I have the following event which I would like to query using Analytics in Application Insights
{
"Description": "Error",
"EventData": {
"AccountId": "123",
"Exception Message": "Data at the root level is invalid.",
"Error Type": "ExceptionThrown"
}
}
I am able to query the property which does not contain spaces.
Events | where Timestamp > ago(30min)
| project Data.EventData.AccountId
How do I query a property which has spaces. The following query does not work
Events | where Timestamp > ago(30min)
| project Data.EventData.[Exception Message]
The array format accepts quotes.
Events | where Timestamp > ago(30min) | project Data.EventData.["Exception Message"]
Related
Im using the Firebase REST API to retrieve data with the GET method, this is the URL im executing:
const url = `https://firestore.googleapis.com/v1/projects/${projectId}/databases/${dataBase}/documents/${collectionName}/${documentId}?&key=${apiKey}&pageSize=${pageSize}&pageToken=${nextPageToken}&orderBy=timestamp&startAt=${startTime}`;
But it return this error:
{
"error": {
"code": 400,
"message": "Invalid JSON payload received. Unknown name \"startAt\": Cannot bind query parameter. Field 'startAt' could not be found in request message.",
"status": "INVALID_ARGUMENT",
"details": [
{
"#type": "type.googleapis.com/google.rpc.BadRequest",
"fieldViolations": [
{
"description": "Invalid JSON payload received. Unknown name \"startAt\": Cannot bind query parameter. Field 'startAt' could not be found in request message."
}
]
}
]
}
}
If im omitting the paramemeter of startAt it works fine.
The format of startTime, id try it in all the following ways, and all return the same error:
Firebase return format: 2022-06-16T15:46:46.061Z
Unix Timestamp:1655394406
ISO 8601 date: 2022-06-16T15:46:46+00:00
What im doing wrong?
(For reference here is the official documentation where the startAt is explained)
You're calling the Firestore REST API, but are referencing the documentation for the REST API of the Realtime Database. While both products are part of Firebase, they are complete separate - and the API of one cannot be applied to the other.
For the documentation of the Firestore REST API, see https://firebase.google.com/docs/firestore/reference/rest
I'm attempting to use Python + requests to talk with MS Graph API (v1.0) in order to filter user objects by the onPremisesSamAccountName property but am receiving this error when sending the simple query:
endpoint = "https://graph.microsoft.com/v1.0/users"
query_parameters = {
'$filter': 'onPremisesSamAccountName eq \'somevalue\'',
'$select': 'id,displayName,mail,onPremisesSamAccountName'
}
user_graph_data = requests.get(
endpoint,
headers={'Authorization': 'Bearer ' + result['access_token']},
params=query_parameters
).json()
==============================
{
"error": {
"code": "Request_UnsupportedQuery",
"message": "Unsupported or invalid query filter clause specified for property 'onPremisesSamAccountName' of resource 'User'.",
"innerError": {
"date": "...",
"request-id": "...",
"client-request-id": "..."
}
}
}
I am able to filter using this field while using Microsoft's Graph Explorer:
https://developer.microsoft.com/en-us/graph/graph-explorer and the corresponding Javascript call in the developer console shows a successful call and response based on the filter with onPremisesSamAccountName.
The MS Graph docs for v1.0 state that this is a supported field for filtering as well:
Returned only on $select. Supports $filter (eq, ne, NOT, ge, le, in,
startsWith).
I'm also able to successfully filter using other fields such as 'mail' (i.e. changing the $filter string from 'onPremisesSamAccountName eq \'somevalue\'' to 'mail eq \'somevalue\'' works just fine, so I don't believe this is a syntactical error)
I am developing a service that requires access to a DynamoDB table which must be managed by authorizing user access to the table. Account management is handled by Cognito. I am currently investigating direct access to the DynamoDB table with read/write access limited based on User Groups with associated IAM policies.
Multiple organisations exist within the table, and multiple users are tied to an organisation. An example of the model is below. I also store sector and department information in a many-to-one relationship.
The Cognito Sub for a user is stored as their user id within the database under USR#.
+-------+-------+-----------------+------------+--------+
| PK | SK | Name | GSI1PK | GSI2PK |
+-------+-------+-----------------+------------+--------+
| ORG#1 | ORG#1 | Acme Inc | | |
| ORG#1 | USR#1 | John Doe | | |
| ORG#2 | ORG#2 | Globetex | | |
| ORG#2 | USR#2 | Jane Doe | | |
| ORG#1 | SEC#1 | Sector A1 | ORG#1SEC#1 | SEC#1 |
| DEP#1 | DEP#1 | Human Resources | ORG#1SEC#1 | DEP#1 |
+-------+-------+-----------------+------------+--------+
So far I can limit access in a hardcoded manner to each organisation in a specific IAM policy. However, this is not scalable. If a hundred organisations were to exist, a hundred user groups must also exist with a separate policy. An example of this policy is below.
Is there any way to create an IAM policy that utilises a custom Cognito variable, such as 'organization' that would allow me to create a single policy that limits access to only rows leading with that organization? I am unable to get this working with the below code.
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"dynamodb:GetItem",
"dynamodb:PutItem",
"dynamodb:Query"
],
"Resource": [
"arn:aws:dynamodb:region:id:table/TableName"
],
"Condition": {
"ForAllValues:StringEquals": {
"dynamodb:LeadingKeys": [
"${cognito-identity.amazonaws.com:org}"
]
}
}
}
]
}
Edit: For clarity, my query is to insert a custom Cognito variable dynamically into the IAM policy at validation.
For instance, User A has custom:org = Acme as a Cognito attribute and User B has custom:org = Globex as their custom Cognito attribute.
A single policy as detailed in the code above can insert this attribute directly into the policy, so one policy may be used for multiple users in separate orgs.
After further research I am unsure this is possible at all, but if anyone has any experience with trying something like this I'd love to hear it.
I think you're close, according to this article it should be StringLike not StringEquals
"Condition": {
"ForAllValues:StringLike": {
"dynamodb:LeadingKeys": [
"{TENANTID}-*"
]
}
May also want to read the Multi-tenant SaaS Storage Strategies whitepaper
Edit
I don't beleive it's possible to have a static policy do what you want.
However the code in the linked article does provide the ability to "manage access from users from any tenant".
The key points are the use of the role/AccessDynamoWithTenantContext
tenantPolicy = getPolicy(event['tenantID'])
assumed_role = sts_client.assume_role(
RoleArn="arn:aws:iam::<account-id>:role/AccessDynamoWithTenantContext",
RoleSessionName="tenant-aware-product",
Policy=tenantPolicy,
)
And the dynamic injection of the tenentId in getPolicy()
policy = json.dumps(policyTemplate).replace("{TENANTID}", tenantID)
return policy
I have a database structure that looks like this:
Firestore-root
|
--- users (collection)
| |
| --- UidOne (document)
| |
| --- userName: "UserOne"
|
--- items (collection)
|
--- ItemIdOne (document)
| |
| --- itemName: "ItemOne"
|
--- ItemIdTwo
|
--- itemName: "ItemTwo"
What I want to achieve is to restrict every user from reading item names from each document within items collection using security rules. This is how I do it:
service cloud.firestore {
match /databases/{database}/documents {
match /items/{item} {
allow read, write: if false;
}
}
}
To display the item names I use the following query:
Query query = itemsRef.orderBy("itemName", Query.Direction.ASCENDING);
When I try to compile my app I get the following error:
com.google.firebase.firestore.FirebaseFirestoreException: PERMISSION_DENIED: Missing or insufficient permissions.
But the item names are still displayed in my RecyclerView. How can I stop this from happening?
Maybe check to see if your items are still coming from the local cache.
From this page add this to your OnEvent
String source = querySnapshot.getMetadata().isFromCache() ?
"local cache" : "server";
Log.d(TAG, "Data fetched from " + source);
If it is reading from the local cache you can set PersistenceEnabled(false) like this (also mentioned on that page):
FirebaseFirestoreSettings settings = new FirebaseFirestoreSettings.Builder()
.setPersistenceEnabled(false)
.build();
db.setFirestoreSettings(settings);
Even if you are online it will read from the local snapshot, and only updates the snapshot if the data changes. It's your rules that changed not your data. I found when testing with it set to true I got some unexpected results. I find I prefer it to be false when testing and changing code/rules.
In my project i need to query from mongodb with the query having AND and OR, but i am getting error.
below is my code:
*** Variables ***
${host} mongodb://username:password#192.10.23.126/RegressionDB
${port} 27017
${mongDBName} RegressionDB
${mongoCollection} Service
${mQuery} { "service.offerings.offering.offeringType.masterCode": "Plan", $or: [ { "service.offerings.offering.offeringSubType.masterCode": "WS" }, { $and: [ { "service.isDeliveryRequired": "N" } ] } ] }
${mReturnFields} service.customerCode
${isReturnID} False
*** Test Cases ***
Query from MongoDatabase
Connect To MongoDB ${host} ${port}
${result}= Retrieve Mongodb Records With Desired Fields ${mongDBName} ${mongoCollection} ${mQuery} ${mReturnFields} ${isReturnID}
I got the following error:
ValueError: Expecting property name enclosed in double quotes: line 1 column 58 (char 57)
The same query i executed using MongoChef it worked fine, but not working with robot framework, what can be the reason.
The issue here is not related to AND and OR, I guess it has to do with setting properties! when you are setting properties, the values have to be in double quotes. Since it works for normal query and only throws this error for and/or so can you try add and/or in double quotes!
That should fix it!