I am working on creating a flow where I get JSON data from a rest api authenticating with the managed identity of my ADF instance and copy the data to a Kusto cluster. To do this, I am following the instructions here: https://learn.microsoft.com/en-us/azure/data-factory/connector-http?tabs=data-factory
However, when I go to create a linked service I do not see any way to authenticate against the API using my managed identity: http linked service auth options
I was expecting something like the options given in the Web task in ADF, where I am allowed to selected managed identities:web task auth options
HTTP connector supports only Anonymous, Basic, Digest, Windows, and ClientCertificate as authentication types. To use Managed Identity authentication type, you can use Rest linked service.
Search for REST in the available list of linked service and select REST connector.
You can select Managed Identity as auth type.
Reference: MS doc on Data Fcatory - REST connector.
Related
Close proxy API access
Hi community,
Grafana 8.2.5
We have a Grafana system 8.2.5. He had a security audit, where the API access is criticized.
We have enabled an anonymous acess for users without login.
[auth.anonymous]
enabled =true
org_name = IT.NRW
org_role = Viewer
When I try to access the Grafana like:
curl http://<fqdn>:3000/api/datasources -> {"message":"Permission denied"}
curl http://admin:<password>#<fqdn>:3000/api/datasources -> a valid json object with the datasource etc....
But the security audit found also the access to the datasource proxy? API.
curl http://<fqdn>:3000/api/datasources/proxy/3/query?db=<db>\&q=SELECT+*+FROM+<ts>\&epoch=ms
So I can query with or without credentials ALWAYS the API.
Security audit: a Denial of Service (DoS) is possible, maybe some SQL injection.
I don't want discuss this topic here.
I have to close the access through the API. At least from other network segments.
Any hints?
Thanks in advance.
I'm a grafana beginner!
I do not complain, the security audit listed the two topics (DoS/SQL injection).
I didn't found any configuration possibilities (grafana.ini) about closing the proxy API interface (only data_source_whitelist-ing).
So, I added some rules into the NGIX config in front of the grafana server to
forbid the proxy API access -> throw 40x error.
Now the web UI is not able anymore to fetch and render the data in the UI.
My conclusion:
the grafana architecture define: the proxy API will be used by the web UIs.
with or without credentials: a user can fire a query (DoS) using the proxy API
with or without credentials: the query is pass through the proxy API to the datasource, potential sql injection is possible
I am using a Logic App for which I need to create a custom connector. This connector depends on a web service, for which I am trying to add using wsdl definition.
Now If I provide the url, it needs authentication, which I am not able to provide via this UI. I can see the parameters can be provided while using it in the logic app. However it fails to pull the services and hence not creating the definition for the connector
I tried downloading the wsdl and adding here as a file, but the schema have xs import tags, because of which its failing again. And as per this answer, I can not replace it with actual schema.
<xs:import namespace="http://some.name/" schemaLocation="./path/to/it.xsd"/>
Is there a way that I do not need to provide the custom connector definition manually and make it work using wsdl, as it contains a lot of endpoints and it would be too much to add all actions and triggers manually. Plus it would be also reference for me if needed in future for such scenario
You may try this if the services are accessible over the internet, then you call service endpoint over HTTP or HTTPS from azure logic apps. This article will help you with details steps to be followed: https://learn.microsoft.com/en-us/azure/connectors/connectors-native-http
If it is not accessible over the internet then this article will help with step by step process: https://learn.microsoft.com/en-us/azure/logic-apps/logic-apps-gateway-connection
Before you can access data sources on premises from your logic apps, you need to create an Azure resource after you install the on-premises data gateway on a local computer. Your logic apps then use this Azure gateway resource in the triggers and actions provided by the on-premises connectors that are available for Azure Logic Apps.
Also check this
I'd like to use some of the more advanced features of the REST Dataset in Azure Data Factory (mainly pagination), but I can't see where to use Certificate Authentication. I have an HTTP Dataset working well with Certificate Authentication, but the only options seem to be:
Anonymous
Basic
AAD Service Principal
Managed Identity
Is there some way to use the AAD Service Principal or Managed Identity with a certificate? Maybe I can do this using the Advanced settings?
The docs say that the HTTP connector is "less functional comparing to REST connector" but this seems to be a pretty big omission from the REST version.
Is there some way to use the AAD Service Principal or Managed Identity
with a certificate? Maybe I can do this using the Advanced settings?
SP and MI can't be applied for the certificate authentication, for AAD instead. please refer to this simple blog.
Based on the REST Connector document,it only supports above 4 types of authenticate options. If you want to carry certificate with request,please use HTTP connector.
I am trying to test an implementation of aws apigateway on an existing webapplication's REST endpoint on aws. This endpoint is for bulk updates using POST/PATCH methods
Looking into the vast and lengthy documentation on AWS site, it talk about IAM roles for authentication.
Any high-level tips on implementing API gateways will be appreciated, to get started.
Choosing IAM Role in Authorization and also Choosing Other Authorizers (Lambda or Cognito) are also optional.
Do simple Steps and you are ready.
Create an API.
Goto Resources>>Actions>>create Method (POST/PATCH).
Integration Type Choose HTTP and enter your endpoint Url
Resources >> Action >> Deploy API
It will deploy apigateway application and provide you Endpoint url to use.
Again:
Choosing Models, API Keys, Client Certificates, Custom Domain, Authorizers and VPC setup all are optional.
Its simple and easy.
In Amazon cloud API there is the possibility to get identity data, meaning data from the running instance - on which region it is, dns ....
is there the same option in Azure? as I am creating management system in which the server is installed on a virtual machine and I need to know to which region it is related, all this using REST API
In Azure you can use Azure API Management REST API to get all sort of information for Azure:
ex:
Lists all of the resources in a subscription:
https://management.azure.com/subscriptions/{subscription-id}/resources?$top={top}$skiptoken={skiptoken}&$filter={filter}&api-version={api-version}
For the complete documentation look at this page here:
https://msdn.microsoft.com/en-us/library/azure/dn776326.aspx
You can do similar things using Powershell scripts as well.