I have this Worker Role which makes use of REST Management API (through https://github.com/Azure/azure-sdk-for-net), whose the most basic pre-requisite is the Subscription ID.
Is there a way to get the Subscription ID from a running (worker) role? E.g. say, through RoleEnvironment?
Sorry Gatis, there is no way to get this via any method provided by Azure*. You would need to pass this information into your role using something like the CSCFG configuration settings.
For a little more context - the subscription ID is only known at the RDFE layer. Once you are in the Fabric layer (ie. your running Worker Role) then there is no concept of a subscription ID. You can see http://blogs.msdn.com/b/kwill/archive/2011/05/05/windows-azure-role-architecture.aspx, process A and steps 1&2, for a little more info.
*If you are using AAD authentication for your Service Management API calls then you could get a list of all subscriptions for that AAD user using 'List Azure Subscriptions' - http://msdn.microsoft.com/en-us/library/azure/dn775050.aspx. With those subscriptions you could enumerate all cloud services and match the deployment ID to the deployment ID for your worker role.
Edit: Typo in first paragraph. Changed 'something like the Subscription ID' to 'something like the CSCFG configuration settings'.
Related
I'm working on an application that deploys and configures resources in Azure. This application will be run by clients and I have no way of knowing whether they'll create new subscriptions, or re-use older ones. Accordingly, I'm registering a set of Resource Providers (RPs) before trying to deploy anything.
As part of my testing, I've found all sorts of RPs that seems to be registered by default. Some of them (e.g. "Microsoft.Authorization" or "Microsoft.Portal") seem crucial to the smooth running of a subscription, so I am loath to start messing about with them. There are others that seem more cryptic (e.g. "Microsoft.Features").
Here's the full list I get when creating a new subscription in Azure today:
Microsoft.ADHybridHealthService
Microsoft.Advisor
Microsoft.AlertsManagement
Microsoft.Authorization
Microsoft.Billing
Microsoft.Cdn
Microsoft.ClassicSubscription
Microsoft.Commerce
Microsoft.Consumption
Microsoft.ContainerRegistry
Microsoft.CostManagement
Microsoft.DocumentDB
Microsoft.Features
Microsoft.GuestConfiguration
microsoft.insights (NB: it has this casing in the portal too)
Microsoft.MarketplaceOrdering
Microsoft.PolicyInsights
Microsoft.Portal
Microsoft.ResourceGraph
Microsoft.ResourceHealth
Microsoft.Resources
Microsoft.Security
Microsoft.SerialConsole
Microsoft.ServiceBus
Microsoft.Sql
Microsoft.Storage
microsoft.support (NB: another with odd casing)
Microsoft.Web
I've no idea if this is standard or can be relied upon. Does it change, for instance, depending on the type of subscription? Or where I'm based?
And which ones are needed? I'm pretty certain my subscription will continue to function without the Service Bus, but what about Billing? (I presume it won't make things free...)
To save me having to do a load of trial and error, is there a definitive, canonical list anywhere of the RPs needed for Azure to work properly? Or even just a canonical list of those included on a new subscription by default.
When ever a new Azure Subscription account is created , list of few Resource providers are available by default.
Some are Registered and some are NotRegistered
I have checked with free and pay-as-you-go Azure Subscriptions, the list of Registered Providers are different for each subscription
Ex: I can see the Microsoft.ServiceBus as Registered in Pay-as-you-go Subscription and as NotRegistered in Free Azure Subscription
In Pay-as-you-go Subscription
In Free Trial Subscription
To list out the available Resource Providers have a look at Available Resource providers
Also refer How to Enable Azure Resource Providers and Azure Resource Providers for more information
I'm trying to create an Azure Logic App that uses a connector to ACI to run a container group. I was able to get it running correctly by creating a connector in the Logic App designer in the Azure Portal. However, the designer currently only supports connectors in the same resource group as the logic app. I would like to use a single connector for logic apps in multiple resource groups, so I need to use a connector from a different resource group. Logic Apps appear to support this just fine as long as you edit the code directly instead of using the visual designer. I am able to create the connector just fine, and the app is able to connect to it, however I am not able to authorize the connector properly. When I go to the connector and attempt to authorize it, the process works fine and it says that it is connected. However, when I then try to run the Logic App, I get the following error:
"error": {
"code": "InvalidAuthenticationTokenTenant",
"message": "The access token is from the wrong issuer 'https://sts.windows.net/YYY/'. It must match the tenant 'https://sts.windows.net/XXX/' associated with this subscription. Please use the authority (URL) 'https://login.windows.net/XXX' to get the token. Note, if the subscription is transferred to another tenant there is no impact to the services, but information about new tenant could take time to propagate (up to an hour). If you just transferred your subscription and see this error message, please try back later."
}
}
XXX and YYY are two different tenant-ids. However, XXX is the tenant ID I get when I run az account show on my machine and in the Azure Cloud Shell. I only have one tenant ID and one subscription. I don't know where the other tenant ID is coming from, or how it is being used to authorize the connector when I am using the same login that is tenant ID XXX.
Is there any way I can successfully authorize the connector with my tenant ID?
We are trying to set up a Hybrid Connection from an App Service and the Azure Portal behavior is quite odd. We have done this previously from another subscription; this subscription is part of a CSP (so we can't even try doing it from the old/classic portal).
Blade prompts us to create a new resource group even though the one it defaulted to already exists. (Like it can't populate existing resource groups?)
No locations are provided when navigating to the Location pane, there's a cutoff error message:
"There are no locations available. You may not h..."
We have "owner" role on the subscription.
his subscription is part of a CSA (so we can't even try doing it from the old/classic portal).
Do you mean CSP there, as in Cloud Solution Provider? If so, the resource provider Microsoft.BizTalkServices is not yet available in CSP.
Yes, the error message and how the UI flow is handled could use some improvement.
See this for more:
https://blogs.technet.microsoft.com/hybridcloudbp/2016/06/29/list-of-azure-services-in-csp/
In the Azure CLI resource manager, we can list providers and their operations.
azure provider list
azure provider operations show Microsoft.Web/sites/*
How do we run one of the listed operations. For instance, how would we run this:
Operation : Microsoft.Web/sites/sourcecontrols/web/Read
OperationName : Get Web App's source control configuration
ProviderNamespace : Microsoft Web Apps
ResourceName : Web App Source Control
Description : Get Web App's source control configuration settings.
The purpose of azure provider operations show is to display operations that are supported by the various providers so that you can use them to create custom Role Based Access Control (RBAC) roles. They are not actual commands or endpoints that can be executed.
To create a custom RBAC role, you first create a JSON file describing the role and operations allowed by the role, then pass the file to azure role create.
More details here.. https://azure.microsoft.com/en-us/documentation/articles/role-based-access-control-manage-access-azure-cli/#create-a-custom-role
I want to be able to get the name (named when the hosted service was created) and the location (North Europe, Asia Anywere, etc) of the deployment from within a running web role. I don't want to rely on a certificate and the subscription ID.
Something like:
// Current role name. Ex: WebRole_IN_0
RoleEnvironment.CurrentRoleInstance.Id
// Deployment id of the role. Ex: 44b522f7e8b94412b046bbab08116d87
RoleEnvironment.DeploymentId
but just returning the deployment name and deployment location.
Is this possible without going through the REST api using the subscription ID and a certificate file?
No, this can't be done without using the Service Management API. Why not just put it in configuration settings? It can't change after deployment...