Is there a way to create or access an existing Azure AD Group using Azure Bicep. The scenario is that I want to create an Azure SQL Database, but in order to do so I need to create a server first. I want to create the server with an AD group as an administrator so I don't have passwords/secrets to manage. I also want to use managed identities for access.
Is there a way to get the group name and sid? When I create a resource in bicep (i.e. resource sqlAdminGroup...) and search for 'group', I don't see a
Here is my bicep code:
resource sqlServer 'Microsoft.Sql/servers#2022-02-01-preview' = {
name: '${namePrefix}sqlserver1'
location: location
properties: {
administrators: {
administratorType: 'ActiveDirectory'
azureADOnlyAuthentication: true
principalType: 'Group'
login: sqlAdminGroupName
sid: sqlAdminGroupObjectId
tenantId: subscription().tenantId
}
publicNetworkAccess: 'Enabled'
restrictOutboundNetworkAccess: 'Disabled'
//subnetId: resourceId('Microsoft.Network/virtualNetworks/subnets', virtualNetworkName, subnetName)
}
identity: {
type: 'SystemAssigned'
}
}
I assume this is a common approach but I have not really found much on it when searching. I would like to create the group if it doesn't exist and get the the login (sqlAdminGroupName) and sid (sqlAdminGroupObjectId) regardless for use in the above code.
Just got mine to work, maybe this help you as well, there were 2 things that I had to change to get mine to deploy.
First, did not specify admin login or password under properties, second, the 'login' string, does not have to be the same as your actual AAD group, in my instance, the AAD group had spaces in it and was causing an error.
Here is my bicep, maybe it helps you or someone:
resource sqlServer 'Microsoft.Sql/servers#2022-02-01-preview' = {
location: location
name: 'sql${name}'
properties: {
version: '12.0'
administrators: {
administratorType: 'ActiveDirectory'
principalType: 'Group'
login: 'MyFunkyAdminGroupNameNotSameAsAAD'
sid: '0000-my-aad-group-id-0000'
tenantId: subscription().tenantId
}
}
}
Related
I'm new to Symfony and I'm trying to setup a REST API with a JSON web token authentication system.
When I'm running the server and I try to call the login route, I'm getting the following error, with a 500 Server Error response:
SQLSTATE[42P01]: Undefined table: 7 ERROR: relation "user" does not exist
I'm using a docker container to run the DB, here is the error in it:
STATEMENT: SELECT t0.id AS id_1, t0.email AS email_2, t0.roles AS roles_3, t0.password AS password_4 FROM "user" t0 WHERE t0.email = $1 LIMIT 1
ERROR: relation "user" does not exist at character 96
But I can access my database using DBeaver and execute the statement without any problem.
I'm using the following security.yml configuration (default values as much as possible):
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface: "auto"
providers:
app_user_provider:
entity:
class: App\Entity\User
property: email
firewalls:
dev:
pattern: ^/(_(profiler|wdt)|css|images|js)/
security: false
main:
lazy: true
provider: app_user_provider
json_login:
check_path: api_login
username_path: email
password_path: password
access_control:
# - { path: ^/admin, roles: ROLE_ADMIN }
# - { path: ^/profile, roles: ROLE_USER }
when#test:
security:
password_hashers:
Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface:
algorithm: auto
cost: 4 # Lowest possible value for bcrypt
time_cost: 3 # Lowest possible value for argon
memory_cost: 10 # Lowest possible value for argon
I have followed the official doc about Security setup and JSON Login. Here are my User and ApiLoginController:
<?php
namespace App\Entity;
use App\Repository\UserRepository;
use Doctrine\ORM\Mapping as ORM;
use Symfony\Component\Security\Core\User\PasswordAuthenticatedUserInterface;
use Symfony\Component\Security\Core\User\UserInterface;
#[ORM\Entity(repositoryClass: UserRepository::class)]
#[ORM\Table(name: '`user`')]
class User implements UserInterface, PasswordAuthenticatedUserInterface
{
// ... Code left untouched here ...
}
<?php
namespace App\Controller;
use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Routing\Annotation\Route;
class ApiLoginController extends AbstractController
{
#[Route('/api/login', name: 'api_login')]
public function index(): JsonResponse
{
return $this->json([
'message' => 'Welcome to your new controller!',
'path' => 'src/Controller/ApiLoginController.php',
]);
}
}
I have read about the "user" (with quotes) table name can be a problem with Postgres, but the issue is still here even using another name.
More infos:
Windows 10 or Linux Manjaro (tested on both)
Symfony version - 6.0
Doctrine Bundle version - 2.7
PHP version - 8.1.8
Docker image - postgres:13-alpine
Reproductible repo: https://github.com/Clm-Roig/symfony6-setup-issue
I recommend you not to implement your own implementation for the use of jwts but to use for example an already existing and already established implementation.
The contribution of the Symfony documentation covers only the part of an authentication, but not the generation of the actual JWT. Especially the validation of the JWT is mandatory if you want to use the JWT for stateless authentication.
It doesn't solve your actual problem for now, but I strongly recommend you to think about using an appropriate bundle that generates the JWTs and takes care of the authentication.
Maybe this is a good bundle: https://github.com/lexik/LexikJWTAuthenticationBundle
I am trying to save a root Object (MyDocument) into a mongoDB with authentication enabled and a ReplicaSet consisting of 3 Nodes (as inserted into mongoUrls)
With this call:
(VOMongoRepository
mongoUrls: {'127.0.0.1:27017' . '127.0.0.1:27018' . '127.0.0.1:27019'}
database: 'myDB'
username: 'myUser'
password: 'myPass') enableReplication
I receive a VOMongoConnectionError without any deeper information.
Trying the same with this:
VOMongoRepository
mongoUrls: {'myUser:myPass#127.0.0.1:27017/?replicaSet=myRepl' }
database: 'myDB'
I then receive a VOMongoError "not authorized for Query on myDB.MyDocument"
The credentials are double checked with mongo client and Compass, also the read/write permissions (actually the role is dbOwner).
Interestingly my testDocumentLifeCycle is able to create the object and to send a message to save, that returns without signaling an error, although it does not create the document in MongoDB. But the selectOne: is then returning the VOMongoError:
| doc |
MyDocument new
identity: 'me#there.com';
save.
user := MyDocument selectOne: [ :each | each identity = 'me#there.com'].
Just to mention: the above test for MyDocument class did work with a standalone mongod without authentication enabled. The only thing changed is the repository.
So what am I doing wrong?
Actually there is a bug in the replicaSet part of VoyageMongo. It is not using the credentials provided. It has been posted at https://github.com/pharo-nosql/voyage/issues/104
I use codeship for build my app with following config file. everything is fine before I use one controller to retrieve data from a view "virtual table". From my local, the code is fine. but during codeship build process, error report that Table 'test.testview' doesn't exist. any way I can use sails-mysql adapter to create the virtal table in codeship build process?
module.exports.connections = {
codeshipDb: {
adapter: 'sails-mysql',
host: '127.0.0.1',
user: 'root',
password: 'test',
database: 'test'
},
}
I had issues correctly configuring my couchbase adapter in sails-js. I am using the sails-cbes adapter. The documentation fails to mention the key to use. For any who might struggle as I did, below is my configuration file:
{
...
//couchbase
cb: {
adapter: 'sails-cbes',
host: 'localhost',
port: 8091,
user: 'user',
pass: 'password',
bucket: {
name: 'bucket',
pass: 'bucketPassword'
}
}
},
...
Assuming that by 'key' you refer to the 'password' fields:
The first password is the one you set up in the dialogue the first time you log in to https://localhost:8091.
The bucket is not being created automatically so you would have to do that manually in couchbase. Then you have the option to set a password for the bucket itself, but the default is just empty string. Elasticsearch indexing is automated as long as you declare the mapping in the model.
The configuration file should be in sails-project/config/connections.js and it should look something like this:
sailsCbes: {
adapter: 'sails-cbes',
cb: { ... },
es: { ... }
}
You can try it out by creating a model within sails that uses this connection.
As for the dependencies, you need to install couchbase and elasticsearch yourself, then from the sails-cbes folder do a sudo npm install and you should be good to go. For test dependencies, run npm install inside the test folder.
Hope this helps
I think you don't understand how sailsjs adapter works.
Please spend some time and read the documentation of sailsjs, specially the connections configuration (adapters)
http://sailsjs.org/#!/documentation/reference/sails.config/sails.config.connections.html
I am trying to connect my SailsJS app to a postgres db that has another schema aside from 'public'
The schema name of the postgres DB that I am connecting to is 'sales'
Where am I am going wrong?
Thank you!
connection: 'postgres',
tableName: 'user__c',
meta: {
schemaName: 'sales'
},
attributes: {
name: {
type: 'string'
},
picture_url: {
type: 'string'
}
}
It's been so long but still, this is still an issue with waterline-sequel (0.5.0) in the latest version of Sails (0.11.x), and it has not been resolved so far.
The meta.schemaName is present in the code, but it's currently for the decorative purposes (orphaned). :)
Based on what you have written, nothing is wrong with the form and structure of your model definition.
Please include more information if you continue to receive an error.