So, I have the resource Group name and i want to programmatically (using powershell) set the subscription to the incoming resource group.
When i do a Get-AzResourceGroup I get the ResourceId which contains the the subscription id as part of a long string /subscriptions/<subscription id here>/resourceGroups/resourcegroupname. Is there a way to extract the subscription Id from that string?
You can get your subscription ID by triggering the below. You will also need to have azure cli installed.
az account list --refresh --query "[?contains(name, 'YOUR_SUBSCRIPTION')].id"
You can also split the output from powershell.
$myinput= "/subscriptions/xxxxxx-xxxxxx-xxxxxx-xxxxx-xxxxxx/resourceGroups/resourcegroupname".Split("/")
Write-Host $myinput[2]
Related
I would like to retrieve the following attributes: "createdDateTime, extension_xxxxxx_yyyyy, identities" from AD B2C users. With Graph Explorer, I could do this with:
https://graph.microsoft.com/v1.0/users?$select=createdDateTime extension_xxxxxx_yyyyy, identities
Then, I tried the snippet generated by Graph Explorer for PowerShell
Get-MgUser -Property “createdDateTime,+ extension_xxxxxx_yyyyy,identities”
I got the following error:
Parsing OData Select and Expand failed: Syntax error: character '+' is
not valid at position 17 in 'createdDateTime, +exten ……
I removed the “+” and retried, it had no error, but all the returned fields were blank.
I am using Microsoft Graph PowerShell SDK 1.18
It is easier to use the beta version of the API
Select-MgProfile -Name "beta"
CreatedDateTime can be got directly
Identities can be got directly but it is an array
extension_xxxxxx_yyyyy is the trickiest, it is packed inside the AdditionalProperties
I am trying to configure permission in Azure DevOps using az devops cli following this answer (Assigning group permissions using to Azure DevOps CLI).
I successes update Force Push to Allow For Contributors group, using this command line:
az devops security permission update `
--id $namespaceId `
--subject $subject `
--token "$repoV2" `
--allow-bit $bit `
--merge true `
--org https://dev.azure.com/$org/
I extracted subject id by this command:
$subject = az devops security group list `
--org "https://dev.azure.com/$org/" `
--scope organization `
--subject-types vssgp `
--query "graphGroups[?#.principalName == 'ForcePush'].descriptor | [0]"
Now I want to do give Contribute (GenericContribute) to ProjectName Build Service (organization), (note: with red question mark in image). It is neither a user nor group, even thus it is under users category. How can I change permission for this using command line?
Note: It will be fine for me if the solution either az devops cli, rest api or graphs api.
Update:
Original Answer:
Refer to this official document so that we will know the namespace id:
https://learn.microsoft.com/en-us/azure/devops/organizations/security/namespace-reference?view=azure-devops
namespace id in your situation is: '2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87'
How to achieve your requirements:
Just Send API call to this:
https://dev.azure.com/<Organization Name>/_apis/AccessControlEntries/2e9eb7ed-3c0a-47d4-87c1-0ffdd275fd87
Request Method:
POST
Request Body:
{
"token": "repoV2/<Project ID>/<repo ID>/",
"merge": true,
"accessControlEntries": [
{
"descriptor": "Microsoft.TeamFoundation.ServiceIdentity;<Organization ID>:Build:<Project ID>",
"allow": 4,
"deny": 0,
"extendedInfo": {
"effectiveAllow": 4,
"effectiveDeny": 0,
"inheritedAllow": 4,
"inheritedDeny": 0
}
}
]
}
How to get the above IDs:
1, Organization ID.
I will suggest a simple method here(Of course you can try to use API to get it):
Turn on the browser, press F12 to turn on the debug mode and then go to this place:
https://dev.azure.com/<Organization Name>/
After that, search this: https://spsprodsea2.vssps.visualstudio.com/
You will get the organization ID here:
2, Project ID.
Just follows this API:
https://dev.azure.com/<Organization Name>/_apis/projects?api-version=6.0
https://learn.microsoft.com/en-us/rest/api/azure/devops/core/projects/list?view=azure-devops-rest-6.0
Just search the name in the response and you will get the ID. In this situation, the project build service account is managed via project id.
3, Repository ID.
https://dev.azure.com/<Organization Name>/<Project Name>/_apis/git/repositories?api-version=6.0
https://learn.microsoft.com/en-us/rest/api/azure/devops/git/repositories/list?view=azure-devops-rest-6.0
Search the repository name and you will get the ID.
Success on my side:
To get the organization Id dynamically you just have to retrieve the value of the System.CollectionId variable as following:
$orgId = $(System.CollectionId)
Documentation: https://learn.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#system-variables-devops-services
I just want to assign the contacts to Application's field and another field with API Powershell but I don't know how to do it. could anyone help me?
According to their API documentation, there is no 'Application' resource type. Is it a custom resource, or a field on a different type of object? (what type?)
Try installing ITGlue's PowerShell wrapper module ITGlueAPI from the gallery (or github link):
Install-Module ITGlueAPI
Import-Module ITGlueAPI
# Check out all the available commands
Get-Command -Module ITGlueAPI
# initial setup:
Add-ITGlueBaseURI -base_uri 'http://myapi.gateway.example.com'
Add-ITGlueAPIKey -ApiKey 'your-key-here'
# Play around with these kinds of "Get-" commands which exist for each resource type:
# This is a good way to see how the data is formatted, and which fields exist per resource
Get-ITGlueFlexibleAssets
Get-ITGlueContacts -organization_id 1234 -filter_first_name 'Foo' -sort 'first_name'
# To make changes, run similar "Set-" or "New-" commands with the updates in hash table format:
Set-ITGlueContacts -id 1234 -data #{
location-id = 795
location-name = "San Francisco - HQ"
field-name = "Value"
}
We are taging our AWS instances, I will like to retrieve a list of ALL our instances (ELB, S3, EC2, Security Groups) by TAG reference. for instance we consistently TAG our resources with something like this:
{ "Key": "Project",
"Value": "bananas"
},
How can we obtain trough power-shell a list of ALL our resources that contain the TAG Project value "bananas"?
I was able to get all my EC2s using the below script:
$instance = Get-EC2Instance
-Filter #( #{name='tag:Project'; values="bananas"};
#{name='instance-state-code'; values = 16} )
| Select-Object -ExpandProperty instances #Get instance ID ignoring any terminated instances
$instance | Export-CSV "C:\ec2.csv"
But I'm not sure how to obtain all my tagged resources using one script.
Check out the AWS Resource Groups Tagging API cmdlets -- these are relatively new, so you may have to update your AWS Tools for PowerShell to the latest version to be able to use them.
Example
The example below calls Get-RGTResource for the tag Key=Project, Value=Bananas, and filters the response to all ResourceARNs that were retrieved. The ResourceARN is a unique identifier for each AWS resource, and you can use these as a starting point to call out to other AWS services to get more details about each associated resource.
(Get-RGTResource -TagFilter #{Key="Project"; Values = #("bananas")}).ResourceARN
Example Output
arn:aws:ec2:us-east-1:<accountid>:instance/i-abcd1234
arn:aws:ec2:us-west-2:<accountid>:vpc/vpc-abcd1234
arn:aws:ec2:us-east-2:<accountid>:security-group/sg-abcd1234
arn:aws:elasticloadbalancing:us-east-1:<accountid>:loadbalancer/abcd1234
arn:aws:elasticmapreduce:us-east-1:<accountid>:cluster/abcd1234
Further Reading
AWS Documentation - Get-RGTResource
AWS Documentation - Amazon Resource Names (ARNs)
I have a sharepoint group that has arabic characters in the title. The site has been deleted, and I need to remove the group. When I use the GUI, I get this error message:
Error Code: 500 Internal Server Error. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
When I use stsadm -o enumgroups I get this as the group name:
<Name>Blah blah -- ????? ??????? ????????? Members</Name>
stsadm -o deletegroup -name "Blah blah -- ????? ??????? ????????? Members" -url http://myurl.com returns:
Group cannot be found.
I know the group ID, any way I can use that in my quest for deletion?
Remember that deletegroup requires the site URL as well. In this case I think you'll have to use the OM - you can use the SPGroupCollection.RemoveByID() method to do so.
I would use a console application to explore the group, (see if there is any information within it that you need to keep) and then delete it.