I'm attempting to programmatically register Service Principals in Azure AD using Python. It looks like I should be using the ServicePrincipalsOperations class, however the documentation does not clearly outline what is needed for the parameters. It appears that it is expecting data from other classes within azure.graphrbac, but the documentation is unclear.
I think I should be using the azure.graphrbac.GraphRbacManagementClient to generate the client parameter for ServicePrincipalsOperations, but that's just a guess at this point.
Similarly, I suspect that I would need to use azure.graphrbac.models.ServicePrincipalCreateParameters for the config parameter.
Has anyone successfully registered a Service Principal using Python that may be able to shed more light on these parameters?
Thanks in advance!
So you can use this test as a reference, but the documents do specify what you need to pass in to the method to create a service principal.
Sample code:
self.graphrbac_client.service_principals.create({
'app_id': app.app_id, # Do NOT use app.object_id
'account_enabled': False
})
More reading: Create service principal programmatically in Azure Python API
Related
I am attempting to retrieve and add function/host keys for an Azure Government function app via Python. I am currently working with the information from this question and the corresponding API page. While these are not specific to Azure Government, I would think the process would be similar after updating the URLs to the Azure Government versions. However, I am receiving the error "No route registered for '/api/functions/admin/token'" when running the jwt part of the given code. Is this approach feasible for what I am trying to do?
I also found somewhere that I instead might want to try a GET request like this:
resp = requests.get("https://management.usgovcloudapi.net/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Web/sites/<function-app-name>/functions/admin/masterkey?api-version=20XX-XX-XX", headers={"Authorization": f"Bearer {something}"})
This gives me the error "{"error":{"code":"InvalidAuthenticationToken","message":"The access token is invalid."}}", though. If this is indeed the correct approach, then what format should the Bearer token take?
Bit late answering but it may be useful for someone else in the future, it took me a while to find out how to do this.
If you want to retrieve the keys of a specific function within a function app then you can use list_function_keys() function from the Python SDK
Working with the Az management API directly may be a bit annoying and since the Azure CLI is written in Python whatever operation you do with the CLI you can do it directly in a Python script.
Here's an example of how you can retrieve the keys
from azure.identity import DefaultAzureCredential
from azure.mgmt.web import WebSiteManagementClient
# Your subscription ID
SUB_ID = "00000000-0000-0000-0000-000000000000"
fn_name = "some_function" # Name of your function
app_name = "some_app" # Name of your site/function app
rg_name = "some_rg" # Resource group name to which the function belongs
web_client = WebSiteManagementClient(subscription_id=SUB_ID, credential=DefaultAzureCredential())
keys = web_client.web_apps.list_function_keys(rg_name, app_name, fn_name)
# Your keys will be accessible in the additional_properties param
print(keys.additional_properties)
Hope it helps! I'm new on Azure so if I'm doing something wrong, please don't hesitate to point out my mistake and share your correction
Looking through the API documentation it seems that there's currently no way to access a custom report via the API. If this is, in fact, the case, is there a workaround to make this possible?
The goal is to get a modified version of this report shown on the web interface:
No, you need to build the report yourself and call it with the API unfortunately.
Depending on how complex the report is, it can be done pretty quickly. You can quickly generate the GAQL needed for your APU query using this tool: https://developers.google.com/google-ads/api/fields/v7/overview_query_builder
This will save you typing out all the resources manually, and will even validate it for you.
If you're stuck, let us know what report you're trying to generate and we can help with the GAQL.
Im using python library to interact with google bigquery and create a group a new views, however, those view need to be added in a different share dataset as authorized views, but Im not able to find how to do using scripting due is a big amount. Somebody have an idea?
Thanks!!
The short answer to this is unfortunately,no. This can not be done directly as you describe in your question.
As per the official documentation "Currently, you cannot grant permissions on tables, views, or rows. You can set access controls at the dataset level, and you can restrict access to columns with BigQuery Column-level security" Controlling access to datasets
. Controlling access to views, requires you to grant a Cloud IAM role to an entity at the dataset level or higher
There is however a possible workaround that would allow you achieve your goal.
It would be possible to share access to BigQuery views using project- level IAM roles or dataset-level access controls. This is a very detailed walk through of how you could achieve this, it uses only two datasets. But the solution could be expanded for a larger number of datasets.
The subtle art of sharing “views” in BigQuery
Additionally, as you ask about using a Python script. There is no reason that the steps described could not be implemented using the Python client library for Big Query..
I hope this helps.
I've been working on an AppEngine-based project and I wanted to know if it's possible to ignore a ProtoRPC message field.
With the Java SDK, you can use #ApiResourceProperty to ignore a property (this means it's not contained within the response returned to the browser). However, I have not come across a way of doing this using the Python SDK.
Is there anything like this in the Python SDK?
Thanks, Adil
Nope, unfortunately not (at least not to my knowledge).
Two possible solutions depending on your use-case.
Set field values to None before returning the message in your method. That way they will be skipped/not included in the JSON response.
If your messages are hooked up to datastore models you can use the endpoints-proto-datastore library which allows you to use your ndb models directly in your API methods. Additionally it allows for request_fields and response_fields parameters in the method decorator which will limit the request or response to the specified subset of message/model fields. (internally it creates the necessary message classes for you)
Using the following API allows you to obtain multiple properties assigned to a file:
props = service.properties().list(fileId=fileId).execute().get('items', [])
However, I don't see any way to set multiple properties. Is this just missing from the documentation, or have Google really overlooked this?
Think of properties as a list, rather than a map. So the answer is no.
To save http traffic you could batch your requests as described here https://code.google.com/p/google-api-java-client/wiki/Batch