Could you please share a solution to update keyvault property publicNetworkAccess to disabled using ARM template. I have been trying alot but unable find the solution?
Thanks.
I have tried deploying a new keyvault and in same template update working whereas unable to update existing keyvault properties by retrieving existing property such as Access policies and sku to use same. Tried reference function also not working.
It would be helpful if anyone share a solution with an example.
To get an ARM template with the publicNetworkAccess property set to disabled, you can try to:
Create a Key Vault
Go to the Networking blade
Disable public access
Export the template to use and modify as needed.
"enabledForDeployment": true,
"enabledForDiskEncryption": true,
"enabledForTemplateDeployment": true,
"enableSoftDelete": true,
"softDeleteRetentionInDays": 7,
"enableRbacAuthorization": false,
"enablePurgeProtection": true,
"vaultUri": "https://KeyVaultName.vault.azure.net/",
"provisioningState": "Succeeded",
"publicNetworkAccess": "Disabled"
Additional Link:
How to create an Azure key vault and vault access policy by using a Resource Manager template
I hope this helps!
Related
In the AWS CDK, it's straight forward to create a Pinpoint Service. But how do you get the Project ID (also referred to as the Pinpoint App ID or Application ID) for use in subsequent CDK code.
Create a Pinpoint project:
const pinpointProject = new pinpoint.CfnApp(this, 'PinpointNotificationProject', {
name: 'myProject',
});
In the AWS CloudFormation docs it says:
"When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the unique identifier (ApplicationId) for the Amazon Pinpoint application."
However, the following CDK code returns the project name not the id. The value of logicalId = myProject.
cdk.Fn.ref(pinpointProject.logicalId); // This returns 'myProject'
pinpointProject.ref; // This also returns 'myProject'
This is confirmed fixed in the latest CDK version 1.130.0. The ref property now returns the Pinpoint ProjectId.
The problem you are running into is that pinpoint is not a finished module. You can see this that all the functions within are prefixed with Cfn - cloudformation. This means that they are barebones and not tied into all the interface hooks that the rest of CDK is making use of to toss things around.
First, the logical ID is NOT the project name. the Logical Id is part of the Cloudformation Template that is generated for any resource Cloudformation is going to stand up. It links the given resource to the stack, so that any changes under the same logical id will be applied to the same stood up resource. It is only referenced internally to the cloudformation stack and never known outside. CDK uses the LogicalID to generate the name of the resource if you do not specify one.
Second, Taking a look at the documentation shows that CfnApp has the following property: attrArn. Meaning in your code, you would reference this by pinpointProject.attrArn - the arn of a pinpoint resource is something like: arn:aws:mobiletargeting:region:accountId:apps/projectId. with, as you guessed it, the projectId as the last value. you can split the string and get that value out, or use the arn manipulation methods provided as part of the core module to extract what you need.
Finally, even though the Pinpoint module is pretty much just barebones, it may still be possible to pass the variable storing your Pinpoint Construct Object to whatever other resource requires it. I say may because, as mentioned, most of the Cfn prefixed functions do not have the proper hooks to do this well - but some do, and Ive never worked with Pinpoint directly.
I recommend spending some time to understand how the CDK Documentation is laid out. Its bare bones in places, but once you understand how they structured it, these kinds of questions are readily answered within.
It is possible to upload global workflows by using UpdateWorkItemTypeDefinition(), but how can I export? ExportWorkItemTypeDefinition() seems only to work with WITs
Thanks!
Yes, it is possible.
For exportWorkItemTypeDefinition() method, there are three Parameters for it:
project: string. Optional. Project ID or project name
type: string. Optional.
exportGlobalLists: boolean. Optional.
When you specify "project" and "type" to "null", the method will export the Global Workflow. And it will also export global lists when you set "exportGlobalLists" to "true".
I am trying to use Spring Cloud Config Server to externalize my Grails 3 (personnel) application configuration, but I cannot seem to set the dataSource properties.
Currently, I can load other properties (sample.message) into my Grails 3 (personnel) application and retrieve them using grailsApplication.config.sample.message without an issue. And hitting the REST endpoint on the Config Server (localhost:8888/personnel/master) is showing the configuration information I want, so I'm a bit confused.
I have tried each of the following in my personnel.properties file in my Git repo:
datasource.user=example
datasource.password=example
grails.datasource.user=example
grails.datasource.password=example
spring.datasource.user=example
spring.datasource.password=example
But none of them work. I continue to see error messages saying sa#localhost (using password: no) suggesting that the datasource properties, in particular, are not working.
I know it is possible with spring-boot-starter-data-jpa, so I'm wondering:
Is it possible with GORM?
If so, do I need to manually create the datasource bean?
What property names do I use datasource.user, grails.datasource.user, spring.datasource.user, etc?
After Shashank's edit, I realized that it was an issue with my property settings. datasource should have been dataSource and user should be username. Once those corrections were made, the application (personnel) worked perfectly. So,
Yes it is possible.
No, you don't need to create the bean manually
Property names are:
personnel.properties
dataSource.username=example
dataSource.password=example
dataSource.url=jdbc:mysql://localhost:3306/personnel
I'm trying to take the jenkins gradle plugin and make it compatible with the new workflow job type. I've gotten it to the point where I can use something like this and it will run gradle pretty successfully:
step([$class: 'Gradle',
switches: "-PenableInstallerDistribution=true",
tasks: 'build install',
gradleName: '(Default)',
useWrapper: true,
makeExecutable: true,
fromRootBuildScriptDir: true,
useWorkspaceAsHome: true])
However, I had to make some sacrifices. I had to simply delete these lines:
Set<String> sensitiveVars = build.getSensitiveBuildVariables();
args.addKeyValuePairs("-D", fixParameters(build.getBuildVariables()), sensitiveVars);
I can't find any way to access the "sensitive variables" from the Run object that is supplied in place of the old AbstractBuild and popping passwords into the console output seems like a bad idea. (I believe that's what the code is trying to avoid doing; I didn't write the original.)
There is currently no Run.getSensitiveBuildVariables(), though it is possible one is needed. Anyway this method is merely communicating to other plugins which variables might be considered secrets for various purposes; it is not responsible for making passwords included in the command line from ProcStarter be shown as **** in the build log, which would be done using ArgumentListBuilder.addMasked.
The quick answer is that, pending newer APIs, you should just skip this block if not given an AbstractBuild.
Is it possible to customize Dropwizrd's healthcheck output so that, e.g.: /health for healthchecks instead of /healthcheck and some output like {“status”: 200}.
I realise I could simply write a new resource that does what ever I need, I was just wondering if there is a more standard way to do this.
From what I have read on the 0.7.1 source code it's not possible to change the resource URI for healthchecks unfortunately, I highly doubt you can change the healthcheck format. I also remember people complaining about not being able to add REST resources to admin page, only servlets. Maybe on 0.8.0?
Here are the details of what I've tracked so far on the source code. Maybe I have misread or misunderstood something, so somebody could fix it.
Metrics has actually written AdminServlet to add healtcheck servlet in a way that it checks the servlet config whether the URI is defined or not.
this.healthcheckUri = getParam(config.getInitParameter(HEALTHCHECK_URI_PARAM_KEY), DEFAULT_HEALTHCHECK_URI);
But dropwizard doesn't provide a way to inject this configuration in any way on AbstractServerFactory.
handler.addServlet(new NonblockingServletHolder(new AdminServlet()), "/*");
NonblockingServletHolder is the one which is providing the config to AdminServlet but is created by AbstractServerFactory with empty constructor and provides no way to change the config.
I've thought of and tried to access the ServletHolder from the Environment object on Application.run method but the admin servlets are not created until after run method is run.
environment.getAdminContext().getServletHandler().getServlets()[0].setInitParameter("healthcheck-uri", "/health");
Something like this in your run() function will help you control the URI of your healthchecks:
environment.servlets().addServlet(
"HealthCheckServlet",
new HealthCheckServlet(environment.healthChecks())
).addMapping("/health");
If you want to actually control what's returned you need to write your own resource file. Fetch all the healthchecks from the registery, run them and return whatever aggregated value you want based on their results.