Monday, June 9, 2014

Working with the admin API in Windows Azure Pack

Working with the admin API in Windows Azure Pack

After many demos in the fabric, it was time for me to do some clean-up.
Instead of navigating through the admin portal to delete any unnecessary plans, subscriptions and users, I decided to access the admin API directly using Powershell instead.

After a basic implementation of Azure Pack, you have the following API’s:

Administrator API
REST APIs that are only available to Service Management for administrators. Default this Admin API is using port 30004, so the URI requests should reflect that.

Tenant API
REST APIs that are available for both administrators and tenants. Default the tenant API is using port 30005.

Public tenant API
Public REST APIs that support end-user subscription management for services presented by the service management API. Default the port is set to 30006.

As an administrator, I want to access the admin API in our environment to deal with the high-privileged services and this specific API is not exposed to the general public.
You should note that when you are working with the APIs, you better start to define some variables that reflects your configuration as you won’t be able to do much without them.

The fundamentals:

### Defining a variable for the admin API using the name of my management server and the default admin API port, which is 30004


### Defining a variable for the Admin Authentication Site in my environment. Default port is 300072 but is changed in this environment to use 443


### Defining a variable for the Client Realm, using the default value


### Defining a variable for the MGMTSVCToken

$token = Get-MgmtSvcToken -Type Windows -AuthenticationSite $AuthSite -ClientRealm $ClientRealm -DisableCertificateValidation


Once I have these variables in place, it is easy to access the admin API to get things done.
In the following example, I will get the information about the registered resource providers in our environment

PS C:\> Get-MgmtSvcResourceProvider -AdminUri $adminuri -Token $token -DisableCertificateValidation | select displayname, name

DisplayName                                                              Name                                                                  
-----------                                                              ----                                                                   
Monitoring Service                                                       monitoring                                                            
Marketplace Service                                                      marketplace                                                            
Virtual Machine Clouds                                                   systemcenter                                                          
Automation                                                               automation                                                            
Cloud Cruiser                                                            cloudcruiser                                                          
SQL Servers                                                              sqlservers                                                            


We can verify that we have several resource providers registered in this WAP environment.

Next, I want to see if there is any users here as well and if they are subscribing to any of the public plans.

PS C:\> Get-MgmtSvcUser -AdminUri $adminuri -Token $token -DisableCertificateValidation | select name, state, subscriptioncount

Name                                                                                       State                               SubscriptionCount
----                                                                                       -----                               -----------------
kristian.nese@lumagate.com                                                                Active                                               1
kn@demo.demo                                                                              Active                                               1
fr@flemmingriis.com                                                                       Active                                               1


In my case, I want to do a clean-up, so the user “kn@demo.demo“ will be deleted using the admin API.
First, I will have to delete any active subscriptions associated with this user, by running the following cmdlets:

PS C:\> Get-MgmtSvcSubscription -AdminUri $AdminURI -Token $token -DisableCertificateValidation | select accountadminliveemailid, subscriptionid

AccountAdminLiveEmailId                                                  SubscriptionID                                                        
-----------------------                                                  --------------                                                         
kristian.nese@lumagate.com                                               c999b510-a137-42f5-88f1-6cdbd913e3a3                                  
kn@demo.demo                                                             111a8d30-793c-42f9-9cc7-57f28a012fbb                                  
fr@flemmingriis.com                                                      c839b1be-f3ea-439d-a801-53000ccd14cd                                  



PS C:\> $subscription = Get-MgmtSvcSubscription -SubscriptionId "111a8d30-793c-42f9-9cc7-57f28a012fbb" -AdminUri $adminuri -Token $token -DisableCertificateValidation

PS C:\> Remove-MgmtSvcSubscription -SubscriptionId $subscription.SubscriptionID -AdminUri $AdminURI -Token $token -DisableCertificateValidation -Confirm


SubscriptionID          : 111a8d30-793c-42f9-9cc7-57f28a012fbb
SubscriptionName        : MVP Plan
AccountAdminLiveEmailId : kn@demo.demo
ServiceAdminLiveEmailId :
CoAdminNames            : {}
Features                :
OfferCategory           :
OfferFriendlyName       : MVP Plan
RegisteredServices      : systemcenter,sqlservers,cloudcruiser
Created                 : 6/5/2014 11:33:12 AM
AddOnReferences         : {}
AddOns                  : {}
State                   : DeletePending
QuotaSyncState          : InSync
ActivationSyncState     : Syncing
PlanId                  : MVPPlhqzhttra
Services                : {Microsoft.WindowsAzure.Server.Management.SubscriptionService,
                          Microsoft.WindowsAzure.Server.Management.SubscriptionService,
                          Microsoft.WindowsAzure.Server.Management.SubscriptionService}
LastErrorMessage        :
ExtensionData           :



Now it is time to delete the user itself by firing off the last cmdlet:

PS C:\> $user = Get-MgmtSvcUser -AdminUri $adminuri -Token $token -DisableCertificateValidation | where-object {$_.name -eq "kn@demo.demo"}

PS C:\> Remove-MgmtSvcUser -Name $user.Name -AdminUri $AdminURI -Token $token -DisableCertificateValidation -Confirm

I hope you had a good time reading this blog post and found the service management API interesting.
There will be some follow up to do where I will document on how to use the public tenant API where your tenants are able to do things by themselves. 

No comments: