Invoke-AzureRmResourceAction returns empty for -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/databaseAccounts"

[rajaprad]

Cmdlet(s)

Invoke-AzureRmResourceAction

PowerShell Version

5.0.10586.117

Module Version

2.7.0

OS Version

10.0.10586.117

Description

Invoke-AzureRmResourceAction -Action listConnectionStrings does not return anything for -ResourceType "Microsoft.DocumentDb/databaseAccounts". There is no error either.

The response body is empty as seen in DEBUG below.

Note: This is working for -Action listKeys

Operation : Microsoft.DocumentDB/databaseAccounts/listKeys/action
OperationName : List keys
ProviderNamespace : Microsoft DocumentDb
ResourceName : Database Account
Description : List keys of a database account

Operation : Microsoft.DocumentDB/databaseAccounts/listConnectionStrings/action
OperationName : Get Connection Strings
ProviderNamespace : Microsoft DocumentDb
ResourceName : Database Account
Description : Get the connection strings for a database account

Debug Output

PS C:\Windows\system32> Invoke-AzureRmResourceAction -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/d
atabaseAccounts" -ResourceName hidde n-ResourceGroupName hidden -ApiVersion "2015-04-08" -Debug
DEBUG: 3:20:14 PM - InvokAzureResourceActionCmdlet begin processing with ParameterSet 'Resource that resides at the
subscription level.'.

Confirm
Continue with this operation?
[Y] Yes [A] Yes to All [H] Halt Command [S] Suspend [?] Help (default is "Y"): A
DEBUG: 3:20:17 PM - using account id '[email protected]'...

Confirm
Are you sure you want to perform this action?
Performing the operation "Invoking the 'listConnectionStrings' action on the resource." on target
"/subscriptions/5e0fb7hidden6ed9af/resourceGroups/hidden/providers/Microsoft.DocumentDb/da
tabaseAccounts/hidden".
[Y] Yes [A] Yes to All [N] No [L] No to All [S] Suspend [?] Help (default is "Y"): A

Confirm
Are you sure you want to invoke the 'listConnectionStrings' action on the following resource:
/subscriptions/5e0hidden8b-9c0a-hidden36ed9af/resourceGroups/hidden/providers/Microsoft.DocumentDb/dat
abaseAccounts/hidden
[Y] Yes [N] No [S] Suspend [?] Help (default is "Y"): Y
DEBUG: [Common.Authentication]: Authenticating using Account: '[email protected]', environment:
'AzureCloud', tenant: 'c990basahiddenfb1041c0'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: - TokenCache: Deserialized 2 items to token cache.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'c990bb7a-51f4-439b-bd36-9c
c990bbc07fb1041c0', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a25817495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/c990bb7hiddenb1041c0/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'c990bb7ahidden-9c07fb1041c0', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden7495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1hidden3f221721 - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/c990bb07fb1041c0/
Resource: https://management.core.windows.net/
ClientId: 1950a258-hidden7495945fc2
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (2 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20hidden3f221721 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20-hidden993f221721 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:29: 62ec1f20-hidden993f221721 - TokenCache: 58.538086765 minutes left until token in
cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f2hidden-a6993f221721 - TokenCache: A matching item (access token or refresh
token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: 62ec1f2hidden993f221721 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
Access Token Hash: 471d9HSDBAAU+hiddenK7GWpYPvcixy8L/b+fzkL4=
Refresh Token Hash: V56AlfPXPXUmmhiddenlS/EaRRHRsN2wIFAjw=
Expiration Time: 03/20/2017 20:19:02 +00:00
User Hash: YaUHf8ySNCwtRRGhiddenvNeIHQAKMhXg=

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:29: - TokenCache: Serializing token cache with 2 items.
DEBUG: [Common.Authentication]: Received token with LoginType 'LiveId', Tenant: 'c990bb7hiddenc07fb1041c0',
UserId: '[email protected]'
DEBUG: [Common.Authentication]: Renewing Token with Type: 'Bearer', Expiry: '03/20/2017 20:19:02 +00:00',
MultipleResource? 'True', Tenant: 'c990bbhidden7fb1041c0', UserId: '[email protected]'
DEBUG: [Common.Authentication]: User info for token DisplayId: '[email protected]', Name: Pradebban
Raja, IdProvider: 'https://sts.windows.net/c990bbhidden07fb1041c0/', Uid:
'f405c38c-9980-4711-878b-daa1e112b7ad'
DEBUG: [Common.Authentication]: Checking token expiration, token expires '03/20/2017 20:19:02 +00:00' Comparing to
'03/20/2017 19:20:29 +00:00' With threshold '00:05:00', calculated time until token expiry: '00:58:32.2831771'
DEBUG: ============================ HTTP REQUEST ============================

HTTP Method:
POST

Absolute Uri:
https://management.azure.com/subscriptions/5e0fb7ehidden6ed9af/resourceGroups/hidden/provid
ers/Microsoft.DocumentDb/databaseAccounts/hidden/listConnectionStrings?api-version=2015-04-08

Headers:
User-Agent : AzurePowershell/v3.7.0.0,PSVersion/v5.0.10586.117
ParameterSetName : Resource that resides at the subscription level.
CommandName : Invoke-AzureRmResourceAction

Body:

DEBUG: ============================ HTTP RESPONSE ============================

Status Code:
OK

Headers:
Pragma : no-cache
Strict-Transport-Security : max-age=31536000; includeSubDomains
x-ms-gatewayversion : version=1.11.176.3
x-ms-ratelimit-remaining-subscription-writes: 1198
x-ms-request-id : 889fff23hidden80a345c7
x-ms-correlation-request-id : 889fff2hidden1a280a345c7
x-ms-routing-request-id : NORTHCENTRALUS:20170320T192033Z:889fffhidden-01a280a345c7
Cache-Control : no-store,no-cache
Date : Mon, 20 Mar 2017 19:20:33 GMT
Server : Microsoft-HTTPAPI/2.0

Body:

{}

DEBUG: [Common.Authentication]: Authenticating using Account: '[email protected]', environment:
'AzureCloud', tenant: 'c990bb7ahidden7fb1041c0'
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: - TokenCache: Deserialized 2 items to token cache.
DEBUG: [Common.Authentication]: Authenticating using configuration values: Domain:
'c990bbhiddenc07fb1041c0', Endpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden17495945fc2', ClientRedirect: 'urn:ietf:wg:oauth:2.0:oob', ResourceClientUri:
'https://management.core.windows.net/', ValidateAuthrity: 'True'
DEBUG: [Common.Authentication]: Acquiring token using context with Authority
'https://login.microsoftonline.com/c990bhiddenfb1041c0/', CorrelationId:
'00000000-0000-0000-0000-000000000000', ValidateAuthority: 'True'
DEBUG: [Common.Authentication]: Acquiring token using AdalConfiguration with Domain:
'c990bb7hidden-9c07fb1041c0', AdEndpoint: 'https://login.microsoftonline.com/', ClientId:
'1950a2hidden717495945fc2', ClientRedirectUri: urn:ietf:wg:oauth:2.0:oob
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edbhiddenf05c52427 - AcquireTokenHandlerBase: === Token Acquisition
started:
Authority: https://login.microsoftonline.com/c990bbhidden9c07fb1041c0/
Resource: https://management.core.windows.net/
ClientId: 1950a258hidden17495945fc2
CacheType: Microsoft.IdentityModel.Clients.ActiveDirectory.TokenCache (2 items)
Authentication Target: User

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:30: 42d4edbf-fhidden5c52427 - TokenCache: Looking up cache for a token...
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edbfhidden9f05c52427 - TokenCache: An item matching the requested resource
was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Verbose: 1 :
DEBUG: 03/20/2017 19:20:30: 42d4edbfhidden9f05c52427 - TokenCache: 58.524401825 minutes left until token in
cache expires
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edhidden9f05c52427 - TokenCache: A matching item (access token or refresh
token or both) was found in the cache
DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: 42d4edhidden05c52427 - AcquireTokenHandlerBase: === Token Acquisition
finished successfully. An access token was retuned:
Access Token Hash: 471d9HSDBAhiddenYPvcixy8L/b+fzkL4=
Refresh Token Hash: V56AlfPhiddenflS/EaRRHRsN2wIFAjw=
Expiration Time: 03/20/2017 20:19:02 +00:00
User Hash: YaUHf8ySNhidden0P1XIvNeIHQAKMhXg=

DEBUG: Microsoft.IdentityModel.Clients.ActiveDirectory Information: 2 :
DEBUG: 03/20/2017 19:20:30: - TokenCache: Serializing token cache with 2 items.
DEBUG: [Common.Authentication]: Received token with LoginType 'LiveId', Tenant: 'c990bb7a-5hiddenc07fb1041c0',
UserId: '[email protected]'

DEBUG: 3:20:30 PM - InvokAzureResourceActionCmdlet end processing.
DEBUG: 3:20:30 PM - InvokAzureResourceActionCmdlet end processing.

Script/Steps for Reproduction

Invoke-AzureRmResourceAction -Action listConnectionStrings -ResourceType "Microsoft.DocumentDb/d
atabaseAccounts" -ResourceName -ResourceGroupName -ApiVersion "2015-04-08"

[cormacpayne]

@vivsriaus Hey Vivek, would you mind taking a look at this issue?

[vivsriaus]

@Pradebban It is not clear from the debug traces if the http response body returned from the RP is empty. If it is, please follow up with Microsoft.DocumentDb RP on this, since the powershell cmdlet doesn't control what gets returned by the RP.

[rajaprad]

@vivsriaus , i cannot share the debug trace as is due to Client agreements.
Also please share POC, github path for following up with Microsoft.DocumentDb RP on this.

Can you please repro this in a test environment may be.

I tried this one too, by changing listkeys to listConnectionStrings and nothing gets returned. http://stackoverflow.com/questions/36544224/get-azure-documentdb-primary-key-using-powershell

Working:
[System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listkeys?api-version=2014-04-01",

Nothing returned
[System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listConnectionStrings?api-version=2014-04-01",

#Input
$subName = ""
$rgName = ""
$docDBAccount = ""
Select-AzureRmSubscription -SubscriptionName $subName
$sub = Get-AzureRmSubscription -SubscriptionName $subName

#Get Azure AAD auth token
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
$resourceClientId = "00000002-0000-0000-c000-000000000000"
$resourceAppIdURI = "https://management.core.windows.net/"
$authority = "https://login.windows.net/common"
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority,$false
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "Auto")
$header = $authresult.CreateAuthorizationHeader()
$tenants = Invoke-RestMethod -Method GET -Uri "https://management.azure.com/tenants?api-version=2014-04-01" -Headers @{"Authorization"=$header} -ContentType "application/json"
$tenant = $tenants.value.tenantId
$authority = [System.String]::Format("https://login.windows.net/{0}", $tenant)
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority,$false
$authResult = $authContext.AcquireToken($resourceAppIdURI, $clientId, $redirectUri, "Auto")
$header = $authresult.CreateAuthorizationHeader()

#Get the account keys and dsi
$account = Get-AzureRmResource -ResourceType Microsoft.DocumentDb/databaseAccounts -ResourceName $docDBAccount -ResourceGroupName $rgName
$keysurl = [System.String]::Format("https://management.azure.com/subscriptions/{0}/resourcegroups/{1}/providers/Microsoft.DocumentDB/databaseAccounts/{2}/listConnectionStrings?api-version=2014-04-01", $sub.SubscriptionId, $rgName, $docDBAccount)
$keys = Invoke-RestMethod -Method POST -Uri $keysurl -Headers @{"Authorization"=$header} -ContentType "application/json"
$account.Properties.DocumentEndpoint
$keys

[vivsriaus]

@Pradebban just to confirm - are you saying that if you make a REST call to list connection strings (without using the Invoke-AzureRmResourceAction cmdlet), you're getting an empty response as well? As I mentioned, the powershell cmdlet just wraps the response to a PSObject and returns; if the REST response is empty, it returns an empty/null object.

[rajaprad]

@vivsriaus Yes, thats correct.

[vivsriaus]

@cormacpayne can you please pull in a document db powershell dev on this? This is clearly not an ARM cmdlet issue based on @Pradebban response above

[markcowl]

@vivsriaus @ravbhatnagar If this is a service side issue, then you guys on the ARM team, who are responsible for onboarding ARM services, need to follow up with the service team. It does not make sense to contact the powershell team for this.

[markcowl]

@ravbhatnagar Assignign to you as this looks like a service side issue, and we do not ship any DocumentDB cmdlets. Looks like you guys need to follow upo with the DocumentDB service team on why their service isn't meeting your requirements.

[rajaprad]

@cormacpayne @ravbhatnagar, please let us know if there is an update.

[rajaprad]

@cormacpayne @ravbhatnagar , is there any update ?

[cormacpayne]

@Tiano2017 Hey Tian, would you (or someone from the ARM team) mind taking a look at this issue? It looks like there is a server side issue when making a request to the Microsoft.DocumentDB provider

[PlagueHO]

Is there any update on this one as it looks like it is still a problem and it looks like it has been like this for over a year?

[deathbyvegemite]

This is clearly still an issue - it would be fantastic to get an update on this?
In case you need another debug transcript, here one is.
PowerShell_transcript.RMB0024.KEjXc48B.20190124084128.txt

[shurd]

Hi all, thank you for raising this issue. As of February of this year, this operation now returns connection strings for all API types (originally it was only valid for MongoDB accounts).