AZURE REST API & PowerShell: Retrieve Cloud Service Configuration

Recently I was working on an issue where we had to retrieve PaaS instance configuration details like the RDP, OS Family, Reserved IP etc. Typically this is present in the .cscfg file of a Cloud Service.

We had to retrieve these details via Azure Service Management REST API. Documentation on the Operations on Cloud Services can be found on MSDN.

The API of our interest is GET DEPLOYMENT. The documentation is available on MSDN: https://msdn.microsoft.com/en-us/library/azure/ee460804.aspx

In this post I will be using PowerShell scripts to invoke the GET DEPLOYMENT API.

Below is a snippet from MSDN:

The Get Deployment request can be used to retrieve deployment events for a single deployment slot (staging or production) or for a specific deployment name. If you want to retrieve information by deployment name, you must first get the unique name for the deployment. This unique name is part of the response when you make a request to get the deployment in a deployment slot.

From MSDN documentation there are two ways to invoke the API.

Method

Request URI

GET

https://management.core.windows.net/<subscription-id>/services/hostedservices/<cloudservice-name>/deploymentslots/<deployment-slot>

GET

https://management.core.windows.net/<subscription-id>/services/hostedservices/<cloudservice-name>/deployments/<deployment-name>

We already have a PowerShell commandlet for this functionality:
Get-AzureDeployment: https://msdn.microsoft.com/en-us/library/azure/dn495146.aspx

Requirements

In order to make an AZURE REST API call, you have to:

  1. Authenticate the request to Management Service. Refer this link: https://msdn.microsoft.com/en-in/library/azure/ee460782.aspx
  2. Some Azure Service Management REST API's require additional headers to be sent along with the request. Read the documentation for the API before proceeding further.
    1. The Get Deployment API requires the x-ms-version header in HTTP Request. Below is the snippet of the documentation for this API from MSDN.

Request Header

Description

x-ms-version

Required. Specifies the version of the operation to use for this request. This header should be set to 2009-10-01 or higher. For more information about versioning headers, see Service Management Versioning.

 

Generating the certificate

We will use MakeCert.exe. You may want to refer these articles:

Create & Upload a Management Certificate for Azure: https://msdn.microsoft.com/en-us/library/azure/gg551722.aspx

Makecert.exe (Certificate Creation Tool) : https://msdn.microsoft.com/en-us/library/bfsktky3(v=vs.110).aspx

Open a Visual studio command prompt and execute the following command:

makecert -sky exchange -r -n "CN=<CertificateName>" -pe -a sha1 -len 2048 -ss My "<CertificateName>.cer"

Replace the highlighted section (in green) in the above command with your inputs

  • Browse to Visual Studio Tools folder.

  • Typically this is under: "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2012\Visual Studio Tools"

  • Double click and launch "VS2012 x86 Native Tools Command Prompt" in administrator mode

  • Execute the above command as shown below:

  • Go to run and type "mmc" and then click on OK.

  • Select File
    à
    Add/Remove Snap-in…

  • Select Certificates and click on Add > button

  • Under the Certificates snap-in select My user account and click on Finish.

  • Click on OK.

  • This view is the current user certificate store as shown below

  • Export the certificate without the private key and store it on your hard drive.

  • Now go to the Azure Management Portal

  • Scroll down to the SETTINGS section.

  • In the centre pane, click on MANAGEMENT CERTIFICATES & then click on UPLOAD.

  • Select the certificate we exported and upload it.

  • Make a note of the Certificate thumbprint.

     

Invoking the REST API

Once the certificate has been generated and uploaded. We can write a PowerShell script to retrieve the same certificate from the store and pass it along with the REST API request.

We will be using PowerShell to invoke the API and retrieve the details.

Below is the PowerShell script to retrieve the certificate from the user store and pass it on to the Azure Service Management for authentication.

#Request Headers required to invoke the GET DEPLOYMENT REST API$method = "GET"$headerDate = '2009-10-01'$headers = @{"x-ms-version"="$headerDate"}

#Retrieving the subscription ID$subID = (Get-AzureSubscription -Current).SubscriptionId $URI = https://management.core.windows.net/$subID/services/hostedservices/kaushalz/deployments/4f006bb7d2874dd4895f77a97b7938d0

#Retrieving the certificate from Local Store$cert = (Get-ChildItem Cert:\CurrentUser\My | ?{$_.Thumbprint -eq "B4D460D985F1D07A6B9F8BFD67E36BC53A4490FC"}).GetRawCertData()

#converting the raw cert data to BASE64body = "<Binary>-----BEGIN CERTIFICATE-----`n$([convert]::ToBase64String($cert))`n-----END CERTIFICATE-----</Binary>"

#Retrieving the certificate ThumbPrint$mgmtCertThumb = (Get-AzureSubscription -Current).Certificate.Thumbprint

#Passing all the above parameters to Invoke-RestMethod cmdletInvoke-RestMethod -Uri $URI -Method $method -Headers $headers -CertificateThumbprint " B4D460D985F1D07A6B9F8BFD67E36BC53A4490FC" -ContentType $ContentType

  • Launch Windows PowerShell ISE in administrator mode.
  • Copy the above sample script and paste it in the scripting window.

NOTE: replace the thumbprint in the above script with the thumbprint of your certificate. You can retrieve this from the MMC windows we accessed earlier. I'm passing the Deployment Name (or Deployment ID) in the above URL.

  • Run the script to get the output as shown below:

If you read the documentation, the response body is in XML format and it is displaying only the parent node (DEPLOYMENT).

We can read the response into a XML object and then display it. Here is sample snippet:

#Getting the response from the REST API and saving it as a XML object[xml]$url = Invoke-RestMethod -Uri $URI -Method $method -Headers $headers -CertificateThumbprint "B4D460D985F1D07A6B9F8BFD67E36BC53A4490FC" -ContentType $ContentType

#Printing the XMLwrite $url.ChildNodes

Below is a screenshot of the output after adding the above two lines in the earlier script:

NOTE: The Configuration section in the above output is a Base-64 encoded string. You would have to add the following snippet to parse this further:

$base64encodedconfiguration = $url.Deployment.Configuration$d= [System.Convert]::FromBase64String($base64encodedconfiguration)[xml]$decodedxml = [System.Text.Encoding]::UTF8.GetString($d)write $decodedxml.ChildNodes

You can use the same approach to call any other Azure Service Management REST API. Ensure you read the documentation carefully and then proceed further.

HTH J