If the service principal is created through VSTS, Is there a key rotation needed?
Yes, you can check the expires day as follows:
Log on azure portal and switch to corresponding AD
Click Azure Active Directory
Click App registrations
Select All apps
Click the corresponding application (the application name likes {vsts account}-{team project}-{subscription id})
Click Settings
Click Keys
Check expires day
Related
When I create a service principal it also creates an App in Active Directory.
az ad sp create-for-rbac --role="Contributor" --scopes="/subscriptions/123456a1-a1b2-1234-12ab-12a3b4cdef67"
If I go to the Azure Portal - Active Directory - App registrations it shows all the applications registered.
I have managed to find the service principal I use for terraform by matching the terraform client_id with the Azure "Application (client) ID". It also had a human readable display name (although not the best since I still had to look via client id!)
However, there are several others where the display name is just "project_subscription".
They look like they must have been generated automatically when setting up a pipeline registering a web app in the portal or something.
I can't tell if they are actually used or if they were just created for experimenting and are then left over.
How do I know what they are for and if they are still used or not?
Is it possible to search Azure for the id or anything?
Is it possible to add a description to these to identify what they are used for beyond just the display name?
e.g. I only identified the terraform one by matching up the id with my code
App registration can be used for many scenarios, the app registrations in your AAD tenant should be created by different users. There is no such thing as a description of them.
To see if they are used, it needs to combine the context, as in AAD, there are different usages for them. For example, there are no sign-in logs of the AD App's corresponding service principal, but you cannot make sure if it was used as a client app. For the details, you may need to check the Audit logs.
For more details about AD App(App Registration) and service principal, you could check this doc - https://learn.microsoft.com/en-us/azure/active-directory/develop/app-objects-and-service-principals
In Netsuite's REST web services help documentation, there's a reference to a Postman collection:
https://netsuite.custhelp.com/app/answers/detail/a_id/86958/kw/postman
You can download the REST web services Postman environment template and collection of sample requests from the SuiteTalk tools download page at https://[accountID].app.netsuite.com/app/external/integration/integrationDownloadPage.nl. To access the page, you must substitute your account ID in the URL.
Note To access the Postman environment template and collection, the REST Web Services feature must be enabled, and you must have the REST web services permission assigned to your role. For more information, see REST Web Services Prerequisites and Setup.
However, when I go to the download page (with the correct account ID and REST web services permission), there's only a download available for "NetSuiteDataLoader.zip", which does not contain the postman collection.
Figured this out, a few pages deep in the documentation.
REST web services need to be enabled on the account first.
https://netsuite.custhelp.com/app/answers/detail/a_id/87117
Setup > Company > Enable Features (Setup Tasks)
Click "Suite Cloud" tab
Scroll to "SuiteTalk (Web Services)" section.
Tick "REST WEB SERVICES (BETA)" and accept the T&Cs.
You also need to be a user with REST Web Services and SuiteAnalytics Workbook permissions.
Administrator already has these, but if you need to add them:
Go to Setup > Users/Roles > User Management > Manage Users.
Locate the role you want to modify. Click the corresponding Edit or Customize link.
On the Permissions subtab, click Setup.
In the Permission list, select REST Web Services.
In the Level list, select Full.
Click Add.
On the Permissions subtab, click Reports.
In the Permission list, select SuiteAnalytics Workbook.
In the Level list, select Full.
Click Add.
Click Save.
Once all that is done, when you go to https://[accountID].app.netsuite.com/app/external/integration/integrationDownloadPage.nl
you will see a link to NetSuiteRestApiSampleRequests.zip - which contains the postman collection.
If it still doesn't work try to put a tick on WEB SERVICES ONLY ROLE
Setup > Users\Roles > Manage Users >
Find the current role that you want to give access to and Save.
After entering ID of your account on that current role - you will see another folder with NetSuite REST API Sample Requests name.
I am trying to export users from Azure DevOps with mapping to their permissions to specific Teams and Projects. The only option in the Azure DevOps is to export user list. But the associated Team and project access don't come along in that export.
There is no default way to export associated Team and Projects for users. You can either search the user and choose Member of to see which security groups the user belongs to:
Or use User Entitlements - Get User Entitlements api to get all use IDs and then use User Entitlements - Get User Entitlement api get each user's entitlement, and you'll see projectEntitlements there.
WE have our REST services deployed using bluemix container groups. Can some one tell me how to configure access to these APIs through Bluemix API Connect? I Created product, catalog. Also imported my swagger in catalog. I can see the APIs listed. but not able to access them. Can someone guide?
Since you've already created a product, I'll assume that you've already added your API(s) to that product. If not, do that now.
Once you've done that, look for the Stage menu (the little "Cloud with an up arrow" icon) in the upper-right-hand corner of the product detail page. From the corresponding menu, select the catalog you want to stage the product to.
After that completes successfully, navigate to the API Connect dashboard and click on the catalog to which you just staged the product. At this point, you should see the product and its status will be listed as "Staged."
Click the overflow menu (three dots) on the right-hand side of the product row and select "Publish" from the resulting menu. You can likely accept any default visibility settings. Once that operation completes, the API will now be accessible via the catalog's gateway URL + API base path. (You can find this in the Catalog settings -> Endpoint panel.)
For more information on publishing APIs, see this documentation: https://console.bluemix.net/docs/services/apiconnect/apic_006.html#apic_010
Or if you want to use the CLI: https://www.ibm.com/support/knowledgecenter/en/SSFS6T/com.ibm.apic.toolkit.doc/capim-toolkit-cli-publish-apis.html#concept_nll_3ry_xv__publish_apis
on Bluemix to call your api , you need to "publish" your product to a portal. First of all prepare your Portal:
Go to Dashboard -- > Your Catalog -- > Settings -- > Enable Portal and select Portal-Delegated-User-Registry.
After some time , you will be accessing your portal . Subscribe new user through that portal. Portal GUI is very helpful. You will be able to learn by yourself how to call your API.
Good luck!
Is there a way to change the default organization in Bluemix? Right now every time I login to Bluemix, the organization listed is my teammate's org. I want to have Bluemix default to my organization. Thanks!
Bluemix saves your configuration (organization and space) in a browser cookie.
The first time you login it will default to first organization in alphabetical order and the first space in alphabetical order within that organization.
After you change to your preferred organization and space and logout from Bluemix, the next time you login Bluemix will default to the new organization and space.
The only exception is if you are using a private or incognito browser that will disable cookies or if you delete your cookies, in which case it will default again to the organization using alphabetical order.