-latest , but right now I don't see any commands to get me the subscription key.
While I can see there are powershell way of getting it, we run the tasks in ubuntu pipeline, and the commands listed below is not working in the linux agent. It says Set-AzContext is not a known command
$subscriptionId = "id"
$RG = "rg"
$service = "apim-name"
Set-AzContext -Subscription $subscriptionIdÂ
$apimContext = New-AzApiManagementContext -ResourceGroupName $RG -ServiceName $service
Get-AzApiManagementSubscriptionKey -Context $apimContext -SubscriptionId "master"
Update
I am able to fetch the details through powershell task for Azure in the DevOps pipeline. If there is no option in azure cli I will use this as a workaround.
Using az rest it is possible:
APIMID=`az apim show -n apimname -g resourcegroup --query id -o tsv`
az rest --method post --uri ${APIMID}/subscriptions/test-subscription/listSecrets?api-version=2021-08-01 --query primaryKey -o tsv
where test-subscription is the name of the subscription.
Currently it is not possible to fetch subscription key using AZ CLI commands. The PowerShell command used is the correct way to go. Just in case if it helps another way to get the subscription key is by using Management API call
I am trying to get list of web apps using az cli az webapp list. And when I try to get the diagnostic setting for the particular web app using az monitor diagnostic-settings list --resource-group nameRG --resource id. I dont get any information and logs and diagnostic settings are enabled for app services. I am not sure what i am doing wrong.
I am just trying to get the list of diagnostic settings for a resource. If you know better way please mention it.
Thanks
Usage:
az monitor diagnostic-settings list --resource Name --resource-group RGName --resource-type Microsoft.Web/sites
Or:
az monitor diagnostic-settings list --resource ID
Make sure the resource id correct like this format:
/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
You could get the resource id by this command:
az webapp show --name MyWebapp --resource-group MyResourceGroup
I get an ERROR: The request did not have a subscription or a valid tenant level resource provider. when trying to create a service principal via the azure cli under the scope of an Azure Iot Hub. I'm using the CLI (bash) but python would be sufficient, too.
As shown at end, i have correct credentials & rights to create sp's in this subscription, and i have owner rights to the iot hub in question.
In case i'm missing a better way to accomplish this, here is the context: We need to authenticate a job that automates the registration of new devices immediately after they are flashed, before they are shipped off to be plugged in. This does many things to customize the flashed filesystem (add unique device hostname & local passwords, for instance); and finally it needs to register the device with IotHub.
az iot hub device-identity create --device-id [device id] --hub-name [hub name] --edge-enabled
With my user permissions, i can az login and accomplish all of this - but it needs to run in an automated job with no interactive login. I believe service principal is the way to accomplish this (?).
Thus, attempting to create the principal I run:
# the following pulls a valid(looking) `"/subscriptions/NAME/resourceGroups/THEGROUP/providers/Microsoft.Devices/IotHubs/THEHUB"`
IOTHUB_ID="$(az iot hub show --name TheHubName --query id)
az ad sp create-for-rbac --name http://my-iothub-serviceprincipal --scopes $IOTHUB_ID --role contributor --query password --output tsv
which fails with the following as above (Note: contributor is too broad, will be a custom-role later):
WARNING: Role assignment creation failed.
ERROR: The request did not have a subscription or a valid tenant level resource provider.
as a test to ensure i have the right az login and other local state, the following analogous command for an Azure ACR scope does succeed, with a new service principal visible in the portal.
ACR_ID="$(az iot hub show --name TheAcrName --query id)
az ad sp create-for-rbac --name http://acr-service-principal-foobar --scopes $ACR_ID --role acrpull --query password --output tsv
This was caused by a bug in the azure CLI. az iot hub show is returning an improperly quoted string; az acr show for example does not.
az iot hub show --name your-iothub-name --query id returns a string like the following. both quotes " are in the original
'"/subscriptions/guid/.../IotHubs/your-iothub-name"'
az acr show --name your-acr-name --query id returns the same format string, but without the extra ' quoting.
"/subscriptions/.../registries/your-acr-name"
az iot hub device-identity create cannot deal with the '"..."' (understandable) but unfortunately doesn't fail cleanly, making this a bit difficult to track down as quoting blends in a bit for script output.