I am trying to replace an existing DNS A record with CNAME record having same name using ARM template. I have A record in DNS zone that looks like the following
name - mylink
value - 10.22.31.3
Type - A
TTL - 60
I want to have CNAME record in the same DNS zone that should look like following
name - mylink
value - cos.myaddress.test.net
Type - CNAME
TTL - 60
Currently my ARM template looks like following that creates A record
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"resources": [
{
"type": "Microsoft.Network/dnszones/A",
"apiVersion": "2018-05-01",
"name": "mylink",
"properties": {
"TTL": 60,
"ARecords": [
{
"ipv4Address": "10.22.31.3"
}
]
}
},
]
}
I tried to add another CNAME record to this are template which gave error on deployment.
"code": "Conflict",
"message": "The CNAME record could not be created because another record with the same name already exists in this zone."
As the error displayed, we can not create a CNAME record name that is the same as existing records sets in the same zone because CNAME record sets cannot coexist with other record sets with the same name. Refer here.
So we need to delete the old A records or create CNAME records with a different record name in this case.
When deploying your resources with the ARM template, you specify that the deployment is either an incremental update or a complete update. By default, the deployment is using incremental mode. You may consider using complete mode to delete resources that exist in the resource group but aren't specified in the template.
However, the child resources type like dnszones / * does not support complete mode deletion.
In conclusion, we can not directly replace Azure DNS A record with the CNAME record using the ARM template. We need to delete the A records first with the Azure portal or other cmdlets then create CNAME records with the ARM template as usual.
Related
I try to deply SQL Server Logical server with PS and ARM. I can succesfully create logical server at portal with contributor rights, but cannot figure out what is wrong here.
I have here PowerShell ISE on Windows.
ARM template is copy and paste from https://github.com/Azure/azure-quickstart-templates/tree/master/101-sql-logical-server/
//CODE
Connect-AzAccount -Credential $Credential -Tenant $tenant -Subscription $subscription
#ARM Deployment
$templateFile = "C:\Azure\SQLServer\azuredeploy.json"
New-AzResourceGroupDeployment `
-Name SQLDeployment `
-ResourceGroupName my-rg `
-TemplateFile $templateFile
ERROR:
New-AzResourceGroupDeployment : 17.35.18 - Error: Code=InvalidTemplateDeployment; Message=The
template deployment failed with error: 'Authorization failed for template resource 'sql
vasvtmcp42o3wko/Microsoft.Authorization/11fd61df-2336-5b96-9b45-ffc7160df111' of type
'Microsoft.Storage/storageAccounts/providers/roleAssignments'. The client 'john.smith#mycompany.
com' with object id '1115f3de-834b-4d28-a48f-ecaad01e3111' does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope '/subscriptions/1111111
11111111111111/resourceGroups/my-rg/providers/Microsoft.Storage/storageAccounts/sqlvasvtmcp42o3wko/providers/Microsoft.Authorization/roleAssignments/11111df
-2336-5b96-9b45-ffc7160df168'.'.
I can succesfully create logical server at portal with contributor rights, but cannot figure out what is wrong here.
Because the template you used will enable the Advanced data security for you, this will create a storage account and service principal for your sql server, then assign the service principal to the storage account as a Storage Blob Data Contributor role automatically.
To do this operation, your user account need to be the Owner or User Access Administrator in the resource group or subscription. Or you can also create a custom role which has Microsoft.Authorization/roleAssignments/write in its actions, then the role will also be able to do that.
So in conclusion, you have two options to fix the issue.
1.Navigate to the Resource group or Subscription in the portal -> Access control (IAM) -> Add -> add your user account as a role mentioned above e.g. Owner, then it will work fine. See details here.
2.When you deploy the template, specify the enableADS with false in the azuredeploy.parameters.json file. Then it will not enable the Advanced data security for you, and you will be able to create the sql server with the Contributor via the template.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentParameters.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"serverName": {
"value": "GEN-UNIQUE"
},
"administratorLogin": {
"value": "GEN-UNIQUE"
},
"administratorLoginPassword": {
"value": "GEN-PASSWORD"
},
"enableADS": {
"value": "false"
}
}
}
The error clearly states the account that is being used for the action doesn't have the proper role assignment to perform the action.
the client 'john.smith#mycompany. com' with object id '1115f3de-834b-4d28-a48f-ecaad01e3111' does not have permission to perform action 'Microsoft.Authorization/roleAssignments/write' at scope '/subscriptions/1111111 11111111111111
This means your next step should be validating what role assignment is assigned to that user, and then checking that the role does have the permission to perform Microsoft.Authorization/roleAssignments/write
This doc says "With the Reference-Based Catalog Management API, you can create a custom slot type that references an external data source to get the slot type values. This API allows you to create and maintain a catalog of slot type values independent of your Alexa skill."
However as you dig into it, it doesn't provide some needed details on how to actually setup the catalog on an endpoint like s3.
While this resource was provided as an answer in this similar question, it actually refers to content catalogs (like music playlists), not the Reference-Based Catalog Management API, so I assume that was in error and it is not applicable.
So, for the Reference-Based Catalog Management API: The docs say it needs to be in JSON format, and offers ingredients.json as an example. However I used this directly, and it fails (see below). Also, it does not describe what the format should be to include synonyms. Please describe this.
I can successfully create the catalog with '/v1/skills/api/custom/interactionModel/catalogs/' and get a catalogId in return. However, creating the catalog version via '/skills/api/custom/interactionModel/catalogs/{catalogId}/versions' fails. I get "Website Temporarily Unavailable" when I issue the POST.
Here's the request body structure that I'm including with that post:
data: {
"source": {
"type": "URL",
"url": "https://s3.amazonaws.com/..../ingredients.json"
},
"description": "test S3 bucket"
}
Also, does the S3 endpoint have to be made public? I tried it both ways, didn't seem to matter. If it does have to be public though, how did you handle security?
Thanks for the help.
While the API call fails, I did get this to work using the CLI approach.
ask api create-model-catalog-version -c {catalogID} -f {filename}
The file should be JSON with the following structure:
{
"type": "URL",
"url": "[your catalog url]"
}
It remains an open question how to get the API approach to work, so any answers appreciated. Maybe it is a bug, because I specify the exact same 'source' definition in the data structure of the API call as I do in the JSON file used by the CLI command.
Here's what I learned as I got it to work with the CLI:
Yes, the S3 endpoint must be made public in order for the create-model-catalog-version job to succeed. This strikes me as a problem, would like to see the ability to wrap some security around these endpoints.
Here is the format of the JSON that you will want to use, including the use of synonyms which is not described in the official Amazon example. Note that you don't have to include an ID as shown in that example.
{
"values": [
{
"name": {
"value": "hair salon",
"synonyms": [
"hairdresser",
"beauty parlor"
]
}
},
{
"name": {
"value": "hospital",
"synonyms": [
"emergency room",
"clinic"
]
}
},
]
}
I am developing a platform and I need to get the members emails from an existing Silverstripe installation. I think it is V4 but not sure yet.
I was hoping to call a REST API but I can't seem to find any information about how you would go about doing this. I would need to call this each day to get the latest members.
Is this possible or is there another way to go about doing this?
I had a look at the API documentation but the information is not helpful and it does not have an explanations or examples. https://api.silverstripe.org/4/index.html
Silverstripe 4 does not expose its data through a REST API service out of the box. We can install a module to allow us to do this.
Rest API module:
https://github.com/colymba/silverstripe-restfulapi
Rest API module:
https://github.com/silverstripe/silverstripe-restfulserver
An alternative is to use the Silverstripe GraphQL module to retrieve data:
https://github.com/silverstripe/silverstripe-graphql
You can do this almost out of the box with the SilverStripe GraphQL API in SilverStripe 4. In addition to 3dgoo's answer, here's a bit of a guide for you:
Out of the box configuration
SilverStripe exposes an "admin" GraphQL server, which requires you to be logged in to use it. If you want to use it from another server, you can base64 encode your basic authentication credentials and pass it as a header. More info on this here.
The SilverStripe CMS module already exposes member's first and last names, since they're used by parts of the CMS through the GraphQL API already. If you want an email address then you can add that with some basic YAML in your app folder.
Adding the member's email field
Add some custom configuration to your app/_config folder - configuration in SilverStripe is merged, so the array values fields: [Email] will merge with the CMS values linked above
# File: app/_config/graphql.yml
---
Name: appgraphql
---
SilverStripe\GraphQL\Manager:
schemas:
admin:
scaffolding:
types:
SilverStripe\Security\Member:
fields: [Email]
operations:
read: true
Note that I've also added operations.read: true to this, because the CMS will only let you read members one at a time via the readOne operation. For your case you'll want to enable read, which returns a paginated list. More info on available operations.
Testing your query
The easiest way to do this is to install GraphiQL (via silverstripe-graphql-devtools), a web (or app) based UI for inspecting GraphQL schemas and running queries against your server. This can be done easily with Composer:
composer require --dev silverstripe/graphql-devtools dev-master
Open up your browser to http://localhost/dev/graphiql?flush. Replace localhost with whatever your SilverStripe server is running on. You add ?flush to the querystring to tell SilverStripe to flush its cache (YAML and PHP files) to pick up your new module and config.
When you get your GraphiQL query editor you can start by writing query GetUsers { ... } and you'll notice that as you type deeper into the query it autocompletes the available options for you.
Here's the query to retrieve your member email addresses:
query GetUserEmails {
readSilverStripeMembers {
edges {
node {
Email
}
}
}
}
Micro-explanation: GetUserEmails is an arbitrary query name you create. You don't actually need to write one, it'll work fine without. readSilverStripeMembers is an automatically scaffolded query name, which happens because you enabled read: true in the GraphQL operations. If you delete it and start typing it again you'll see the other options available as well, the one that ships out of the box with the CMS is readOneSilverStripeMember. The edges and node levels are for pagination.
Using the query
It sounds to me like your SilverStripe server is already running somewhere, and you may not have a local version to test. If that's the case, simply adding the YAML configuration above to your app folder and deploying it will be enough to get your server to give member emails in admin GraphQL calls, then you can do your GraphQL queries with cURL or something:
curl 'http://localhost/admin/graphql/' \ # Adjust to your domain
-H 'Authorization: Basic YWRtaW46YWRtaW4=' \ # This is admin:admin base64 encoded
-H 'Content-Type: application/json' \ # Required for the input data structure
--data-binary '{"query":"query { readSilverStripeMembers { edges { node { Email } } } }","variables":null}'
Example output:
{
"data": {
"readSilverStripeMembers": {
"edges": [
{
"node": {
"Email": "leslie.lawless#example.com"
}
},
{
"node": {
"Email": "mika#example.com"
}
},
{
"node": {
"Email": "sam#example.com"
}
}
]
}
}
}
I want to add repository URI and set it to observe mode, so I tried to change default URI I/O mode from Read/Write to No IO. I tried diffusion.uri.edit, in repository key description, it said:
This transaction type must be present when creating a new URI and must
not be present when editing an existing URI.
I tested it with web conduit/method/diffusion.uri.edit. In transactions, I use
[
{"type": "uri","value": "ssh://git#05.mm.net/diffusion/TESTPROCESS/test-process.git"},
{"type": "io","value": "none"}
]
It report Validation errors:
When creating a repository URI, you must specify which repository the
URI will belong to.
I also tried add repository key such as
[
{"type": "uri","value": "ssh://git#git.missfresh.cn:test/test-process.git"},
{"type": "io","value": "none"},
{"type": "repository","value": "PHID-REPO-c7jajliasqtxoclryfim"}
]
It will create a new URI. What's the correct value for diffusion.uri.edit?
I found the answer. The transactions parameters are correct, but objectIdentifier is needed also, its value is the URI ID.
I have attached a user to an Endpoint using KaaClient.attachUser() methond(using trustful verifier), and I received a success status message back from server. But, where do I see this user in Admin UI? Moreover, If I try to use the the userID and try to push a configuration update to endpoint, I receive item not found error on Admin UI.
Currently there is no such feature that would allow to list all the attached users. Updating configuration values of configuration schema for a user (using userID) via Admin UI is possible only after that user has been attached in a client app at lease one time:
KaaClient.attachUser(userId, ...)
To use custom user configuration schema with different values for different attached users try to follow the instructions below:
Add a configuration schema for needed demo application (in this guide we will use Event Demo):
Login to Administration UI as a tenant developer
Go to Applications -> Event Demo -> Schemas -> Configuration. Click
Add Schema button
On the "Add configuration schema" page click Create new type button
Fill all required fields: Name (e.g. EventUserSchema), Namespace
(e.g. org.kaa.kaaproject.demo.schema), Display name (Event User
Schema) etc.
Add all needed fields to the schema (e.g. fields "userKey" and
"userValue" with "String" type and field "count" with "Integer" type
and default value "42"): on the same page for each field click Add
button in the "Fields" area, fill all required data included Field
name and Field type and click Add button.
After all fields are added on the top of the page click Add button.
If you do everything right new configuration schema with version "2"
and name "Event User Schema" will be listed on the page. If you
export it and open with a file reader you will see something like
this:
{
"type": "record",
"name": "EventUserSchema",
"namespace": "org.kaa.kaaproject.demo.schema",
"fields": [
{
"name": "userKey",
"type": [
{
"type": "string",
"avro.java.string": "String"
},
"null"
],
"displayName": "",
"displayPrompt": ""
},
{
"name": "userValue",
"type": [
{
"type": "string",
"avro.java.string": "String"
},
"null"
]
},
{
"name": "count",
"type": "int",
"by_default": 42
}
],
"version": 1,
"dependencies": [],
"displayName": "Event User Schema",
"description": ""
}
Add SDK profile with newly created configuration schema:
Go to Applications -> Event Demo -> SDK profiles. Click Add SDK
profile button.
Enter Name (e.g. EventUserSDK), select Configuration schema version
(for this case the version should be set to 2), add needed Event
class families (for Event Demo we need Chan Event Class Family),
select Trustful verifier.
On the same page click Add SDK profile button.
If everything is ok SDK profile with name "EventUserSDK" and
Configuration "v2" will be listed on SDK profiles page.
On the same page click Generate SDK button for newly created SDK,
select needed language and click Generate SDK button to download new
SDK.
Replace SDK library from your client application with new downloaded SDK, rebuild your app. After that you will be able to use configuration values, related to the defined configuration schema, in the application:
kaaClient.getConfiguration().getCount();
kaaClient.getConfiguration().getUserKey();
kaaClient.getConfiguration().getUserValue();
These values can be used after KaaClient.attachUser(...) place in code.
After running the app. If the user is attached successfully and you receive something like Attach response: SUCCESS, the configuration values will be set to default ones (default values are described in the configuration schema) and you will able to change them for each userID on the appropriate admin page:
Go to Applications > Event Demo -> Users > Update configuration.
Enter userID that has been already attached to KaaClient.
Select configuration schema version and fill all values for
configuration body area.
Click Update configuration button.
The configuration values will be changed for all endpoints which use the entered userID.
It is also possible to setup configuration schemes and values via REST. Please see Server REST APIs documentation page .