I'm having an issue using the databricks api 2.0
The invoke-rest method fails for the following error:
"Error 400 io.jsonwebtoken.IncorrectClaimException: Expected aud claim to be: https://management.core.windows.net/, but was:
https://management.azure.com."
I followed the instructions in the microsoft docs.
cls
$DataBrick = <DataBrickURL>
$DataBricksResourceID = <ResourceID>
$VaultName = <KeyVault>
$KeyName = <Key>
$apiEndpointUri = "https://management.azure.com"
$tenantId = <TenantID>
$applicationId = <ApplicationID>
$secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name $KeyName -AsPlainText
$RequestAccessTokenUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = "grant_type=client_credentials&client_id=$applicationId&client_secret=$encodedSecret&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
$Managementbody = "grant_type=client_credentials&client_id=$applicationId&client_secret=$encodedSecret&resource=$apiEndpointUri"
$contentType = 'application/x-www-form-urlencoded'
$AccessToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType $contentType
Write-Output $AccessToken
$ManagementToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $Managementbody -ContentType $contentType
Write-Output $Token
$apiuri = $DataBrick +"/api/2.0/clusters/get"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $AccessToken.access_token)
$headers.Add("X-Databricks-Azure-SP-Management-Token", $ManagementToken.access_token)
$headers.Add("X-Databricks-Azure-Workspace-Resource-Id", $DataBricksResourceID)
Invoke-RestMethod -Uri $apiuri -Headers $headers
AS per documentation, resource parameter (your apiEndpointUri variable) should be https://management.core.windows.net/, but you have https://management.azure.com
Based on e.g. mentioned in Question, There are following steps are happening:
Get a token from Microsoft login service for provided resource id of databircks.
Get a management Token. In your e.g., it is provided as "https://management.azure.com" which is not correct. You needs to use "https://management.core.windows.net/" which is mentioned in error response too. You can refer https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token#--api-access-for-service-principals-that-are-not-workspace-users for reference which is not for Powershell but useful enough to understand authentication flow
Using both tokens, to call Databricks APIs
In short, if you correct apiEndpointUri based on error. It should work provided other details are correct and have correct permission configured.
Related
UGH!
I'm struggling with 401 error when trying to update M365 groups sensitivity label information with Graph API and PowerShell. With Graph Explorer the beast works just fine, but with PowerShell I receive an error Invoke-RestMethod : The remote server returned an error: (401) Unauthorized. -message. Updating groups description and displayname programatically works without exceptions. Azure app registration is consented with application level grants: Group.ReadWrite.All and Directory.ReadWrite.All as mentioned in the MS documentation. Any ideas?
Code sample:
Connect-PnPOnline -Url $tenantBaseUrl -ClientId $clientId -Tenant $tenantId -Thumbprint $thumbPrint
$body=#"
{
"assignedLabels": [
{
"labelId": "$labelId"
}
]
}
"#
$AccessToken = (Get-PnPGraphAccessToken)
$headers = #{ Authorization=("Bearer " + $AccessToken)}
$uri = "https://graph.microsoft.com/beta/groups/$groupId"
$webRequest = Invoke-RestMethod –Uri $uri -Body $body –Method Patch -Headers $headers -ContentType "application/json"
Reference to MS-documentation:
https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-beta&tabs=http#example-2-apply-sensitivity-label-to-a-microsoft-365-group
It seems that app-only permission is not supported.
Setting of sensitivity labels is not available with app credentials
Token is valid. If I run the same command with same token, but only changing the body to update description and displayname it works.
$body2 = #"
{
"description": "M365 Group new desc",
"displayName": "M365 Group new displayname"
}
"#
$webRequest2 = Invoke-RestMethod –Uri $uri -Body $body2 –Method Patch -Headers $headers -ContentType "application/json"
I just want to create a folder one my OneDrive for Buiness Account through the Graph API. After many hours I got stuck with an error which I really can't comprehend. It says that the property 'Attributes' does not exist on type 'oneDrive.folder' and I should not use this property. The problem is that I don't use this property. After alot of research I think it has something to do with the pinned metadata or something like that. But in gerneral I really dont know what to do futher.
I used the Graph Explorer and another website to create this script.
The Error:
-1, Microsoft.SharePoint.Client.InvalidClientQueryException
The property 'Attributes' does not exist on type 'oneDrive.folder'.
Make sure to only use property names that are defined by the type.
And this is my code:
$clientId = "XXXXXXXXXXXXXX"
$tenantId = "XXXXXX.onmicrosoft.com"
$clientSecret = 'XXXXXXXXXXXX'
$uri = "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token"
$body = #{
client_id = $clientId
scope = "https://graph.microsoft.com/.default"
client_secret = $clientSecret
grant_type = "client_credentials"
}
$tokenRequest = Invoke-WebRequest -Method Post -Uri $uri -ContentType "application/x-www-form-urlencoded" -Body $body -UseBasicParsing
$token = ($tokenRequest.Content | ConvertFrom-Json).access_token
Write-Host $token
$uri = "https://graph.microsoft.com/v1.0/<ID XXXXXXX>/drive/root/children"
$method = 'POST'
$head= #{Authorization = "Bearer $token"}
$postPara= #{
name= "NewFolder"
folder= {}
} | ConvertTo-Json
$antwort = Invoke-RestMethod -Headers $head -Uri $uri -Method $method -Body $postPara -ContentType "application/json"
Write-Host $antwort
It really should work and I'm sitting on this sample task for over 10 Hours ._.
The issue with you code is
$postPara= #{
name= "NewFolder"
folder = {}
} | ConvertTo-Json
If you just output $postPara you will see the issue is because your missing the # in front of value in folder you will actually get the details from the underlying script populated in there. so try
$postPara= #{
name= "NewFolder"
folder = #{}
} | ConvertTo-Json
$postPara
Which should fix it.A good diag tool is also to use fiddler to look at the request being sent to server.
I need to attach the file either xlsx or CSV to a particular incident via SNOW REST API using PowerShell script. I have tried with the below code:
if (!$script:ServiceNowCreds) {
$script:ServiceNowCreds = Get-Credential
}
$snow_url = 'https://dev652xx.service-now.com/api/now/table/incident'
$Body = #{
'number' = 'INC00xx059'
}
$result = Invoke-RestMethod -Uri $snow_url -Credential $script:ServiceNowCreds -Body $Body -ContentType "application/json"
$result.result | select sys_id, number | ForEach-Object {
$Upload_snow_url ='https://dev652xx.servicenow.com/api/now/attachment/upload'
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Content-Type','text/csv')
$headers.Add('Accept','*/*')
$sys_id = $_.sys_id
$incident_number = $_.number
$UploadBody = #{
'table_name'='incident';
'table_sys_id'=$sys_id;
'file_name' = 'C:\Users\suganthanraj.p\Documents\Servers.csv'
}
$uploadParam = $UploadBody | ConvertTo-JSon
Write-Host $sys_id
Write-Host $incident_number
$UploadResult = Invoke-RestMethod -Uri $Upload_snow_url -Credential $script:ServiceNowCreds -Body $uploadParam -Method Post -Headers $headers
$UploadResult
}
When I execute the above script I am getting the below error:
Invoke-RestMethod : The remote server returned an error: (415) Unsupported
Media Type.
At C:\Users\suganthanraj.p\Desktop\SNOW-UploadAttachment.ps1:39 char:21
+ ... oadResult = Invoke-RestMethod -Uri $Upload_snow_url -Credential $scr ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-RestMethod], WebException
+ FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeRestMethodCommand
Try changing you content type to "multipart/form-data"
$headers.Add('Content-Type','multipart/form-data')
$UploadBody = #{
'table_name'='incident';
'record_sys_id'=$sys_id;
'uploadFile' = 'C:\Users\suganthanraj.p\Documents\Servers.csv'
}
The error says "The remote server returned an error: (415) Unsupported
Media Type."
Doco on the api can be found here:
https://docs.servicenow.com/bundle/geneva-servicenow-platform/page/integrate/inbound_rest/reference/r_AttachmentAPI-POSTmultipart.html
Your best option would be leverage the OOB Attachment API in ServiceNow. You will need to make a post call from powershell. Powershell has two options for this Invoke-RestMethod and Invoke-WebRequest. I have had better luck with the latter when trying to POST. You might also first build your rest call in Postman make sure you can get the attachment into ServiceNow, then worry about writing your PS.
$Body = #{
User = 'jdoe'
password = 'P#S$w0rd!'
}
$LoginResponse = Invoke-WebRequest 'http://www.contoso.com/login/' - SessionVariable 'Session' -Body $Body -Method 'POST'
$Session
$ProfileResponse = Invoke-WebRequest 'http://www.contoso.com/profile/' -`WebSession $Session $ProfileResponse`
Finally i found answer from the below link
https://community.servicenow.com/community?id=community_question&sys_id=d3707023dbaceb8023f4a345ca961949 and below is the code:
# Eg. User name="admin", Password="admin" for this code sample.
$user = "admin"
$pass = "XXX"
# Build auth header
$base64AuthInfo = [Convert]::ToBase64String([Text.Encoding]::ASCII.GetBytes(("{0}:{1}" -f $user, $pass)))
# Set proper headers
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add('Authorization',('Basic {0}' -f $base64AuthInfo))
$headers.Add('Accept','application/json')
$headers.Add('Content-Type','application/json')
# Specify endpoint uri
$uri = "https://dev652XX.service-now.com/api/now/attachment/file?table_name=incident&table_sys_id=850XXXXX2200e0ef563dbb9a71c1&file_name=TreeSizeReport.csv"
# Specifiy file to attach
$fileToAttach = "C:\Users\suganthanraj.p\Desktop\TreeSizeReport.csv"
# Specify HTTP method (POST, PATCH, PUT)
$method = "POST"
# Send HTTP request
$response = Invoke-WebRequest -Headers $headers -Method $method -Uri $uri -InFile $fileToAttach
# Print response
$response.RawContent
At this microsoft documentation address
https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases
I found the following note in many parameters:
To see possible values, query the capabilities API.
Unfortunately it's not explained how to query "the capabilities API"
Any idea?
Check this official document.
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Sql/locations/{locationId}/capabilities?api-version=2014-04-01
You could call the api with Power Shell(just an example, you also could use other language to call the API).
##get token
$TENANTID=""
$APPID=""
$PASSWORD=""
$result=Invoke-RestMethod -Uri https://login.microsoftonline.com/$TENANTID/oauth2/token?api-version=1.0 -Method Post -Body #{"grant_type" = "client_credentials"; "resource" = "https://management.core.windows.net/"; "client_id" = "$APPID"; "client_secret" = "$PASSWORD" }
$token=$result.access_token
##set subscriptionId
$subscriptionId=""
$Headers=#{
'authorization'="Bearer $token"
'host'="management.azure.com"
'contentype'='application/json'
}
$url="https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Sql/locations/eastus/capabilities?api-version=2014-04-01"
Invoke-RestMethod -Uri $url -Headers $Headers -Method GET
I'm trying to access a Swagger based API using powershell invoke-restmethod with websession to (hopefully) capture the cookies/session information I'd need to do a post method.
I start by requesting a CSRF
$CSRF = Invoke-RestMethod -Uri ($Uri+'csrf-token') -Method Get -Credential $Creds -ContentType 'application/json'-SessionVariable websession
and I can see the correct token value without any issues. Looking at the websession variable I do have some data, but I don't get any cookie values at all. Thus if I submit a second request using the session variable:
Invoke-RestMethod -Method Post -Uri ($Uri+'post') -Headers $Header -Body $Body -Credential $creds -WebSession $websession
it fails due to the missing cookie values. If I do a normal request via Firefox I see cookies with a jsessionid, etc but I don't know how to get these values somewhere where I can use them (please excuse me ignorance here- I'm relatively new to the invoke-restmethod in PS)
I've sussed it out (at last- very painful) - I had to build my own cookie:
$CSRF = Invoke-RestMethod -Uri ($Uri+'csrf-token') -Method Get -Credential $Creds -ContentType 'application/json' -SessionVariable websession -MaximumRedirection 0
$CSRFToken = $CSRF.tokenValue
# Capture cookie
$cookiejar = New-Object System.Net.CookieContainer
$cookieUrl = $uri +'csrf-token'
$cookieheader = ""
$webrequest = [System.Net.HTTPWebRequest]::Create($cookieUrl);
$webrequest.Credentials = $creds
$webrequest.CookieContainer = $cookiejar
$response = $webrequest.GetResponse()
$cookies = $cookiejar.GetCookies($cookieUrl)
# add cookie to websession
foreach ($cookie in $cookies) {$websession.Cookies.Add((Create-Cookie -name $($cookie.name) -value $($cookie.value) -domain $apiserverhost))}
# Finally, I can post:
Invoke-RestMethod -Method Post -Uri ($Uri+'versions/createVersionRequests') -Headers $Header -Body $Body -Credential $creds -WebSession $websession
Hope that helps someone else (I've spent hours pulling my hair out over this!)