We have an Azure app service (website) which has an additional deployment slot called offline that we want to use when we have taken the main website offline for maintenance.
I am trying to write a PowerShell script that will switch between this offline slot and the production slot, or vice versa, depending on parameters passed to the script. However, the script must also perform additional actions when the switchover happens, hence it is important to know which slot is currently "active".
The problem is that I can't find a way of determining this. I'm using the Resource Manager cmdlets (*-AzureRm*), and although I can call:
Get-AzureRmWebAppSlot -ResourceGroupName xxx -Name websitename -Slot offline
the object that this returns has nothing in it that can help me, as far as I can tell. It's the same story for the object returned by Get-AzureRmWebApp.
As there doesn't seem to be a Resource Manager cmdlet for this, are there any other techniques I can use? All I can think of at the moment is to have a particular web page that only exists on the offline site, and check for the existence of that page by querying the live website: this should tell me which slot is currently live. This seems kind of hacky though.
You could setup a non-slot-specific app setting that identifies the app. That would be swapped along with the app when doing the swap.
E.g. set an app setting with key AppVersion and value Production on the production slot, and an app setting with the same key and value Offline on the offline slot.
You can get access to app settings with PowerShell like this:
(Get-AzureRmWebApp -ResourceGroupName your-resource-group -Name your-webapp).SiteConfig.AppSettings
Related
Maybe an easy question for someone who knows Powershell and O365 well. Is there a way to configure it so when a command is run for example to pull all access to a shared mailbox, that either a service account is permissioned each time to pull that information or the user who is running the script? I looked at connecting an SA to the script but it would have too much access to 0365 to give it the specific permissions. So the account is not permissioned for the access by default but every time the script/command is ran its permissioned for that inquiry which it shows then it won't have access until the next time its called.
Looking to add this type of function to a script which we only want the helpdesk people to see the information when they run the script and the specific command in the script.
Hopefully explained clear enough :)
Thanks all.
I don't think there is a way to do that natively. You could fiddle something with Azure PIM but that's more for one-off operations than minute action that are done often.
You could however circumvent that by making some sort of web interface that triggers commands on another server using a privileged SA and returns the output through the web interface. You can just make it so that the interface can only request one specific command to be run, and the only thing you have to worry about is sanitizing your parameters well to avoid unwanted injection.
Alternatively, what are you trying to protect against by restricting access so much ? Isn't it something that could be done more easily using a read-only account and some clearly defined policy ? If your helpdesk people overstep their allowed scope, that's a management/HR problem as much as a technical one.
My house has an home automation system from the 1960's that I have managed to tap into. I've been able to setup an interface which allows me to write adapters for various technologies such as Node Red, Alexa, and now Google Assistent.
Given that this will only ever work with my house, I see no reason to make public Smart Home Actions. On Alexa's side, I can let these services stay in a Development state indefinitely which has worked great for the last 6 months. On Google's side, however, the FAQ says (https://developers.google.com/actions/smarthome/faq):
Q: How often do I need to run gactions test?
A: gactions test needs be refreshed every 3 days. After 3 days the test agent will disappear from mobile-HomeControl settings. If you run into this, just run gaction test again.
Therefore, I was wondering what they best way is to make a PERSONAL Google Actions service? Of course, the obvious method would be to script and schedule the gactions call to keep testing alive but I would hope there was a better way to support this!
Additional details: I'm using Amazon's OAuth service for sign-in. This way, I can validate the Amazon ClientID, UserID, etc. through the AccesssToken Google passes in for authorization. Therefore, I could theoretically run this publicly without any issues but I would need to figure out how Google could review it for testing purposes! I don't need some Google employee turning on and off my lights while the Google Maps car drive by to verify the change... ;)
I would just use a script to call gaction periodically.
Publishing it would unnecessarily pollute the Actions directory. Also, they'll make you jump through hoops for "brand verification" and other restrictions they have for naming invocation terms.
If you did publish it, you give them a temporary account for verification purposes and disable the account when published. They would be randomly controlling the lights during the verification period though which can be up to a week!
The company I work for uses SharePoint Online. We have a requirement that on most site collections, whenever a user creates a new document library that the document library is configured with the "document" content type being removed, and replaced with some of our own corporate content types.
Previously I've managed this by using a coded sandbox solution installed on relevant site collections which had an event handler that fired on "list added". It's obviously now time to move away from that solution.
I'm really struggling to get to grips with the alternative, conceptually. I'm aiming to replace the old solution with a Remote Event Receiver solution.
The way I think I'd like to achieve this:
1) Create a single remote event receiver hosted in Azure which receives details of a new list being added in a site which it then configures appropriately.
2) Use CSOM to provision the site and as part of that provisioning, hook up the event receiver.
I've spent a lot of time on this, getting nowhere. I initially thought the answer lied in using an App which I could install in the App Catalog and then push out to particular site collections but that doesn't seem to be right.
Is the solution above possible? All examples on the web I've come across of setting up remote event receivers seem to use a SharePoint app which I don't really want to do.
Thanks.
For info I found the answer. You can indeed create a remote event receiver without a SharePoint app/add-in.
The answer was written up here
I thought I needed a SharePoint Provider Hosted App for that part 1
But you should bear in mind that as per Remove event receivers on host web clientContext you will not have the client Context passed through, so
TokenHelper.CreateRemoteEventReceiverClientContext(properties)
...will come through as empty. If you want to interact with SharePoint then you'll need to find another way than this approach, or use a different set of credentials.
I wanted to transfer resources (web apps) from an old subscription that had been disabled onto my new active subscription. I created a support request and they changed the disabled subscription into a Pay-As-You-Go -type and now using PowerShell I should be able to transfer my work over.
However I am still unable to access the old resource group in PS, for example when using Get-AzureRMResourceGroup only the new group I created comes up. I am also unable to do absolutely anything with my old work, even though the sub should now be active. I believe this is the reason I am unable to make the transfer. The title poses the actual dilemma that I believe is the root of my problems so, does anyone know a way to change this? Also I am happy to be corrected if I'm way off, or just be suggested an alternative approach.
Here's a silly picture to show the inconsistency I'm speaking of.
Is there a way to persist an string from an online click once application. I saw something about isolated file storage as answers to other questions. But none of them specify if it works also for online apps (I really don't think so).
I think that something like a cookie will work. Is there something like that available?
The application must run only online (is triggered with some parameters), but for each user it needs to save a file with specific information asked to him. Once the app runs for the very first time it must not ask for that info to the user.
Thanks.
You can store the information in LocalApplicationData. Just create a directory with either your application name or your company name, stick the string in a file, and read it from there. This article shows you how to persist this data, and not have it impacted by ClickOnce updates. It will work even though your application is online-only. (Online-only C/O apps are still installed, it just means it always runs it from the URL, and requires the user to be connected in order to install the app.)