Reputation: 15
Move Purview Assets using API
I have a Purview account and inside that there are many collections and inside those collections there are assets.
Now I want to move few assets from one collection to another which is possible from GUI(Azure Portal).
Now I am exploring if there is any way to move them using API and PowerShell.
Please help me on this and let me know if you need any further details.
Below is the code snippet which I am trying but its not working.
$tenantID = "XXXXXXXXXXXXXXXXXXXXXXXXXX"
$url = "https://login.microsoftonline.com/$tenantID/oauth2/token"
$params = @{ client_id = "XXXXXXXXXXXXXXXXXXXXXXX"; client_secret =
"XXXXXXXXXXXXXXXXXXXXXXXXX"; grant_type = "client_credentials"; resource
= ‘https://purview.azure.net’ }
$bearertoken = Invoke-WebRequest $url -Method Post -Body $params -
UseBasicParsing | ConvertFrom-Json
$headers = @{
Authorization="Bearer " + $bearertoken.access_token
Content='application/json'
}
$endpoint = "https://testpurview.purview.azure.com"
$url1 =
"$endpoint/catalog/api/collections/mycollectionname/entity/moveHere?api-
version=2022-03-01-preview"
$guids = @"
{
"entityGuids": [
"XXXXXXXXXXXXXXXXXXXXXXX"
]
}
"@
Invoke-WebRequest -Method POST -Uri $url1 -Body $guids -ContentType
'application/json' -Headers $headers
Getting below error,
Invoke-WebRequest: C:\Repos\Purview\PurviewAutomation\Move_assets.ps1:23:1 Line | 23 | Invoke-WebRequest -Method POST -Uri $url1 -Body $guids -ContentType ' … | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | {"error":{"code":"Unauthorized","message":"Not authorized to access account"}}
Upvotes: 0
Views: 1005
Answers (1)
Reputation: 8195
When I ran the below Powershell script to call the Microsoft Purview API, I received unauthorized error like below:-
Error:-
Invoke-RestMethod : {"error":{"code":"AuthorizationFailed","message":"The client 'xxxxx' with object id 'xxxxxx' does not have authorization to perform action 'Microsoft.Purview/operations/write' over scope '/providers/Microsoft.Purview' or the scope is invalid. If access was recently granted, please refresh your credentials."}}
I added the service principal used to call the API as a Collection Admins, Data Source Admins and Data curators refer below:-
Added API permissions for Azure AD app for Purview like below:-
Ran the below code to CREATE/UPDATE the collection in Purview:-
$AppId="<client-id>"
$AppSecret="<client-secret>"
$TokenURI="https://login.microsoftonline.com/<tenant-id>/oauth2/token"
$Resource="https://purview.azure.net"
$BodyRequest="grant_type=client_credentials&client_id=$AppId&client_secret=$AppSecret&resource=$Resource"
$AccessToken=Invoke-RestMethod -Method Post -Uri $TokenURI `
-Body $BodyRequest -ContentType 'application/x-www-form-urlencoded'
$RequestURI="
https://<purview-account>.purview.azure.com/catalog/api/collections/<collection>/entity?api-version=2022-03-01-preview"
$body = @"
{
"referredEntities": {},
"entity": {
"typeName": "azure_storage_account",
"attributes": {
"name": "exampleaccount",
"qualifiedName": "https://exampleaccount.core.windows.net"
}
}
}
"@
$Headers=@{}
$Headers.Add("Authorization","Bearer " + $AccessToken.access_token)
$Result = (Invoke-RestMethod -Uri $RequestURI -Headers $Headers -Method POST -Body $body -Verbose -ContentType 'application/json')
Write-Host $Result
Output:-
The storage account collection got added to the Purview account like below:-
You can update the entity to another collection by changing the collection name in the above API call.
To Move the Entity refer the code below:-
$AppId="<client-id>"
$AppSecret="<client-secret>"
$TokenURI="https://login.microsoftonline.com/<tenant-id>/oauth2/token"
$Resource="https://purview.azure.net"
$BodyRequest="grant_type=client_credentials&client_id=$AppId&client_secret=$AppSecret&resource=$Resource"
$AccessToken=Invoke-RestMethod -Method Post -Uri $TokenURI `
-Body $BodyRequest -ContentType 'application/x-www-form-urlencoded'
$RequestURI="
https://<purview-account>.purview.azure.com/catalog/api/collections/<purviewcollection>/entity/moveHere?api-version=2022-03-01-preview"
$guids = @"
{
"entityGuids": [
"aa4d2ab0-f3da-48d5-b1e9-2fd718df7fed"
]
}
"@
$Headers=@{}
$Headers.Add("Authorization","Bearer " + $AccessToken.access_token)
$Result = (Invoke-RestMethod -Uri $RequestURI -Headers $Headers -Method POST -Body $guids -Verbose -ContentType 'application/json')
Write-Host $Result
Output:-
Reference:-
Collection - Create Or Update - REST API (Azure Purview) | Microsoft Learn
Collection - Move Entities To Collection - REST API (Azure Purview) | Microsoft Learn
Upvotes: 0
Related Questions
- Create Azure Purview collection using API and Powershell
- The property 'X' cannot be found on this object. Verify that the property exists
- Using MS Azure API cost report with PowerShell
- Get a list of all Purview Business Assets through REST API endpoint
- Null value comes from Post method (FromBody) when API is invoked from Powershell
- New to PowerShell Put
- Invoke-Restmethod powershell in Azure Devops - strange powershell errors
- How to provide the json request body in azure powershell script task
- is there any way to automate policykeys creation in identityexperienceframework under azure Ad B2C tenant?
- Invoke-Webrequest incorect Json format "Cannot bind parameter 'Headers' "