I am trying to add registrationConfig for my CA certificate in AWS IoT. I would like to do some manipulation of data for Thing attributes. But I can't seem to get that JITP to work if the template body has Fn::Join in it.
Following are extract of the template body (string unescaped for reading purpose)
NOT working:
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "AWS::IoT::Certificate::CommonName"
},
"ThingTypeName" : "w2-device",
"ThingGroups" : ["w2-devices"],
"AttributePayload": {
"location": {
"Fn::Join":["",["ThingPrefix_",{"Ref":"SerialNumber"}]]
},
"organization": {
"Ref": "AWS::IoT::Certificate::Organization"
},
"version": "w2",
"country": {
"Ref": "AWS::IoT::Certificate::Country"
}
}
}
},
In the above when I have Fn::Join in AttributePayload/location it fails to create the Thing during JITP. I don't see any errors in CloudWatch either.
Working:
"Resources": {
"thing": {
"Type": "AWS::IoT::Thing",
"Properties": {
"ThingName": {
"Ref": "AWS::IoT::Certificate::CommonName"
},
"ThingTypeName" : "w2-device",
"ThingGroups" : ["w2-devices"],
"AttributePayload": {
"location": {
"Ref": "AWS::IoT::Certificate::StateName"
},
"organization": {
"Ref": "AWS::IoT::Certificate::Organization"
},
"version": "w2",
"country": {
"Ref": "AWS::IoT::Certificate::Country"
}
}
}
},
Note: I have also asked this in aws forum but without any answer there yet.
Provisioning templates for JITP define a set of parameters beginning with AWS::IoT::Certificate.
The AWS::IoT::Certificate::SerialNumber parameter should be used instead of just SerialNumber in the attribute payload. e.g.
"AttributePayload": {
"location": {
"Fn::Join":["",["ThingPrefix_",{"Ref":"AWS::IoT::Certificate::SerialNumber"}]]
},
https://docs.aws.amazon.com/iot/latest/developerguide/jit-provisioning.html lists the defined parameters for JITP as:
AWS::IoT::Certificate::Country
AWS::IoT::Certificate::Organization
AWS::IoT::Certificate::OrganizationalUnit
AWS::IoT::Certificate::DistinguishedNameQualifier
AWS::IoT::Certificate::StateName
AWS::IoT::Certificate::CommonName
AWS::IoT::Certificate::SerialNumber
AWS::IoT::Certificate::Id
The SerialNumber examples in the AWS documentation (without the AWS::IoT::Certificate prefix are used for the Bulk Registration process.
Related
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Installing CloudAuth Application in Ubuntu 18.04 LTS",
"Parameters": {
"secretname": {
"Type": "String",
"Description": "A descriptive name that helps you find your secret later"
},
"myuser": {
"Type": "String",
"Description": "Enter existing user name"
}
},
"Resources": {
"myaccesskey": {
"Type": "AWS::IAM::AccessKey",
"Properties": {
"UserName": {
"Ref": "myuser"
}
}
},
"mysecrets": {
"Type": "AWS::SecretsManager::Secret",
"Properties": {
"Name": {
"Ref": "secretname"
},
"SecretString": "{\"Access_Key\":\"${myaccesskey}\",\"Secret_Key\":\"${myaccesskey.SecretAccessKey}\"}"
}
}
}
}
From my understanding, you are trying to pass the Access Key and Secret Key to the secret string of Secrets manager resources.
Instead of using:
"SecretString":
"{"Access_Key":"${myaccesskey}","Secret_Key":"${myaccesskey.SecretAccessKey}"}"
Try the following format(Fn::Sub function):
SecretString: !Sub '{ "access_key": "${AccessKey}",
"secret_key": "${AccessKey.SecretAccessKey}" }'
I used the YAML format for the stack creation.
I want to pull a number of metrics from Google Analytics API with "Traffic Sources", "Geo Network" and "Audience" dimensions.
So I create the following request. GA Dimensions & Metrics Explorer shows that these metrics & dimensions are compatible. But for some reason, this request returns zero values:
{
"reportRequests": [
{
"viewId": "xxxxxxxx",
"dateRanges": [
{
"startDate": "2020-03-01",
"endDate": "2020-03-11"
}
],
"metrics": [
{
"expression": "ga:sessions"
},
{
"expression": "ga:newUsers"
},
{
"expression": "ga:transactions"
},
{
"expression": "ga:transactionRevenue"
}
],
"dimensions": [
{
"name": "ga:date"
},
{
"name": "ga:campaign"
},
{
"name": "ga:sourceMedium"
},
{
"name": "ga:country"
},
{
"name": "ga:region"
},
{
"name": "ga:city"
},
{
"name": "ga:userAgeBracket"
},
{
"name": "ga:userGender"
},
{
"name": "ga:interestInMarketCategory"
}
]
}
]
}
Although restricted dimensions set shows that data exists:
"dimensions": [
{
"name": "ga:date"
},
{
"name": "ga:campaign"
},
{
"name": "ga:sourceMedium"
},
{
"name": "ga:country"
},
{
"name": "ga:region"
},
{
"name": "ga:city"
}
Why extended dimensions set that shown in 1st example doesn't return data?
Thanks in advance!
Eugene
May be GA doesnot have any information about the user age, gender and in-Market segment (ga:interestInMarketCategory). So when you add these dimensions with others, API returns data for the combination of specified dimensions.
So let's say there are 20 sessions from combination of city = x and region = y. But when you add gender to it, no combination can be made (e.g. city = x and region = y and gender = ?), hence API will return zero response.
I referred to this documentation to make a POST request.
Below is the error while making a POST request to create a conditional access policy
{
"message": "There was an internal server error while processing the request. Error ID: 2dbb1530-4ce6-44f5-9c63-08de28d7218a",
"innerError": {
"request-id": "2dbb1530-4ce6-44f5-9c63-08de28d7218a"
}
}
Payload being passed with the request is below:
{
"displayName": "Test Policy",
"state": "enabled",
"conditions": {
"clientAppTypes": ["modern", "browser"],
"applications": {
"includeApplications": ["None"]
},
"users": {
"includeUsers": [
"08290005-23ba-46b4-a377-b381d651a2fb"
]
},
"locations": {
"includeLocations": ["All"],
"excludeLocations": ["AllTrusted"]
}
},
"grantControls": {
"operator": "OR",
"builtInControls": ["approvedApplication"]
}
}
I've tried using this endpoint to get a policy:
https://graph.microsoft.com/beta/{tenant_id}/conditionalAccess/policies
Which successfully returns an existing policy. However, the above POST request is not working.
The "approvedApplication" requirement only supports the iOS and Android for device platform condition. See details here.
You need to add "includePlatforms" iOS and android into the json body.
{
"displayName": "Test Policy",
"state": "enabled",
"conditions": {
"clientAppTypes": ["modern", "browser"],
"applications": {
"includeApplications": ["None"]
},
"users": {
"includeUsers": [
"08290005-23ba-46b4-a377-b381d651a2fb"
]
},
"platforms": {
"includePlatforms": [
"iOS", "android"
]
},
"locations": {
"includeLocations": ["All"],
"excludeLocations": ["AllTrusted"]
}
},
"grantControls": {
"operator": "OR",
"builtInControls": ["approvedApplication"]
}
}
I am working on setting up my site authentication settings to use the AAD provider. Most of the template is respected. However, the unauthenticatedClientAction and allowedAudiences is not being properly assigned. I observe 'allow anonymous' and no 'allowed audiences' being assigned.
Please note that I was working with the ARM Template API 2018-02-01. This problem may still exist due to the documentation, if you provide an answer, please note the ARM Template version it addresses.
Additionally, create an issue for the ARM documentation team to correct any issues.
Here is my template segment for these settings. It is nested under resources in my website template.
root > Microsoft.Web/Site > Resources
{
"type": "config",
"name": "web",
"apiVersion": "2016-08-01",
"location": "[parameters('app-location')]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites', variables('web-site-name'))]"
],
"properties": {
"siteAuthEnabled": true,
"siteAuthSettings": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('web-aad-client-id')]",
"issuer": "[concat('https://sts.windows.net/', parameters('web-aad-tenant'))]",
"allowedAudiences": [
"[concat('https://', variables('web-site-name'), '.azurewebsites.net')]"
]
}
}
}
Template Validates
Deployment does not output any errors
Issues:
unauthenticatedClientAction is assigned allow anonymous not RedirectToLoginPage
allowedAudiences is not assigned any sites
What could be causing these issues? What could I have missed?
I got my answer after working with the fine people at Azure Support.
Please note that this solution targets API 2018-02-01 which was the current version at the time of this post.
This sub-resource is no longer a valid solution, while the endpoint may still recognize some of its fields, this is deprecated.
The new solution is to add the siteAuthSettings object to the main 'Microsoft.Web/site' properties and the siteAuthEnabled is no longer needed as siteAuthSettings.enable duplicates this functionality.
Updated ARM Template (removed other settings for brevity)
{
"name": "[variables('app-service-name')]",
"type": "Microsoft.Web/sites",
"location": "[parameters('app-location')]",
"apiVersion": "2016-08-01",
"dependsOn": [
"[variables('app-plan-name')]"
],
"properties": {
//... other app service settings
"siteAuthSettings": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('web-aad-client-id')]",
"issuer": "[concat('https://sts.windows.net/', parameters('web-aad-tenant'))]",
"allowedAudiences": [
"[concat('https://', variables('web-site-name'), '.azurewebsites.net')]"
]
}
}
}
As suggested by #Michael, the siteAuthSettings object must be added to the siteConfig object, not just under the root properties object.
{
"apiVersion": "2019-08-01",
"name": "[variables('webAppName')]",
"type": "Microsoft.Web/sites",
"kind": "app",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/serverfarms', variables('appServiceName'))]"
],
"properties": {
...
"siteConfig": {
"siteAuthSettings": {
"enabled": true,
"unauthenticatedClientAction": "RedirectToLoginPage",
"tokenStoreEnabled": true,
"defaultProvider": "AzureActiveDirectory",
"clientId": "[parameters('clientId')]",
"issuer": "[concat('https://sts.windows.net/', parameters('tenantId'), '/')]"
}
}
}
}
The other solutions given only apply when using the classic authentication experience (Authentication (Classic)). If you would like to use the new authentication experience, use below configuration:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"apiVersion": "2019-08-01",
"name": "[variables('webAppName')]",
"type": "Microsoft.Web/sites",
"kind": "app",
"location": "[resourceGroup().location]",
"resources": [
{
"type": "config",
"apiVersion": "2020-12-01",
"name": "authsettingsV2",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/sites/', variables('webAppName'))]"
],
"properties": {
"platform": {
"enabled": true,
"runtimeVersion": "~1"
},
"identityProviders": {
"azureActiveDirectory": {
"isAutoProvisioned": false,
"registration": {
"clientId": "[parameters('clientId')]",
"clientSecret": "[variables('clientSecret')]",
"openIdIssuer": "[concat('https://sts.windows.net/', parameters('tenantId'), '/v2.0')]"
},
"validation": {
"allowedAudiences": [
"https://management.core.windows.net/"
]
}
}
},
"login": {
"routes": {},
"tokenStore": {
"enabled": true,
"tokenRefreshExtensionHours": 72,
"fileSystem": {},
"azureBlobStorage": {}
},
"preserveUrlFragmentsForLogins": false,
"allowedExternalRedirectUrls": [],
"cookieExpiration": {
"convention": "FixedTime",
"timeToExpiration": "08:00:00"
},
"nonce": {
"validateNonce": true,
"nonceExpirationInterval": "00:05:00"
}
},
"globalValidation": {
"redirectToProvider": "azureactivedirectory",
"unauthenticatedClientAction": "RedirectToLoginPage"
},
"httpSettings": {
"requireHttps": true,
"routes": {
"apiPrefix": "/.auth"
},
"forwardProxy": {
"convention": "NoProxy"
}
}
}
}
]
}
]
}
I work with Autodesk Forge (node.js, javascript (worked with it a little), React (completely new !)).
I have a rectangle 3D object. At each corner is a point with real world coordinates (lat, lon, z).
These coordinates can be displayed with the property panel in the viewer.
I want to access them from the code, but I cannot find them anywhere.
At first, I thought they would be at :
window.NOP_VIEWER.model.getData().metadata
but nothing !
Here is a picture of what I can see in the viewer. Since I can see them in the property panel, I should be able to access them !
I tried to use this :
window.NOP_VIEWER.model.getBulkProperties('1',
function(properties){console.log(properties);},
function(error){console.log(error);})
It returns an amazingly long list of field names (if think that's it).
When I try to put it in a variable it returns 'undefined'. So I cannot access what is inside anyway.
Also tried getProperties() but I think I did not write it in the right way, it doesn't work either.
I also tried som GET request to find the object properties, but all I got was this :
{
"data": {
"type": "objects",
"objects": [
{
"objectid": 1,
"name": "Model",
"objects": [
{
"objectid": 2691,
"name": "Sols",
"objects": [
{
"objectid": 2692,
"name": "Sol",
"objects": [
{
"objectid": 2693,
"name": "Dalle en béton - 250 mm",
"objects": [
{
"objectid": 2694,
"name": "Sol [236041]"
}
]
}
]
}
]
},
{
"objectid": 2711,
"name": "Modèles génériques",
"objects": [
{
"objectid": 2712,
"name": "Point_Georeferencement",
"objects": [
{
"objectid": 2713,
"name": "Point_Georeferencement",
"objects": [
{
"objectid": 2714,
"name": "Point_Georeferencement [236831]"
},
{
"objectid": 2715,
"name": "Point_Georeferencement [236836]"
},
{
"objectid": 2716,
"name": "Point_Georeferencement [236843]"
},
{
"objectid": 2717,
"name": "Point_Georeferencement [236846]"
}
]
}
]
}
]
}
]
}
]
}
}
But I cannot find a way to access the points' names or their values !
Can anyone help with this, please ?
NOP_VIEWER is a global variable to access the current Viewer. From that you can call:
.getProperties(): this requires 1 dbId, an easy way to try it is with:
NOP_VIEWER.addEventListener(Autodesk.Viewing.SELECTION_CHANGED_EVENT, function (e) {
e.dbIdArray.forEach(function (dbId) {
NOP_VIEWER.getProperty(dbId, function (props) {
console.log(props)
})
})
});
.model.getBulkProperties(): this received an array of elements and just return the properties you specify:
NOP_VIEWER.addEventListener(Autodesk.Viewing.SELECTION_CHANGED_EVENT, function (e) {
viewer.model.getBulkProperties(e.dbIdArray, ['RefX', 'RefY'], function (elements) {
elements.forEach(function(element){
console.log(element);
})
})
});
And you may also combine it with .search() (see here) or by enumerating leaf nodes.