0

I am trying to pull values from Time series insights using the session ID, environment name and tag name using python. The steps that I have figured out is as follows. I was able to get the session using the access token using which I am ale to reach the TSI environment which have the tag values I would want to pull.

to get the session using the access token

headers = {"Authorization": auth_token}
tsi_session = requests.Session()
tsi_session.params = params
tsi_session.headers.update(headers)

to use the session and access the TSI environment

tsi_environment = tsi_api_wrapper.get_tsi_environment(session=tsi_session, environment_name="some_name")
print(tsi_environment)

I was able to get the environment properties. What would be the next step to get the values of a particular tag without using client ID and client secret but only the above mentioned inputs.

any help would be much appreciated.

96k
  • 11
  • 2

1 Answers1

0

to call Azure TSI's REST APIs you will always need to provide an Azure AD JWT token, and the identity retrieving the token will always first be required to authenticate. Thus, there will always need to be some sort of secret whether it's a user's password, client sec, certificate etc. I see you got an auth token, nice. Is the object ID of the token the app's ID? I assume that you're looking for samples on how to have your web app facilitate an interactive user-login and that the app will call TSI as a downstream API? I believe you'll need to find the python equivalent of this sample. Note that your questions are more around obtaining auth tokens, rather than TSI-specific questions, thus you might consider tagging "azure-active-directory" instead.

Is this list of users fixed, or would it be dynamically changing? If it's dynamic then that may be problematic since the object ID within the token must have a role assignment for the TSI environment. In that case, you can instead have the users log into the app, but then app itself could turn around and call the TSI APIs as a service principal. I found this post which seems applicable to your situation https://towardsdatascience.com/how-to-secure-python-flask-web-apis-with-azure-ad-14b46b8abf22

ranah
  • 707
  • 1
  • 6
  • 11
  • Yes, the object ID of the token is he app's ID. The user is already logged in and using the application. One feature of this application is connecting to TSI. I am trying to use the token generated already for the user to get to TSI. I was able to pull values from TSI using "environment name", "client id" and "client token". But since I already generate the token using client id and secret I do not want to use the client ID and secret to retrieve the values from TSI. I simply want to use the token to get values for a tag from a particular TSI environment. The users list is fixed. – 96k Jan 27 '21 at 15:47
  • call the REST API that you need- get events, get series, or aggregate series using the auth token. https://learn.microsoft.com/en-us/rest/api/time-series-insights/dataaccessgen2/query/execute#uri-parameters are you saying you're not sure how to make that REST call? – ranah Jan 28 '21 at 00:29
  • I don't know python but it would be something like this: import requests url = https://{environmentFqdn}/timeseries/query?api-version=2020-07-31 or if you want to specify warm/cold store: url = https://{environmentFqdn}/timeseries/query?api-version=2020-07-31&storeType={storeType}' myobj = {'somekey': 'somevalue'} --the post body, take a look at the docs for examples: https://learn.microsoft.com/en-us/rest/api/time-series-insights/dataaccessgen2/query/execute#examples headers={'Authorization': 'Bearer '} x = requests.post(url, data = myobj, headers=headers) – ranah Jan 28 '21 at 00:39