At this microsoft documentation address
https://learn.microsoft.com/en-us/azure/templates/microsoft.sql/servers/databases
I found the following note in many parameters:
To see possible values, query the capabilities API.
Unfortunately it's not explained how to query "the capabilities API"
Any idea?
Check this official document.
GET https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Sql/locations/{locationId}/capabilities?api-version=2014-04-01
You could call the api with Power Shell(just an example, you also could use other language to call the API).
##get token
$TENANTID=""
$APPID=""
$PASSWORD=""
$result=Invoke-RestMethod -Uri https://login.microsoftonline.com/$TENANTID/oauth2/token?api-version=1.0 -Method Post -Body #{"grant_type" = "client_credentials"; "resource" = "https://management.core.windows.net/"; "client_id" = "$APPID"; "client_secret" = "$PASSWORD" }
$token=$result.access_token
##set subscriptionId
$subscriptionId=""
$Headers=#{
'authorization'="Bearer $token"
'host'="management.azure.com"
'contentype'='application/json'
}
$url="https://management.azure.com/subscriptions/$subscriptionId/providers/Microsoft.Sql/locations/eastus/capabilities?api-version=2014-04-01"
Invoke-RestMethod -Uri $url -Headers $Headers -Method GET
Related
I need to add user permission when creating an environment through REST API with PowerShell.
I've looked at the network trace and this is the header when I tried to manually add a user permissions
Request URL:
https://dev.azure.com/{org}/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/{project_id}_{env_id}
Request Method: Put
Request Body:
[{userId: "{id_of_user}", roleName: "Administrator"}]
And this is the code I tried:
# other code
...
$body = #(
#{ 'userId' = '{id_of_user}'; 'roleName': 'Administrator' }
) | ConvertTo-Json
Invoke-RestMethod -Uri $uri -Method Put -Body $body -ContentType "application/json" -Headers $header
But it is returning:
{"count":0,"value":{}}
The only missing thing is that in your body, you should provide an array instead of a single object, here is a working example:
$uri = "https://dev.azure.com/bauca/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/{project_id}_{env_id}"
$id_of_user = 'YOUR_USER_ID'
$tokenbase = 'YOUR_PAT'
$header = #{
"authority"="dev.azure.com"
"Authorization"= "Basic $tokenbase"
"method"="PUT"
"path"="/{ORG}/_apis/securityroles/scopes/distributedtask.environmentreferencerole/roleassignments/resources/{project_id}_{env_id}"
"scheme"="https"
"accept"="application/json;api-version=5.0-preview.1;excludeUrls=true;enumsAsNumbers=true;msDateFormat=true;noArrayWrap=true"
"accept-encoding"="gzip, deflate, br"
"accept-language"="en-US,en;q=0.9,pt;q=0.8,nl;q=0.7"
"origin"="https://dev.azure.com"
"x-vss-reauthenticationaction"="Suppress"
} `
$body = "[{`"userId`":`"${id_of_user}`",`"roleName`":`"Administrator`"}]"
Invoke-RestMethod -UseBasicParsing -Uri $uri -Method "PUT" -Body $body -ContentType "application/json" -Headers $header
The returned results should be something like:
#{displayName=USER_NAME; id=USERID; uniqueName=USER_UNIQUENAME}
The API documentation is not clear about that, so, in this situations what I'd recommend you to do, is just use Chrome to do the requests through the UI, then inspect element and grab the network information of the request, after that 'Click with the right button' and then select 'Copy to Powershell' you'll see exactly what is the 'body' required to perform the request.
I'm having an issue using the databricks api 2.0
The invoke-rest method fails for the following error:
"Error 400 io.jsonwebtoken.IncorrectClaimException: Expected aud claim to be: https://management.core.windows.net/, but was:
https://management.azure.com."
I followed the instructions in the microsoft docs.
cls
$DataBrick = <DataBrickURL>
$DataBricksResourceID = <ResourceID>
$VaultName = <KeyVault>
$KeyName = <Key>
$apiEndpointUri = "https://management.azure.com"
$tenantId = <TenantID>
$applicationId = <ApplicationID>
$secret = Get-AzKeyVaultSecret -VaultName $VaultName -Name $KeyName -AsPlainText
$RequestAccessTokenUri = "https://login.microsoftonline.com/$tenantId/oauth2/token"
$body = "grant_type=client_credentials&client_id=$applicationId&client_secret=$encodedSecret&resource=2ff814a6-3304-4ab8-85cb-cd0e6f879c1d"
$Managementbody = "grant_type=client_credentials&client_id=$applicationId&client_secret=$encodedSecret&resource=$apiEndpointUri"
$contentType = 'application/x-www-form-urlencoded'
$AccessToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $body -ContentType $contentType
Write-Output $AccessToken
$ManagementToken = Invoke-RestMethod -Method Post -Uri $RequestAccessTokenUri -Body $Managementbody -ContentType $contentType
Write-Output $Token
$apiuri = $DataBrick +"/api/2.0/clusters/get"
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Authorization", "Bearer " + $AccessToken.access_token)
$headers.Add("X-Databricks-Azure-SP-Management-Token", $ManagementToken.access_token)
$headers.Add("X-Databricks-Azure-Workspace-Resource-Id", $DataBricksResourceID)
Invoke-RestMethod -Uri $apiuri -Headers $headers
AS per documentation, resource parameter (your apiEndpointUri variable) should be https://management.core.windows.net/, but you have https://management.azure.com
Based on e.g. mentioned in Question, There are following steps are happening:
Get a token from Microsoft login service for provided resource id of databircks.
Get a management Token. In your e.g., it is provided as "https://management.azure.com" which is not correct. You needs to use "https://management.core.windows.net/" which is mentioned in error response too. You can refer https://learn.microsoft.com/en-us/azure/databricks/dev-tools/api/latest/aad/service-prin-aad-token#--api-access-for-service-principals-that-are-not-workspace-users for reference which is not for Powershell but useful enough to understand authentication flow
Using both tokens, to call Databricks APIs
In short, if you correct apiEndpointUri based on error. It should work provided other details are correct and have correct permission configured.
UGH!
I'm struggling with 401 error when trying to update M365 groups sensitivity label information with Graph API and PowerShell. With Graph Explorer the beast works just fine, but with PowerShell I receive an error Invoke-RestMethod : The remote server returned an error: (401) Unauthorized. -message. Updating groups description and displayname programatically works without exceptions. Azure app registration is consented with application level grants: Group.ReadWrite.All and Directory.ReadWrite.All as mentioned in the MS documentation. Any ideas?
Code sample:
Connect-PnPOnline -Url $tenantBaseUrl -ClientId $clientId -Tenant $tenantId -Thumbprint $thumbPrint
$body=#"
{
"assignedLabels": [
{
"labelId": "$labelId"
}
]
}
"#
$AccessToken = (Get-PnPGraphAccessToken)
$headers = #{ Authorization=("Bearer " + $AccessToken)}
$uri = "https://graph.microsoft.com/beta/groups/$groupId"
$webRequest = Invoke-RestMethod –Uri $uri -Body $body –Method Patch -Headers $headers -ContentType "application/json"
Reference to MS-documentation:
https://learn.microsoft.com/en-us/graph/api/group-update?view=graph-rest-beta&tabs=http#example-2-apply-sensitivity-label-to-a-microsoft-365-group
It seems that app-only permission is not supported.
Setting of sensitivity labels is not available with app credentials
Token is valid. If I run the same command with same token, but only changing the body to update description and displayname it works.
$body2 = #"
{
"description": "M365 Group new desc",
"displayName": "M365 Group new displayname"
}
"#
$webRequest2 = Invoke-RestMethod –Uri $uri -Body $body2 –Method Patch -Headers $headers -ContentType "application/json"
I have managed to connect to the Graph API and I'm able to pull data without any issues. I now want to add a user to a group and I cannot for the life of me get it to work. The MS documentation says its POST https://graph.microsoft.com/v1.0/groups/{id}/members/$ref. I believe $ref is the reference to the user in the format below. How, in Powershell, do I submit this using Invoke-RestMethod?
{
"#odata.id": "https://graph.microsoft.com/v1.0/users/a0fbxxxb7-2b3d-4df1-a0ce-3bfdb513dxxx"
}
According to my reserach, please try to update your body as
{
"#odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/a0fbxxxb7-2b3d-4df1-a0ce-3bfdb513dxxx"
}
For example
$headers = New-Object "System.Collections.Generic.Dictionary[[String],[String]]"
$headers.Add("Content-Type", "application/json")
$headers.Add("Authorization", "Bearer <access_token>")
$body = "{`"#odata.id`": `"https://graph.microsoft.com/v1.0/directoryObjects/<the user objectid>`"}"
$response = Invoke-RestMethod 'https://graph.microsoft.com/v1.0/groups/022af724-22e4-4838-92e9-4e561f9acc0c/members/$ref' -Method 'POST' -Headers $headers -Body $body
I am trying to connect to Azure Machine Learning Web service using Invoke-WebRequest in PowerShell. after bellow command I will get an error that "Request is unauthorized to access
resource.":
Invoke-WebRequest -Uri $Url -Method POST -Body $body
As I know, you can connect to a Machine Learning Web service using any programming language that supports HTTP request and response. read more about it here.
Seems I need to pass API Key with my request. I have tried this two types of command, but the error was same:
Invoke-WebRequest -Uri $Url -Method POST -Body $body -Headers #{'apikey' = $API_key}
and
Invoke-WebRequest -Uri $Url -Method POST -Body $body -Header #{ "X-ApiKey" = $API_key }
Can you please guide me how I can pass API Key to the Azure Machine Learning Web service using PowerShell?
Per TheIncorrigible's comment, try this:
Invoke-WebRequest -Uri $Url -Method POST -Body $body -Headers #{ Authorization = "Bearer " + $API_key }
You are passing a JSON string, so you could also just use the ConvertTo-Json command to create your true API key. For info on that check this out: using powershell with JSON data
You should use this:
Invoke-WebRequest -Uri $Url -Method POST -Body $body -Headers #{ 'Content-Type' = 'application/json'; 'Authorization' = "Bearer " + $API_key }