I imported my existing azurerm_linux_virtual_machine in terraform state file and notice that now terraform plan is removing the identity block. Then I added the identity block in my terraform code with attributes plan was removing
identity {
identity_ids = []
principal_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
tenant_id = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
type = "SystemAssigned"
}
and now its complaining
Error: Value for unconfigurable attribute
Can't configure a value for "identity.principal_id": its value will be decided automatically based on the result of applying this configuration.
Error: Value for unconfigurable attribute
Can't configure a value for "identity.tenant_id": its value will be decided automatically based on the result of applying this configuration.
Can someone please help? I also tried with different type like "UserAssigned" but that is not helping either.
The meaning of these messages is that those two attributes of the identity object type are chosen by the provider rather than being chosen by you in the configuration. Providers typically declare attributes in this way if they are something that the remote API decides in its response, rather than something the client decides in the request.
If your goal is to make the configuration match the object you imported into the state then you need only to set the attributes that are considered by the provider to be arguments chosen in the configuration, which in this case seems to be just identity_ids and type and so you could write the following:
identity {
identity_ids = []
type = "SystemAssigned"
}
As part of the producing the plan, Terraform will try to merge the arguments you specified in the configuration with the attributes already in the state and so should therefore be able to produce an identity object that matches the one already in the Terraform state, and thus avoid proposing to make a change.
Related
I work on a GET REST API in which a query string parameter may be configured to have a default value if not provided. For example, if the parameter name is active and the possible values are true and false, the administrator of the API has two options:
Option 1: They can specify a default value for active such that a request which lacks an active parameter assumes the default value. For instance, if the default value is true then requesting www.example.com/api is identical to www.example.com/api?active=true.
Option 2: They can not specify a default value for active such that www.example.com/api means "active-ness" has no effect on the API return. Of course, the client may request active=true or active=false if they see fit.
Now the requirement is that in an Option 1 configuration, the client should be able to specify they want to negate the default value and make the API behave as if it were configured like Option 2.
So the requirement is:
Request
Behavior
www.example.com/api
active understood to be the configured default, true
www.example.com/api?active=true
active understood to be true
www.example.com/api?active=false
active understood to be false
www.example.com/api?[something]
active not considered
In order to implement the last row, I considered passing some special value like active=none, but the API is good about validating input types, and I'm reluctant to pollute the semantics with an invalid value.
My best idea is that the empty String, www.example.com/api?active= is the best idea. Whether or not the deployed API is configured with Option 1 or 2, the empty String means "'active-ness should not effect the returned results".
Has anyone else faced a similar problem? Do you have a better idea?
We have a scenario where the same kind of flow is applicable for multiple scenarios. Hence, instead of creating linked services / datasets for every scenario, I am trying to have a generic linked service/dataset so that they can be reused by passing different parameters.
I have a Blob linked service where I parameterized the storage account name. Tested the linked service with a parameter and it is working fine. Now, I create a dataset with this linked service and provide a parameter for the storage account name in the dataset. When I try to test the dataset and provide the same input parameter, I get the below error :
{
"errorCode": "2200",
"message": "ErrorCode=UserErrorInvalidCredential,'Type=Microsoft.DataTransfer.Common.Shared.HybridDeliveryException,
Message=**Failed to validate the signature because the content is tampered**,
the expect context is '{\"DefaultEndpointsProtocol\":\"https\",\"AccountName\":\"xxxx\"}'
and the runtime context is '{\"DefaultEndpointsProtocol\":\"https\",\"AccountName\":\"#body('Generic Passthrough CopyComposeRuntimeVariables')?.GenericBlobDatasetxxxx.DatasetStorageAccountName\"}'.,Source=diawp,'",
"failureType": "UserError",
"target": "Generic Passthrough Copy",
"details": []
}
Any pointers to solve the above issue would be helpful.
The customized dynamic content of the linked server only works at the first time. When you create a dataset with this linked service, it means that the linked server will be published again, then the dynamic content will be overwritten by the default content.
You can check the changes in linked service settings on Portal:
What I am trying to achieve
Protect a resource in Keycloak with policy like:
if (resource.status == 'draft') $evaluation.grant();
else $evaluation.deny();
Going by their official documents and mailing list responses, it seems attribute based access control is possible, however, I could not find a way of getting it to work.
What I have tried
Using Authorization Services: I was unable to figure out where and how I can inject the attributes from the resource instance.
Using Authorization Context: I was hoping to get the policies associated with a resource and a scope so that I could evaluate them my self.
So far, I have managed to get no where with both approaches. To be honest, I have been overwhelmed by the terminology used in the Authorization services.
Question
How can I use attributes of a resource instance while defining a policy in keycloak?
I solved this problem in Keycloak 4.3 by creating a JavaScript policy because Attribute policies don't exist (yet). Here is an example of the code I got working (note that the attribute values are a list, so you have to compare against the first item in the list):
var permission = $evaluation.getPermission();
var resource = permission.getResource();
var attributes = resource.getAttributes();
if (attributes.status !== null && attributes.status[0] == "draft") {
$evaluation.grant();
} else {
$evaluation.deny();
}
Currently there is no way to do what you are looking to do. ResourceRepresentation class only has (id, name, uri, type, iconUri, owner) fields. So you can use owner to determine ownership per Keycloak example. I've seen a thread that talks about adding additional resource attributes, but haven't seen a Keycloak JIRA for it.
Perhaps you could use Contextual Attributes in some way by setting what you need at runtime and writing a Policy around it.
var context = $evaluation.getContext();
var attributes = context.getAttributes();
var fooValue = attributes.getValue("fooAttribute");
if (fooValue.equals("something"))
{
$evaluation.grant();
}
As for tracking in AEM I am using CQ_Analytics for a scenario. We have a requirement like, I have to capture a value called "sort type" which is on the page when a user clicks on a button on that page and store it in ClientContext. I have written the below Javascript function which accepts a name argument. Using some code I am able to get hold of sort type value and passing it to the below function. Now my query is, how do I validate whether the name variable is assigned to the Client Context???
I have kept an alert statement and tried checking with multiple combinations but I am unable to figure out what is the correct way to conclude that my name value has been assigned to Client Context or not. Please help with my query.
function myFunction(name) {
CQ_Analytics.record({event: 'sorttype',
values: {'sortSelectedOption': name },
componentPath: '<%=resource.getResourceType()%>'
});
alert(CQ_Analytics.record.sorttype.sortSelectedOption);
}
You can see this post how to make your custom client context and how to store your data. http://blogs.adobe.com/aemtutorials/2013/07/24/customize-the-client-context/
After you create your client context, you have in the example CQ_Analytics.CustomStoreMgr.setTraitValue function that will save your parameter into client context.
I'm creating a test case for a REST API in soapUI 4.5 where I'm going to use the content from step X to make a new call in step Y.
Ideally I'd create the REST request with some parameters, say A and B, and say that these parameters should be used in the URL:
http://myapi.com/v1/stuff/A/B
Then I'd do a property transfer step and simply set values extracted from step X into A and B.
It looks as if soapUI only lets me create querystring parameters, like this:
http://myapi.com/v1/stuff?ParamA=A&ParamB=B
This works of course, but I'd like to be able to call it both ways, to verify they're both working.
Am I missing something?
I am not a soapui expert by any means, but have just worked through a very similar scenario, so this might help you out.
Part 1: Create a paramatized resource
In my service, I have a resource called stuff:
http://{host}/stuff
I create a child resource with the below values:
Resource Name: Get stuff by ID
Resource Path/Endpoint: {stuffId}
and before clicking ok, click Extract Params - this will populate the Parameters table with an entry like:
Name | Default value | Style | Location
stuffId | stuffId | TEMPLATE | RESOURCE
then click ok. You now have a resource that allows you to dynamically supply an id:
http://{host}/stuff/{id}
you would need to repeat this to create the B parameter above (or you could create A and B as two parameters to the single resource if you never call /stuff/A without also supplying B).
Part 2: Create the test case
Now in the test case, you need to retrieve A, transfer the property, and then send a request to the above resource using the property:
In the test case, create the request to retrieve the response containing A
Right click the testcase and add a Properties step. Add a property to store the value of A.
From the response in the Outline view, right click the value of A and select "Transfer to > Property", select the property you just created and hit ok
Create a new request, using the new paramatized resource created in the first part. In the place of the id, put a reference to the property which is holding the value of A in this format:
${propertyName}
I might have done something wrong, but my test initially fails on the property transfer with "Missing source property". In the Source are of the PropertyTransfer step, I needed to set the property to ResponseAsXml
Hope this helps!