I'm attempting to use the 3 VM SharePoint Azure QuickStart Template on Azure Government.
Everything works fine except that the deployment errors out due to the fact that Azure Government expects the storageAccountUri to be blob.core.usgovcloudapi.net, while the default is blob.core.windows.net.
I've changed the JSON files to the expected blob.core.usgovcloudapi.net, but it still complains of the error that the blob URL's domain must be blob.core.usgovcloudapi.net.
I'm wondering why it is being overridden and how I can prevent that.
An example of the change I've made is:
"osDisk": {
"name": "osdisk",
"vhd": {
"uri": "[concat('http://',parameters('storageAccountNamePrefix'),'1.blob.core.usgovcloudapi.net/vhds/',parameters('sqlVMName'),'-osdisk.vhd')]"
},
"caching": "ReadWrite",
"createOption": "FromImage"
Any help would be appreciated.
You should be able to reference the storage account and that will ensure you always get the correct address (regardless of cloud):
"osDisk": {"name": "osdisk","vhd": {"uri": "[concat(reference(concat('Microsoft.Storage/storageAccounts/',
variables('storageAccountName')), '2015-06-15').primaryEndpoints.blob, variables('vmStorageAccountContainerName'), '/',variables('OSDiskName'),'.vhd')]"}}
We have some other tips for using a QuickStart that might be hard coded to a single cloud here:
https://blogs.msdn.microsoft.com/azuregov/2016/12/02/azure-quickstart-templates/
Related
We have a WebApp developed with Angular 14. It is deployed on Azure Blob Storage (static website).
Authentification is done with the msal library for javascript. Azure AD B2C is used as identity provider.
When we logout we call msalService.logoutRedirect() which works fine for all devices except for iPhones using the Safari browser. On iPhone/Safari it sometimes gets stuck (mostly when we had the phone locked for a few minutes first). Safari then displays a "neverending" network request - but I am convinced that the actual problem is some code in the service worker, as Safari gets completely frozen and you cannot even enter anything in the Console.
We are using Angular Service Worker to provide a PWA and everything is working fine if we serve the app without Service Workers.
I tried to take a look at ngsw/state (which usually works) but as soon as the bug occurs, this site is not reachable (I assume because Safari is stuck).
For me this looks like the service worker code is stuck in some loop (there are no errors shown in the console). When I then manually try to reload the page we get the following errors in the console: .
How can I find out what causes the problem here? I tried to debug the ngsw-worker.js file but it's almost 2k lines, so it's not that easy. Is there any simpler way to debug it?
Update:
This is how the ngsw-config.json looks like:
{
"$schema": "./node_modules/#angular/service-worker/config/schema.json",
"index": "/index.html",
"assetGroups": [
{
"name": "app",
"installMode": "prefetch",
"resources": {
"files": [
"/favicon.ico",
"/index.html",
"/manifest.webmanifest",
"/*.css",
"/*.js"
]
}
}, {
"name": "assets",
"installMode": "lazy",
"updateMode": "prefetch",
"resources": {
"files": [
"/assets/**",
"/*.(eot|svg|cur|jpg|png|webp|gif|otf|ttf|woff|woff2|ani)"
]
}
}
]
}
We are using google-fonts and fetch it from fonts.googleapis.com.
When we logout and the bug occurs the browser displays that it tries to load the google fonts - it is stuck there. Is it possible that it somehow thinks the google-fonts file should be in cache and it tries to fetch it but since it isn't there, it loads endlessly?
Update: I found a forum post that sounds very similar to the problem we have, unfortunately, it seems they never found a solution: apple forum
You could try to clone the msal library and change the code in the navigation client to always use replace instead of assign. Could be worth a shot since it helped me in the react oidc library i used.
I want to see Who and When login to the Firebase from UI side, as administrator.
It is not related data access from app etc.
So, I login to https://firebase.google.com/ as User/Manager/Admin and want to see it in logs.
It should be in GCP project related to firebase, if so how can I find it - did saw in Log explorer.
Or it should be in Firebase UI?
thank you in advance.
I would give you a workaround. You can use Firebase Management API which is in beta.
Consider you have to watch a project.
You can make a request like below to get the Project Details.
GET https://firebase.googleapis.com/v1beta1/projects/{YourProjectID}
Sample Response:
{
"projectId": "*****************",
"projectNumber": "*****************",
"displayName": "Sample App",
"name": "projects/*****************",
"resources": {
"hostingSite": "*****************",
"realtimeDatabaseInstance": "*****************"
},
"state": "ACTIVE",
"etag": "1_d15ff4d3-727e-431c-8eba-f33957805f23"
}
In the response, you have a key called ETAG. Basically, this changes whenever the project is opened by someone.
You cannot get who is logged-in or other details.
You can only know someone has opened, changed or made some operations in the project, using ETAG.
You can simply store the ETAG in your server and poll for the change.
If it is changed, then someone might have used the Project.
If you want the Updated Time of the project along with it, you can try this,
https://cloud.google.com/resource-manager/reference/rest/v3/projects/get
This doc says "With the Reference-Based Catalog Management API, you can create a custom slot type that references an external data source to get the slot type values. This API allows you to create and maintain a catalog of slot type values independent of your Alexa skill."
However as you dig into it, it doesn't provide some needed details on how to actually setup the catalog on an endpoint like s3.
While this resource was provided as an answer in this similar question, it actually refers to content catalogs (like music playlists), not the Reference-Based Catalog Management API, so I assume that was in error and it is not applicable.
So, for the Reference-Based Catalog Management API: The docs say it needs to be in JSON format, and offers ingredients.json as an example. However I used this directly, and it fails (see below). Also, it does not describe what the format should be to include synonyms. Please describe this.
I can successfully create the catalog with '/v1/skills/api/custom/interactionModel/catalogs/' and get a catalogId in return. However, creating the catalog version via '/skills/api/custom/interactionModel/catalogs/{catalogId}/versions' fails. I get "Website Temporarily Unavailable" when I issue the POST.
Here's the request body structure that I'm including with that post:
data: {
"source": {
"type": "URL",
"url": "https://s3.amazonaws.com/..../ingredients.json"
},
"description": "test S3 bucket"
}
Also, does the S3 endpoint have to be made public? I tried it both ways, didn't seem to matter. If it does have to be public though, how did you handle security?
Thanks for the help.
While the API call fails, I did get this to work using the CLI approach.
ask api create-model-catalog-version -c {catalogID} -f {filename}
The file should be JSON with the following structure:
{
"type": "URL",
"url": "[your catalog url]"
}
It remains an open question how to get the API approach to work, so any answers appreciated. Maybe it is a bug, because I specify the exact same 'source' definition in the data structure of the API call as I do in the JSON file used by the CLI command.
Here's what I learned as I got it to work with the CLI:
Yes, the S3 endpoint must be made public in order for the create-model-catalog-version job to succeed. This strikes me as a problem, would like to see the ability to wrap some security around these endpoints.
Here is the format of the JSON that you will want to use, including the use of synonyms which is not described in the official Amazon example. Note that you don't have to include an ID as shown in that example.
{
"values": [
{
"name": {
"value": "hair salon",
"synonyms": [
"hairdresser",
"beauty parlor"
]
}
},
{
"name": {
"value": "hospital",
"synonyms": [
"emergency room",
"clinic"
]
}
},
]
}
I am following the following Google Cloud Vision quickstart:
https://cloud.google.com/vision/docs/quickstart
This is using the API Explorer, and I get
Error Opening File
I have created a bucket named vision2018, and checked Share Publicly for the file.
My portion of the request related to the file is:
"image":
{
"source":
{
"imageUri":"gs://vision2018/demo-image.jpg"
}
}
The response I get is:
{
"responses": [
{
"error": {
"code": 5,
"message": "Error opening file: gs://vision2018/demo-image.jpg\"."
}
}
]
}
}
What do I need to specify in order to access files in my GCP storage?
Alternatively, I read other Stack Overflows that talk about GOOGLE_APPLICATION_CREDENTIALS, Simple API Key, and "Create Service account key and download the key in JSON format", ... but these seem to be giving commands in the shell, which this quickstart doesn't even open.
Is there initial setup assumed prior to the quickstart?
I am not ready to call the api from code
You might want to doublecheck your request. I went to the quickstart, replaced the placeholder imageUri with gs://vision2018/demo-image.jpg and it worked just fine. The error message you posted is what would be displayed if you had given gs://vision2018/demo-image.jpg\" instead.
Regarding the second part of your question: these are authentication methods. In this particular case, under Authentication you will find a drop down which lets you chose between API key and Google OAuth 2.0. If you chose the former, you don't need to do anything as a demo key will be used just for the purposes of the quickstart. If you chose OAuth 2.0, a popup will appear prompting you to authenticate with a google account. All in all, what you need to do is follow step-by-step the instructions given by the quickstart.
I was receiving a similar JSON response from the Google Vision API:
"error": {
"code": 7,
"message": "Error opening file: gs://bucket/file.jpg."
}
The fix was to set the GCS file's permission to public-read:
gsutil acl set public-read gs://bucket/file.jpg
Finally I investigated what happened. The problem is that your API token is only grant for process the image (allow right to use OCR engine), but that API is not also for accessing object in GS.
Therefore "message": "Error opening file:
The problem is similar with this post:Authorize Google Cloud Vision API to Google Storage image Maybe the error message is a bit dumb than many years ago.
The solution also mentioned in the answer section, but if you want some thing more clear (expose security side-effect) here it is: Set GCS read-only public
Reason I want to keep using API because it's better for use it in mobile application, we cannot give the OAuth2.0 to any phone. However, still find a way to secure the read-public bucket.
App Search API Validation Tool of "Apple" is not validating my domain.
https://search.developer.apple.com/appsearch-validation-tool
I am using universal links but "Link to Application" is showing me "Error".(http://www.awesomescreenshot.com/image/1719847/330979a43c4c6b2766da1e703447ee04)
Here is my "apple-app-site-association" file code.
{"applinks": {"apps": [],"details": {"XXXXXXXXXX.com.streatmanagement.threadshare": {"paths": ["*"]}}}}
Can someone please solve my query or send the sample of "apple-app-site-association" valid code?
Apple's API validation tool compares your website's association file to a store listing. If your app is not yet publicly available the error you listed will be displayed.
Your apple-app-site-association has a small typo where you specify the details (it should be an array). I also assume you're replacing the XXXX's with your app ID.
{
"applinks": {
"apps": [],
"details": [
{
"appID": "APPID.BUNDLEID",
"paths": [ "*" ]
}
]
}
}
Even if you get this error from Apple's validation tool, you can test Universal links. If your Universal Link does not work on your test device you need to inspect the device logs when you fresh install it and make sure your apple-app-site-association is available at the root of your site via https with no redirects. Sometimes there is issue if the content-type is not application/json (but the file name should remain exactly apple-app-site-association).