Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Invoke-AzureRmResourceAction returns empty for -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/databaseAccounts" #3650

Open
rajaprad opened this Issue Mar 20, 2017 · 13 comments

Comments

Projects
None yet
8 participants
@rajaprad
Copy link

rajaprad commented Mar 20, 2017

Cmdlet(s)

Invoke-AzureRmResourceAction

PowerShell Version

5.0.10586.117

Module Version

2.7.0

OS Version

10.0.10586.117

Description

Invoke-AzureRmResourceAction -Action listConnectionStrings does not return anything for -ResourceType "Microsoft.DocumentDb/databaseAccounts". There is no error either.

The response body is empty as seen in DEBUG below.

Note: This is working for -Action listKeys

Operation : Microsoft.DocumentDB/databaseAccounts/listKeys/action
OperationName : List keys
ProviderNamespace : Microsoft DocumentDb
ResourceName : Database Account
Description : List keys of a database account

Operation : Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/action
OperationName : Get Connection Strings
ProviderNamespace : Microsoft DocumentDb
ResourceName : Database Account
Description : Get the connection strings for a database account

Debug Output

PS C:\Windows\system32> Invoke-AzureRmResourceAction -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/d
atabaseAccounts" -ResourceName hidde n-ResourceGroupName hidden -ApiVersion "2015-04-08" -Debug
DEBUG: 3:20:14 PM - InvokAzureResourceActionCmdlet begin processing with ParameterSet 'Resource that resides at the
subscription level.'.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
DEBUG: 3:20:17 PM - using account id 'Pradebban@hidden.onmicrosoft.com'...

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoking the 'listConnectionStrings' action on the resource." on target
"/subscriptions/5e0fb7hidden6ed9af/resourceGroups/hidden/providers/Microsoft.DocumentDb/da
tabaseAccounts/hidden".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A

Confirm
Are you sure you want to invoke the 'listConnectionStrings' action on the following resource:
/subscriptions/5e0hidden8b-9c0a-hidden36ed9af/resourceGroups/hidden/providers/Microsoft.DocumentDb/dat
abaseAccounts/hidden
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
DEBUG: [Common.Authentication]: Authenticating using Account: 'Pradebban@hidden.onmicrosoft.com', environment:
'AzureCloud', tenant: 'c990basahiddenfb1041c0'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: - TokenCache: Deserialized 2 items to token cache.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'c990bb7a-51f4-439b-bd36-9c
c990bbc07fb1041c0', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a25817495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/c990bb7hiddenb1041c0/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'c990bb7ahidden-9c07fb1041c0', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden7495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1hidden3f221721 - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/c990bb07fb1041c0/
Resource: https://management.core.windows.net/
ClientId: 1950a258-hidden7495945fc2
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (2 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20hidden3f221721 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20-hidden993f221721 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20-hidden993f221721 - TokenCache: 58.538086765 minutes left until token in
cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f2hidden-a6993f221721 - TokenCache: A matching item (access token or refresh
token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f2hidden993f221721 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
Access Token Hash: 471d9HSDBAAU+hiddenK7GWpYPvcixy8L/b+fzkL4=
Refresh Token Hash: V56AlfPXPXUmmhiddenlS/EaRRHRsN2wIFAjw=
Expiration Time: 03/20/2017 20:19:02 +00:00
User Hash: YaUHf8ySNCwtRRGhiddenvNeIHQAKMhXg=

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: - TokenCache: Serializing token cache with 2 items.
DEBUG: [Common.Authentication]: Received token with LoginType 'LiveId', Tenant: 'c990bb7hiddenc07fb1041c0',
UserId: 'Pradebban@hidden.onmicrosoft.com'
DEBUG: [Common.Authentication]: Renewing Token with Type: 'Bearer', Expiry: '03/20/2017 20:19:02 +00:00',
MultipleResource? 'True', Tenant: 'c990bbhidden7fb1041c0', UserId: 'Pradebban@hidden.onmicrosoft.com'
DEBUG: [Common.Authentication]: User info for token DisplayId: 'Pradebban@hidden.onmicrosoft.com', Name: Pradebban
Raja, IdProvider: 'https://sts.windows.net/c990bbhidden07fb1041c0/', Uid:
'f405c38c-9980-4711-878b-daa1e112b7ad'
DEBUG: [Common.Authentication]: Checking token expiration, token expires '03/20/2017 20:19:02 +00:00' Comparing to
'03/20/2017 19:20:29 +00:00' With threshold '00:05:00', calculated time until token expiry: '00:58:32.2831771'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/5e0fb7ehidden6ed9af/resourceGroups/hidden/provid
ers/Microsoft.DocumentDb/databaseAccounts/hidden/listConnectionStrings?api-version=2015-04-08

Headers:
User-Agent : AzurePowershell/v3.7.0.0,PSVersion/v5.0.10586.117
ParameterSetName : Resource that resides at the subscription level.
CommandName : Invoke-AzureRmResourceAction

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
x-ms-gatewayversion : version=1.11.176.3
x-ms-ratelimit-remaining-subscription-writes: 1198
x-ms-request-id : 889fff23hidden80a345c7
x-ms-correlation-request-id : 889fff2hidden1a280a345c7
x-ms-routing-request-id : NORTHCENTRALUS:20170320T192033Z:889fffhidden-01a280a345c7
Cache-Control : no-store,no-cache
Date : Mon, 20 Mar 2017 19:20:33 GMT
Server : Microsoft-HTTPAPI/2.0

Body:

{}

DEBUG: [Common.Authentication]: Authenticating using Account: 'Pradebban@hidden.onmicrosoft.com', environment:
'AzureCloud', tenant: 'c990bb7ahidden7fb1041c0'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: - TokenCache: Deserialized 2 items to token cache.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'c990bbhiddenc07fb1041c0', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden17495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/c990bhiddenfb1041c0/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'c990bb7hidden-9c07fb1041c0', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden717495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edbhiddenf05c52427 - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/c990bbhidden9c07fb1041c0/
Resource: https://management.core.windows.net/
ClientId: 1950a258hidden17495945fc2
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (2 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:30: 42d4edbf-fhidden5c52427 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edbfhidden9f05c52427 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:30: 42d4edbfhidden9f05c52427 - TokenCache: 58.524401825 minutes left until token in
cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edhidden9f05c52427 - TokenCache: A matching item (access token or refresh
token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edhidden05c52427 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
Access Token Hash: 471d9HSDBAhiddenYPvcixy8L/b+fzkL4=
Refresh Token Hash: V56AlfPhiddenflS/EaRRHRsN2wIFAjw=
Expiration Time: 03/20/2017 20:19:02 +00:00
User Hash: YaUHf8ySNhidden0P1XIvNeIHQAKMhXg=

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: - TokenCache: Serializing token cache with 2 items.
DEBUG: [Common.Authentication]: Received token with LoginType 'LiveId', Tenant: 'c990bb7a-5hiddenc07fb1041c0',
UserId: 'Pradebban@hidden.onmicrosoft.com'

DEBUG: 3:20:30 PM - InvokAzureResourceActionCmdlet end processing.
DEBUG: 3:20:30 PM - InvokAzureResourceActionCmdlet end processing.

Script/Steps for Reproduction

Invoke-AzureRmResourceAction -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/d
atabaseAccounts" -ResourceName -ResourceGroupName -ApiVersion "2015-04-08"

@cormacpayne

This comment has been minimized.

Copy link
Member

cormacpayne commented Mar 21, 2017

@vivsriaus Hey Vivek, would you mind taking a look at this issue?

@vivsriaus

This comment has been minimized.

Copy link
Contributor

vivsriaus commented Mar 21, 2017

@Pradebban It is not clear from the debug traces if the http response body returned from the RP is empty. If it is, please follow up with Microsoft.DocumentDb RP on this, since the powershell cmdlet doesn't control what gets returned by the RP.

@rajaprad

This comment has been minimized.

Copy link
Author

rajaprad commented Mar 22, 2017

@vivsriaus , i cannot share the debug trace as is due to Client agreements.
Also please share POC, github path for following up with Microsoft.DocumentDb RP on this.

Can you please repro this in a test environment may be.

I tried this one too, by changing listkeys to listConnectionStrings and nothing gets returned. http://stackoverflow.com/questions/36544224/get-azure-documentdb-primary-key-using-powershell

Working:
[System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listkeys?api-version=2014-04-01",

Nothing returned
[System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listConnectionStrings?api-version=2014-04-01",

#Input
$subName = ""
$rgName = ""
$docDBAccount = ""
Select-AzureRmSubscription -SubscriptionName $subName
$sub = Get-AzureRmSubscription -SubscriptionName $subName

#Get Azure AAD auth token
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceClientId = "00000002-0000-0000-c000-000000000000"
$resourceAppIdURI = "https://management.core.windows.net/"
$authority = "https://login.windows.net/common"
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority,$false
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "Auto")
$header = $authresult.CreateAuthorizationHeader()
$tenants = Invoke-RestMethod -Method GET -Uri "https://management.azure.com/tenants?api-version=2014-04-01" -Headers @{"Authorization"=$header} -ContentType "application/json"
$tenant = $tenants.value.tenantId
$authority = [System.String]::Format("https://login.windows.net/{0}", $tenant)
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority,$false
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "Auto")
$header = $authresult.CreateAuthorizationHeader()

#Get the account keys and dsi
$account = Get-AzureRmResource -ResourceType Microsoft.DocumentDb/databaseAccounts -ResourceName $docDBAccount -ResourceGroupName $rgName
$keysurl = [System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listConnectionStrings?api-version=2014-04-01", $sub.SubscriptionId, $rgName, $docDBAccount)
$keys = Invoke-RestMethod -Method POST -Uri $keysurl -Headers @{"Authorization"=$header} -ContentType "application/json"
$account.Properties.DocumentEndpoint
$keys

@vivsriaus

This comment has been minimized.

Copy link
Contributor

vivsriaus commented Mar 22, 2017

@pradebban just to confirm - are you saying that if you make a REST call to list connection strings (without using the Invoke-AzureRmResourceAction cmdlet), you're getting an empty response as well? As I mentioned, the powershell cmdlet just wraps the response to a PSObject and returns; if the REST response is empty, it returns an empty/null object.

@rajaprad

This comment has been minimized.

Copy link
Author

rajaprad commented Mar 22, 2017

@vivsriaus Yes, thats correct.

@vivsriaus

This comment has been minimized.

Copy link
Contributor

vivsriaus commented Mar 22, 2017

@cormacpayne can you please pull in a document db powershell dev on this? This is clearly not an ARM cmdlet issue based on @pradebban response above

@markcowl

This comment has been minimized.

Copy link
Member

markcowl commented Mar 24, 2017

@vivsriaus @ravbhatnagar If this is a service side issue, then you guys on the ARM team, who are responsible for onboarding ARM services, need to follow up with the service team. It does not make sense to contact the powershell team for this.

@markcowl

This comment has been minimized.

Copy link
Member

markcowl commented Mar 24, 2017

@ravbhatnagar Assignign to you as this looks like a service side issue, and we do not ship any DocumentDB cmdlets. Looks like you guys need to follow upo with the DocumentDB service team on why their service isn't meeting your requirements.

@rajaprad

This comment has been minimized.

Copy link
Author

rajaprad commented Mar 28, 2017

@cormacpayne @ravbhatnagar, please let us know if there is an update.

@rajaprad

This comment has been minimized.

Copy link
Author

rajaprad commented Apr 15, 2017

@cormacpayne @ravbhatnagar , is there any update ?

@cormacpayne

This comment has been minimized.

Copy link
Member

cormacpayne commented Jul 3, 2018

@Tiano2017 Hey Tian, would you (or someone from the ARM team) mind taking a look at this issue? It looks like there is a server side issue when making a request to the Microsoft.DocumentDB provider

@PlagueHO

This comment has been minimized.

Copy link

PlagueHO commented Oct 18, 2018

Is there any update on this one as it looks like it is still a problem and it looks like it has been like this for over a year?

@deathbyvegemite

This comment has been minimized.

Copy link

deathbyvegemite commented Jan 24, 2019

This is clearly still an issue - it would be fantastic to get an update on this?
In case you need another debug transcript, here one is.
PowerShell_transcript.RMB0024.KEjXc48B.20190124084128.txt

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.