Azure-docs: Cloud Service - csdef - Task/Environment/Variable/RoleInstanceValue and Certificate XPath.
Using RoleInstanceValue and XPath queries, is there a way to pull certificate information from the /Certificates/Certificate section of the cscfg file?
For example, I'm trying to set a Variable/RoleInstanceValue to the thumbprint of a named certificate to be used in a startup script.
An example from a .csdef file:
<Task commandLine="Startup.cmd > Startup.cmd.log" executionContext="elevated" taskType="simple">
<Environment>
<Variable name="DefaultCertificate">
<RoleInstanceValue xpath="/RoleEnvironment/CurrentInstance/Certificates/Certificate[@name='Default']/@thumbprint" />
</Variable>
</Environment>
</Task>
Document Details
⚠Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
- ID: 2885416c-371d-f65e-4369-b839c4555365
- Version Independent ID: 4efa8b23-8f05-cf96-6002-11c81926d113
- Content: Cloud Services Role config XPath cheat sheet
- Content Source: articles/cloud-services/cloud-services-role-config-xpath.md
- Service: cloud-services
- GitHub Login: @tgore03
- Microsoft Alias: tagore
kieronlanning
All 13 comments
Thanks for the question, I'll take a look.
whoward-msft
on 28 Oct 2020
Hi @kieronlanning ,
Thanks for your patience. The example you have provided above would allow you to pull certificate information from the /Certificates/Certificate section, is it not loading the data?
whoward-msft
on 31 Oct 2020
@WinstonHoward-MSFT No, it fails saying that it's an invalid XPath.
kieronlanning
on 31 Oct 2020
Hi @kieronlanning ,
Thanks for your patience. I wanted to build a fresh cloud service to repo this. I'm able to pull a field from a cscfg file from a cloud service. I think your issue is your trying to use XPath to set an XML field and XPath is only designed to query an XML document. Like I said I can query the property and extract it but I'm not sure how you intend to set the property. Thanks again for your patience, I'm trying to assess if this is something we need to add to the doc you opened this issue against or just confusion regarding the use of XPath queries.
whoward-msft
on 4 Nov 2020
@WinstonHoward-MSFT What was the query you used? I've tried multiple combinations of queries and couldn't get ahold of it any certificate related?
kieronlanning
on 4 Nov 2020
Hi @kieronlanning ,
This is the .cscfg file I used
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="TestCloudService" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="6" osVersion="*" schemaVersion="2015-04.2.6">
<Role name="ContosoAdsWeb">
<Instances count="1" />
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
<Setting name="Test" value="stuff" />
</ConfigurationSettings>
</Role>
<Role name="ContosoAdsWorker">
<Instances count="1" />
<ConfigurationSettings>
<Setting name="Microsoft.WindowsAzure.Plugins.Diagnostics.ConnectionString" value="UseDevelopmentStorage=true" />
</ConfigurationSettings>
</Role>
</ServiceConfiguration>
I queried the test setting such:
In code:
var setting = RoleEnvironment.GetConfigurationSettingValue("Test");
In query:
xpath="/RoleEnvironment/CurrentInstance/ConfigurationSettings/ConfigurationSetting[@name='Test']/@value"
whoward-msft
on 4 Nov 2020
If you really need to to __set__ an XML property in your .csdef you should write a DOM Parser like this to read the XML in, then change the property according to your xpath query (see how I queried the data above) then write out the new XML.
The important thing is these XML files are used for the instantiation of the cloud service so you'd need to write out the new csdef XML file before the cloud service starts.
whoward-msft
on 4 Nov 2020
@WinstonHoward-MSFT Sorry, there's some confusion here. We need to get the certificate thumbprint via XPath from the Certificates/Certificate property. Properties defined via the configuration section are fine.
Taking the example from the initial issue, we want to get the thumbprint from here:
<?xml version="1.0" encoding="utf-8"?>
<ServiceConfiguration serviceName="SERVICENAME" xmlns="http://schemas.microsoft.com/ServiceHosting/2008/10/ServiceConfiguration" osFamily="6" osVersion="*" schemaVersion="2015-04.2.6">
<Role name="ROLERole">
<Instances count="1" />
<ConfigurationSettings>
<!--- SETTINGS HERE -->
</ConfigurationSettings>
<Certificates>
<Certificate name="Default" thumbprint="{{ THIS IS THE VALUE WE WANT }}" thumbprintAlgorithm="sha1" />
</Certificates>
</Role>
@kieronlanning I've been unable to query that property. But I'd like to put you in contact with a support technician who can help you troubleshoot. These issues are usually for to doc related bugs. If your able to resolve this with a technician then I'd like to update the doc with the appropriate result. Can you please email [email protected] with the subject ATTN - Winston and include your Azure Subscription ID, I'd then generate a free support case for you.
whoward-msft
on 7 Nov 2020
@WinstonHoward-MSFT Thanks, I'll do that first thing Monday when I'm back at my work PC. Cheers!
kieronlanning
on 7 Nov 2020
@WinstonHoward-MSFT Done...!
kieronlanning
on 10 Nov 2020
Hey @kieronlanning ,
Firstly thanks for your patience as we dove into this. After much discussion and cross collaboration unfortunately, retrieving a thumbprint in the CSDEF via the cscfg xpath reference is unsupported. We looked into retrieving it from a different path but it's unsupported. The root of this is the xpath-visible values are wrapped in a RoleEnvironment wrapper mechanism and it doesn't support any path to the certificate config info. I notified the support person helping you debug that it is not possible. Thanks for opening the product issue regardless as it was a really good question!
whoward-msft
on 20 Nov 2020
@WinstonHoward-MSFT Thanks to you and the team for working so hard on this!
kieronlanning
on 20 Nov 2020
Related issues
Agazoth
·
3Comments
monteledwards
·
3Comments
Ponant
·
3Comments
spottedmahn
·
3Comments
DeepPuddles
·
3Comments