projectkudu / armclient Goto Github PK

Let's follow the curl convention:

• To pass a body inline: --data "{qqq: '111' }"
• To pass a body from a file: --data @"sub\body.json"

So just looking at whether the first char is an @ is the determinant.

If you are trying to script up a deployemnt with ARMClient (possibly not what you imagine its for but...)
You can probably script up wait-for-create-succeeded behavior based on polling get and parsing the response but... why not just have an argument that does that?

I'm not able to install this package through Chocolatey, I have the most recent version of choco and I'm using cmd.exe as an admin. but im getting this output:

C:\WINDOWS\system32>choco install armclient
Chocolatey v0.10.11
Installing the following packages:
armclient
By installing you accept licenses for the packages.
armclient not installed. The package was not found with the source(s) listed.
 Source(s): 'https://msazure.pkgs.visualstudio.com/_packaging/Bootstrap/nuget/v2/'
 NOTE: When you specify explicit sources, it overrides default sources.
If the package version is a prerelease and you didn't specify '--pre',
 the package may not be found.
Please see https://chocolatey.org/docs/troubleshooting for more
 assistance.

Chocolatey installed 0/1 packages. 1 packages failed.
 See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures
 - armclient - armclient not installed. The package was not found with the source(s) listed.
 Source(s): 'https://msazure.pkgs.visualstudio.com/_packaging/Bootstrap/nuget/v2/'
 NOTE: When you specify explicit sources, it overrides default sources.
If the package version is a prerelease and you didn't specify '--pre',
 the package may not be found.
Please see https://chocolatey.org/docs/troubleshooting for more
 assistance. 

C:\windows\system32>choco install armclient
Chocolatey v0.10.8
Installing the following packages:
armclient
By installing you accept licenses for the packages.
armclient not installed. The package was not found with the source(s) listed.
If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
Version: ""
Source(s): "http://wanuget/bootstrap/nuget"

Chocolatey installed 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

• armclient - armclient not installed. The package was not found with the source(s) listed.
  If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
  Version: ""
  Source(s): "http://wanuget/bootstrap/nuget"

Enjoy using Chocolatey? Explore more amazing features to take your
experience to the next level at
https://chocolatey.org/compare

The Program.ParseHttpContent function assumes that all content for PUT and POST calls is JSON. While that makes sense as the default, the user should be allowed to specify a custom value for the Content-Type header in cases where the content may not be JSON.

I am attempting to utilize the arm client to download the arm template for a logic app.

These are the steps to replicate.

ARMClient.exe login FairFax

Following the info on
https://docs.microsoft.com/en-us/azure/logic-apps/logic-apps-create-deploy-template

I am then doing the following.
armclient token $SubscriptionId | Get-LogicAppTemplate -LogicApp MyApp -ResourceGroup MyRG -SubscriptionId $SubscriptionId -Verbose | Out-File C:\template.json

When I do that command, I get the following error.
Object reference not set to an instance of an object.

I believe the issue lies in the GetDefaultEnv because the behavior of Government is different than commercial and I believe this to be returning AzureEnvironments.Prod.

Please let me know if you need additional information!

e.g. instead of:

ARMClient.exe get https://management.azure.com/subscriptions/92685311-fa5d-4d8b-9f7c-7cae01660c9d/providers/Microsoft.Web?api-version=2014-04-01

let's allow

ARMClient.exe get /subscriptions/92685311-fa5d-4d8b-9f7c-7cae01660c9d/providers/Microsoft.Web?api-version=2014-04-01

Note that we still want to allow passing the server name if user chooses. We're just making it optional.

We need clean JSON to make sure the output can be piped in PowerShell, e.g. to roundtrip app settings, or simply consume some returned props from PowerShell logic.

Is there any way you can run inside a VSTS task?

You can have PowerShell and Azure CLI running with an account that is provided by the VSTS environment can the same be made possible with ARMClient?

I really really don't want to have to setup service principals...

Please add support of AzureStack environment. Thanks.

I had an unhandled exception when calling PersistentAuthHelper.GetToken(string id, string resource) to log into an Azure subscription which I hadn't accessed in a very long time. Unfortunately I didn't document the details (or locate and back up the token cache) before trying a workaround, but the gist was that BaseAuthHelper.GetTokenInternal went into the case

which called

and that threw an exception on receiving an HTTP 400 response because the refresh token was too old.

A workaround is to change

to

                if (ex.Message.IndexOf(" is expired") < 0 && ex.Message.IndexOf(" has expired") < 0)

but I suspect that a better solution would be to rework the logic of GetTokenInternal so that it treats a cache entry older than some cutoff (90 days?) as non-existent.

Are there any plans to support ADAL v3?

The Microsoft.Azure.Management.*.Fluent packages depend on Microsoft.Rest.ClientRuntime.Azure.Authentication, which depends on Microsoft.IdentityModel.Clients.ActiveDirectory version 2.x under .Net Framework 4.5.2 but version 3.x under .Net Framework 4.6.1.

Since .Net Framework 4.5.2 is the very oldest framework not yet to be out of support, it seems a bit risky to target it. But the API change between Microsoft.IdentityModel.Clients.ActiveDirectory 2.x and 3.x breaks ARMClient quite badly: all of the methods it uses from AuthenticationContext are either renamed or removed.

Half of the problems are easily handled by shimming the missing AcquireToken methods with extension methods which call AcquireTokenAsync, but the other half are due to ADAL v3 not exposing refresh tokens. AIUI AcquireTokenSilentAsync is supposed to replace AcquireTokenByRefreshTokenAsync, but I don't understand ADAL well enough to be confident in writing a patch for this.

If I login using the GUI ARMCLIENT.exe login, I get 2 tenants, the second of which has a subscription. If I login using upn ARMCLIENT.exe upn [user] [password] I cannot see the subscription. It just says There is no login token. Please login to acquire token. I'm a little confused as to why the UPN doesn't see as much as the GUI login.

The subscription in question is currently awaiting payment, but that should affect both authentication methods, correct?

I suspect UPN is a little-used edge-case. I'm trying to avoid making people go through the Azure Active Directory Application registration process. Thank you for your time, and your wonderful tool.

I am getting error "'top' is not recognized as an internal or external command, operable program or batch file." for following command. Looks like problem with request url parsing with multiple query string parameters.

ARMClient.exe GET /subscriptions/26756605-1ad6-450f-b87f-6ccc2acd0ebc/resourceGroups?api-version=2014-04-01-preview&top=1 -verbose

This is more of a question than an issue.

We recently added a new property to a resource and we see that all the new resources are being created with this property. For the older resources, if we run a patch with an empty payload using amrclient.exe, the resources are getting updated and is returning the new property from that point (I believe that this is because ARM has its own cosmos db where the resource would be updated when we run the Patch request).

However, when I try to do a batch update of all the old resources programmatically, I see that the resources are not getting updated (the call is succeeding but it returning the resource without the updated property). The problem seems to be with the token that I am generating programmatically because using the token generated via armclient.exe and running the same code is updating the resource.

This is how I am generating the token. Am I missing something here?

while it should go to management.azure.com
getting response code Request_BadRequest for following

https://docs.microsoft.com/en-us/rest/api/resources/resources/getbyid

Guys, could you please create release page with compiled version of ARMClient for Windows? I am a bit lazy to build from source :)

Today, if you make a request before logging in, it blows up badly, e.g.

Could not find file 'C:\Users\david\.arm\recent_token.dat'

Of course, we could clean up the error handling, but it would be even better to simply login on demand if we don't have a token cache.

We can still keep the login command for PPE envs.

Currently Microsoft.IdentityModel.Clients.ActiveDirectory (aka ADAL) is used to authenticate with AAD:

But even its latest version 5.3.0 is decommissioned as of December 2022:

Suggested Alternatives
[Microsoft.Identity.Client](https://www.nuget.org/packages/Microsoft.Identity.Client/)

Additional Details
Please note, a newer package is available Microsoft.Identity.Client.
This package will continue to receive critical bug fixes until December 2022, we strongly encourage you to upgrade.
See https://docs.microsoft.com/azure/active-directory/develop/msal-net-migration for Migration guide and more details.

We should migrate to either MSAL (per the guidance) or Azure.Identity (my personal preference).

I have run ARMClient before in my PC but it suddenly stopped saying "This app can't run on your PC". Following are my PC settings: Please help

OS Name Microsoft Windows 10 Enterprise
Version 10.0.16299 Build 16299
Other OS Description Not Available
OS Manufacturer Microsoft Corporation
System Name PVRKAR
System Manufacturer LENOVO
System Model 20FAS2K13B
System Type x64-based PC
System SKU LENOVO_MT_20FA_BU_Think_FM_ThinkPad T460s
Processor Intel(R) Core(TM) i7-6600U CPU @ 2.60GHz, 2808 Mhz, 2 Core(s), 4 Logical Processor(s)
BIOS Version/Date LENOVO N1CET63W (1.31 ), 12/19/2017
SMBIOS Version 2.8
Embedded Controller Version 1.13
BIOS Mode UEFI
BaseBoard Manufacturer LENOVO
BaseBoard Model Not Available
BaseBoard Name Base Board
Platform Role Mobile
Secure Boot State On
PCR7 Configuration Elevation Required to View
Windows Directory C:\WINDOWS
System Directory C:\WINDOWS\system32
Boot Device \Device\HarddiskVolume2
Locale United States
Hardware Abstraction Layer Version = "10.0.16299.371"
User Name FAREAST\pullabhk
Time Zone India Standard Time
Installed Physical Memory (RAM) 16.0 GB
Total Physical Memory 15.8 GB
Available Physical Memory 10.0 GB
Total Virtual Memory 31.8 GB
Available Virtual Memory 25.8 GB
Page File Space 16.0 GB
Page File C:\pagefile.sys
Virtualization-based security Running
Virtualization-based security Required Security Properties Base Virtualization Support, Secure Boot
Virtualization-based security Available Security Properties Base Virtualization Support, Secure Boot
Virtualization-based security Services Configured Credential Guard
Virtualization-based security Services Running Credential Guard
Device Encryption Support Elevation Required to View

Azure CLI has support for Device code flow login using '--device-code' parameter. It'll be good to have support for the same in ARM client.

Reference:
https://learn.microsoft.com/en-us/cli/azure/authenticate-azure-cli#sign-in-interactively
https://learn.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-device-code

I am unable to install Armclient. The error is attached.
I am using Powershell in administrator mode and have the latest version of chocolatey installed.

For things that are 'normal' user errors and not product bugs, we should try to show a clean simple error message instead of full stack.

e.g. today if I run login command and then cancel, I get:

System.AggregateException: One or more errors occurred. ---> Microsoft.IdentityModel.Clients.ActiveDirectory.ActiveDirectoryAuthenticationException: authentication_canceled: Unknown error
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.ShowBrowser()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialog.OnAuthenticate()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WindowsFormsWebAuthenticationDialogBase.AuthenticateAAD(Uri requestUri, Uri callbackUri)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.InteractiveWebUI.OnAuthenticate()
   at Microsoft.IdentityModel.Clients.ActiveDirectory.Internal.WebUI.Authenticate(Uri requestUri, Uri callbackUri)
   at Microsoft.IdentityModel.Clients.ActiveDirectory.OAuth2Request.SendAuthorizeRequest(Authenticator authenticator, String resource, Uri redirectUri, String clientId, String userId, PromptBehavior promptBehavior, String extraQueryParameters, IWebUI webUi)
[truncated, many more stack items]

Instead, we should just print ex.GetBaseException().Message, which in this case will display:

authentication_canceled: Unknown error

The releases page gives version 1.8 as the latest currently - https://github.com/projectkudu/ARMClient/releases/tag/v1.8

But the Chocolatey package is currently ahead at version 1.9 - https://community.chocolatey.org/packages/ARMClient

In addition, the GitHub release of 1.8 has no zip attached to the Assets - so the Scoop package is behind on the last version with a zip release (1.6)

We could return 0 for all 2xx codes, and -{http code} for the rest. e.g. -401, -503

I've been thinking that scenarios would be easier in PowerShell is we take in the payload from stdin instead of (or as an alternative to?) using a switch. e.g., suppose you have the json payload in a $json variable.

You can't write: ARMTemplate PUT /path -content $json, because you're up against nearly unsolvable quoting issues. But you can write $json | ARMTemplate PUT /path as that avoids all the quoting issues. It's also simpler.

Hi,
I am facing below issue when trying to install armclient:

C:\WINDOWS\system32> choco install armclient
Installing the following packages:
armclient
By installing you accept licenses for the packages.
armclient not installed. The package was not found with the source(s) listed.
If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
Version: ""
Source(s): "http://wanuget/bootstrap/nuget"

Chocolatey installed 0/1 packages. 1 packages failed.
See the log for details (C:\ProgramData\chocolatey\logs\chocolatey.log).

Failures

armclient - armclient not installed. The package was not found with the source(s) listed.
If you specified a particular version and are receiving this message, it is possible that the package name exists but the version does not.
Version: ""
Source(s): "http://wanuget/bootstrap/nuget"

Can someone help me how to fix it and is there any alternate way to install armclient without using chocolatey?

@suwatch @ahmelsayed right now I'm the only maintainer on https://chocolatey.org/packages/ARMClient, and it would be good to add you guys. I uploaded a version 1.4 yesterday with the latest bits, but someone else should be able to do it.

What are your Chocolatey IDs?

Hi,

The documentation to create the DynamicClient is a bit off after the commit made 30th jan.

It looks like CSP support is missing, or I can't figure out how to implement it. The SPN command hints at this being possible, but for tenants created under a service provider, we don't know what the passphrase is... so using "armclient spn " doesn't work. Maybe I'm missing something. I login as the AOBO user, and have 0 subscriptions, which is correct, because my tenants have subscriptions. I can't figure out how to select the tenant using my AOBO credentials.

I followed the docs and ran armclient spn ... and got the following output:

There are 1 subscriptions
Subscription 56e48470... (My Subscription)

So far so good. Then I tried a simple sample from @davidebbo's post:

armclient GET /subscriptions?api-version=2014-04-01

The output I get is as follows:

Only 'http' and 'https' schemes are allowed.
Parameter name: requestUri

Hope I haven't misunderstood!

@suwatch I try to use ARMClient for VSO, but any request from ARMClient to VSO like ARMClient.exe get "https://app.vssps.visualstudio.com/_apis/profile/profiles/me?api-version=1.0" return the authentication page. In some time all requests to SCM like: ARMClient.exe get "/subscriptions?api-version=2014-04-01" is successful and return JSON.

ARMClient is authenticated in Azure through ARMClient.exe login and my VSO account is linked to my Azure account. Is this bug or I doing something wrong? Maybe better is forwarding this question to ARMClient Issues?

Getting error message " GetSubscriptions BadGateway, : !" while running armclient login dogfood.

As of version 1.2.0.0 the armclient command does not support environments where a proxy server must be used to access the internet.

Even if the proxy is configured with netsh winhttp set proxy armclient does not use this setting.

It would be great if you could support this functionality in a later version of armclient.

ARMClient.Program.GetPatchContent() ignores the actual end-date of the client certificate and uses 1 year instead. We use 2-year certificates and add-cred's unexpected behavior triggered an outage.

The tenant ID can be either a GUID or mydomain.onmicrosoft.com. Could you please remove the EnsureGuidFormat(tenantID) on line 88 of Program.cs?

Thanks

I don't know how to get a client certificate to perform these operations. I have tried using ARMClient login (prod) and using "spn" with app registrations and their certificates and no luck. Advice please.

ARMClient.exe put https://eastus2.rp.management-azure-devices-provisioning.net/subscriptions/sub/resourceGroups/rg/providers/Microsoft.Devices/provisioningServices/dps/certificates/cert?api-version=2022-02-05 C:\Users\me\certPayload.json -verbose
---------- Request -----------------------

PUT /subscriptions/sub/resourceGroups/rg/providers/Microsoft.Devices/provisioningServices/dps/certificates/cert?api-version=2022-02-05 HTTP/1.1
Host: eastus2.rp.management-azure-devices-provisioning.net
Authorization: Bearer {personal user token}...
User-Agent: ARMClient/1.9.0.0
Accept: application/json
x-ms-request-id: b398407f-c9ae-450a-8030-807cb74b6704
x-ms-client-request-id: b398407f-c9ae-450a-8030-807cb74b6704
x-ms-correlation-request-id: b398407f-c9ae-450a-8030-807cb74b6704

{
"certificatename": "cert",
"type": "Microsoft.Device/ProvisioningServices/certificates",
"certificateDescription": {
"Properties": {
"certificate": "-----BEGIN CERTIFICATE-----\n*****\n-----END CERTIFICATE-----\n"
}
}
}
---------- Response (6188 ms) ------------

HTTP/1.1 403 Forbidden
Content-Length: 265
Content-Type: application/json; charset=utf-8
Date: Wed, 18 May 2022 21:49:04 GMT
Server: Microsoft-HTTPAPI/2.0

{
"code": 403003,
"httpStatusCode": "Forbidden",
"message": "U007:Missing client certificate. If you contact a support representative please include this correlation identifier: b398407f-c9ae-450a-8030-807cb74b6704, timestamp: 2022-05-18 21:49:04Z, errorcode: IH403003."
}

After this command, it navigates to Azure login. Then, clicking on my account, it failed with "The connection for this site is not secure" on the browser

ARMClient.exe azlogin

...not really interested in installing yet another package manager.

Judging by the output of ApiPort it may or may not be a big effort to target NET Standard instead of full NET Framework :)

Given ARMClient is such a handy thing to have around i wonder if we could port this over so it runs on NET Core cross-plat.

Currently it doesn't seem to work on Mono - complains about missing Windows Forms when trying to authenticate. Although it MIGHT work if you manage to produce the token cache some other way.

Just a thought..

After:
choco install armclient

when i try armclient login the login window opens but the armclient.exe finds an exeption and windows closes the process...

armclient spn is working as expected.

Is there a log file that gets generated that i can provide you?

Hi Team,

Armclient login dogfood cmd is stopped working with below error:

Welcome [email protected] (Tenant: f686d426-8d16-42db-81b7-ab578e110ccd) Authentication failed because the remote party has closed the transport stream. The underlying connection was closed: An unexpected error occurred on a send. An error occurred while sending the request.

I've tried to upgrade the armclient but issue still persist.

could you please expedite the fix for this issue ?

Regards,
Anand

Would be great to have a curl like -H parameter to add custom HTTP headers to requests.

i.e.

C:\>ARMClient.exe get https://acc.blob.core.windows.net/container/blob -H "Range: bytes=3744-"

---------- Request -----------------------

GET /container/blob HTTP/1.1
Host: acc.blob.core.windows.net
Authorization: Bearer eyJ0eXAiOiJKV...
User-Agent: ARMClient/1.1.1.0
[...]
Range: bytes=3744-

This is actually the worst example since Azure Storage expects a SAS as authorization, but... the point still stands :)

Hey all,
I was wondering where I can find the source for ArmClientGui which seemed to originally be supported with v1.2.0.0?

Is there a way to set audience while retrieving the token?

ARMClient.exe token

Environment names should be consistent with all of our public tools not use internal code-names like "fairfax" and "mooncake". This is confusing for our customers.

When I call the rest api by using command:

armclient get "/subscriptions/<subscriptionId>/resources?$top=2&api-version=2018-05-01&$filter=resourceType eq 'Microsoft.Compute/virtualMachines'"

gets a full list unfiltered, which is not the result I expected.
Expected result should be a response with 2 entries of filtered resources and a string called nextLink referring to a url that I can get next 2 entries of the results.

Thanks in advance.

ARMClient.exe PUT subscriptions/26756605-1ad6-450f-b87f-6ccc2acd0ebc/resourceGroups/flowsrg?api-version=2014-04-01-preview -data @put_rg.json -verbose

Gives me "Parameter '-verbose' is invalid!" error.

misposted

C:\WINDOWS\system32>choco install armclient
Chocolatey v0.10.11
Installing the following packages:
armclient
By installing you accept licenses for the packages.
armclient not installed. The package was not found with the source(s) listed.
Source(s): 'http://wanuget/bootstrap/nuget'
NOTE: When you specify explicit sources, it overrides default sources.
If the package version is a prerelease and you didn't specify --pre,
the package may not be found.
Please see https://chocolatey.org/docs/troubleshooting for more
assistance.