cyb3rward0g / pwshazcosmosdb Goto Github PK
View Code? Open in Web Editor NEWA PowerShell module to manage documents on an Azure CosmosDB Database
License: MIT License
pwshazcosmosdb's People
Contributors
Watchers
pwshazcosmosdb's Issues
Overwrite the PowerShell Session State referred to as "session variables" or "script-scoped variables"
when we initialize a connection to an Azure CosmosDB instance, we use the SessionState.PSVariable to store and retrieve the AzCosmosDBContainer variable, which holds a reference to a Cosmos DB container.
The code currently does not allow you to overwrite it once it is set:
// Check if the container is already stored in the session state
if (SessionState.PSVariable.Get("AzCosmosDBContainer") == null)
{
// Store the container in session state for later cmdlets to access
WriteVerbose("[+] Storing the container in session state...");
SessionState.PSVariable.Set("AzCosmosDBContainer", container);
WriteVerbose("[+] Successfully connected to the Azure Cosmos DB container.");
}
else
{
WriteVerbose("[+] Container is already stored in session state.");
}We need to create some type of -Force parameter to force it to overwrite the AzCosmosDBContainer variable in the PowerShell SessionState.PSVariable.
Enable AzureCliCredential and AzurePowerShellCredential Credential Types in the TokenCredential authentication flow
Currently, one could either pass the Azure CosmosDB Primary Key (Master Key) or use a managed identity when connecting to the an Azure CosmosDB instance.
I would like to use the AzurePowerShellCredential Credential type.
Clear-AzContext
Connect-AzAccount - Tenant XXXX
$params = @{
"Endpoint" = "https://<cosmos-account>.documents.azure.com:443/"
"DatabaseName" = "<database-name>"
"ContainerName" = "<container-name>"
"Verbose" = $true
}
Connect-AzCosmosDB @params
$doc = Get-azcosmosdbdocument -DocumentId <Document-Id> -PartitionKey <PKValue> -VerboseI would like to use the AzureCliCredential Credential type:
az account clear
az login --tenant XXXX
$params = @{
"Endpoint" = "https://<cosmos-account>.documents.azure.com:443/"
"DatabaseName" = "<database-name>"
"ContainerName" = "<container-name>"
"Verbose" = $true
}
Connect-AzCosmosDB @params
$doc = Get-azcosmosdbdocument -DocumentId <Document-Id> -PartitionKey <PKValue> -VerboseI noticed that I should be able to do it with PwshAzCosmosDB (1.0.6). Even in the code, I have a condition where if MANAGED_IDENTITY_CLIENT_ID is not set, then it would default to use the DefaultAzureCredential class.
var managedIdentityClientId = Environment.GetEnvironmentVariable("MANAGED_IDENTITY_CLIENT_ID");
cosmosClient = new CosmosClient(Endpoint,
managedIdentityClientId == null ? new DefaultAzureCredential() : new ManagedIdentityCredential(managedIdentityClientId));
DefaultAzureCredential dcumentation shows the TokenCredential authentication flow :
Environment -> Workload Identity -> Managed Identity -> Visual Studio -> VS Code -> Azure CLI -> Azure PowerShell -> ...
However, when I use any of the AzureCliCredential and AzurePowerShellCredential credential types before connecting to an Azure CosmosDB instance, I get the following:
Get-AzCosmosDBDocument: ManagedIdentityCredential authentication failed: Service request failed.
Status: 400 (Bad Request)
Content:
Headers:
Date: Wed, 30 Aug 2023 04:40:14 GMT
Server: Kestrel
Transfer-Encoding: chunked
X-CORRELATION-ID: REDACTED
Content-Type: application/json; charset=utf-8
See the troubleshooting guide for more information. https://aka.ms/azsdk/net/identity/managedidentitycredential/troubleshoot
It looks like the TokenCredential authentication flow stops at Managed Identity:
Environment -> Workload Identity -> Managed Identity -> Visual Studio -> VS Code -> Azure CLI -> Azure PowerShell -> ...
I believe what we need to do is define a new TokenCredential chain and put the Managed Identity credential after the Azure CLI and Azure PowerShell. Something like this:
var managedIdentityClientId = Environment.GetEnvironmentVariable("MANAGED_IDENTITY_CLIENT_ID");
if (string.IsNullOrEmpty(managedIdentityClientId))
{
// https://learn.microsoft.com/en-us/dotnet/api/overview/azure/identity-readme?view=azure-dotnet&preserve-view=true#defaultazurecredential
WriteVerbose("[+] Using ChainedTokenCredential: AzurePowerShellCredential -> AzureCliCredential -> ManagedIdentityCredential");
cosmosClient = new CosmosClient(Endpoint, new ChainedTokenCredential(new AzurePowerShellCredential(), new AzureCliCredential(), new ManagedIdentityCredential()));
}
else
{
// Use ManagedIdentityCredential with the provided client ID
WriteVerbose($"[+] Using ManagedIdentityCredential with identity: {managedIdentityClientId}");
cosmosClient = new CosmosClient(Endpoint, new ManagedIdentityCredential(managedIdentityClientId));
}
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.