Az cli to reset the service principal without overwriting - azure-devops

Through az cli I am getting "Insufficient privileges to complete the operation"
while trying to append the service principal without overwriting where as through azure portal I can append new secret. Is the below command correct?
az ad sp credential reset --display-name --id xxxxxxxxxxxxxx --append --years 1
Insufficient privileges to complete the operation

The error "Insufficient privileges to complete the operation" usually occurs if you don't have sufficient roles or permissions to perform the operation.
I tried to reproduce the same in my environment and got below results:
I have one service principal with one existing secret named new like below:
I used below CLI command to connect my Azure account:
az login --allow-no-subscriptions --only-show-errors
Response:
When I ran same command as you to add secret, I got same error as you like below:
az ad sp credential reset --display-name --id xxxxxxxxxxxxxx --append --years 1
To resolve the error, I assigned Application Administrator role to the user like below:
Now, I logged in with above user credentials again and ran below modified command to add secret:
az ad app credential reset --display-name secret --id <appID> --append --years 1
Response:
To confirm that, I checked the same in Portal where I can see both old and new secrets successfully like below:
In your case, check how you are signing to your account from CLI and make sure to have proper directory role like Application Administrator to add secret in application.

Related

GCP Cloud SQL, accidentally granted perms from IAM account to Postgres account, now locked out

Ran this while trying to manage some permissions with Cloud SQL IAM users:
GRANT "****#*****.iam" to postgres;
Now it appears that my postgres account is an IAM user in the DB. And I can't change it back because I can't log in with my original postgres user password. This was also my only superuser account, so I can't get the proper access to change anything back. GCP dashboard also does not let me modify the password because now it's a "System User". Very strange... how do I resolve this?
Tried logging in with the IAM role that I granted to postgres, that does not work... Not sure what to do beyond file a support ticket with GCP

After resetting the sonarqube admin password, I am still unable to login as admin despited password being updated in the database

I have a sonarqube instance running in a Kubernetes cluster, connected to postgres rds database. I'm trying to reset the admin password after Keycloak realm change disabled OIDC authentication and now I cannot log in to the instance. Running version 8.9.7.52159 CE, I followed the docs (https://docs.sonarqube.org/8.9/instance-administration/security/) and reset the password via sql query.
I checked the admin user in the database and user has been updated, But when attempting to login via admin username and admin password I get error authentication failed.
Checking logs of pod I can see following errors after realm change:
Caused by: com.nimbusds.oauth2.sdk.GeneralException: The returned issuer doesn't match the expected: https:/keycloak-realm-url
WARN [o.s.s.a.AuthenticationError] Fail to initialize authentication with provider 'oidc'
I can't login to the instance to modify security settings/realm etc. Any ideas why the password reset for admin user isn't working and how can I resolve. Thanks

How to login pgadmin azure active directory role without genrate access token?

I created azure active directory admin and give role to pgadmin by using access token I everytime I need to access token whenever I log in but I didnot want to generate access token I want to access role to login postgre by using my own created password what should I do?

Is it a kind of Microsoft Azure bug for adding pgaudit Azure postgresql?

I am trying to setup pgaudit structure in Azure PostgreSql for pgaudit log I fallowed instuction of microsoft by using below link.
https://learn.microsoft.com/en-us/azure/postgresql/concepts-audit. But I can not see anything when I run
AzureDiagnostics
| where ResourceProvider =="MICROSOFT.DBFORPOSTGRESQL"
| where Category == "PostgreSQLLogs"
| where Message contains "AUDIT:"
When I read some article ;
It needs that In Azure Database for PostgreSQL, pgaudit.log cannot be set using a - (minus) sign shortcut as described in the pgAudit documentation. All required statement classes (READ, WRITE etc) should be individually specified.But in Azure PostGre, You need to be superuser make pgaudit got permission with READ,WRITE.
But ;
Now when i try to create SUPERUSER , by giving the command
CREATE USER TESTER SUPERUSER; ---> it gives me error saying
must be superuser to create superuser
THat's the point? How can I give pgAudit rights and how can I see audit logs in Azure.I applied above instructions but I can not see audilts log in Kusto queries results? Why?
By default, when a server is created we have the following 3 roles defined, which you can also see when you run SELECT rolname FROM pg_roles; –
azure_pg_admin
azure_superuser
server admin login – the admin login the user created the server with – which by default is a member of azure_pg_admin.
My roles in Azure :
List of roles
Role name | Attributes | Member of
-----------------+------------------------------------------------------------+------------------
azure_pg_admin | Cannot login | {}
azure_superuser | Superuser, Create role, Create DB, Replication, Bypass RLS | {}
my_admin | Create role, Create DB | {azure_pg_admin}
my_db | Create role, Create DB | {azure_pg_admin}
You can configure pgaudit.log using Azure CLI with the command az postgres server configuration set -g {resource group} -s {server name} -n "pgaudit.log" --value "read, write" this will log all reads and writes.

Azure_superuser account password for Postgresql database on Azure

I have provisioned Azure Database for Postgresql, I'm trying to execute copy command in c# Azure function to load data from csv file to the database.
It throws an error saying ERROR: must be superuser to COPY to or from a file
The question is how do I use the user Azure_superuser, where do I get password for this account. This account is automatically created while setting up the PostgreSQL on Azure.
Because this is a PaaS service, you will not have access to the Super User account. You will have access to the Admin account:Azure PostgreSQL Server Admin Document