When hitting the 'Deploy to Azure' button the only thing happening is a new tab is opened which only display the 'Deploy to Azure' image

We use an internal tool which performs the IP allocation for us. One of the issues there is monitoring the available IP addresses.
It would be good to have email alerting when any of the blocks is running low in IP address.

The reason behind this; as part of the automation, we always use the same parameters hard coded for both space and block (both mandatory). In case the IP address runs out in the respective block, we need to update our automation to use a different block.

Can we make the block field optional so the IP address can be allocated from any of the blocks under the respective block?

The current infrastructure can be made simple, and cost-effective and use Azure services for DR purposes. Is there a way that we can make Azure Storage Tables the backend for this application? CosmosDB is an expensive option.

Maybe make the backend API like an interface and we can have different Databases to plugin to depending upon the requirement of the user.

I would like to see the subnet that is used by the virtualWAN to be discovered so that I can associated that with a block that I added.

We work in an enterprise environment and would like to understand how the frontend and backend code versions are updated in case of future updates.

Moreover, the deploy.ps1 script is not idempotent and doesn't store the state of the infra, and it would be good to move this to Terraform and provide some sample pipelines to build, publish and consume app container images.

Discussed in #114

Describe the bug
After installing the IPAM solution on 30-11-2022 I added a space and in that space I added two blocks.
If I then select the space and then the first block, I would like to add a reservation.
This does not work.

To Reproduce
Steps to reproduce the behavior:

1. Go to Configure in the menu
2. Click on the first space in the list
3. Cllick on the first block in the list that appears
4. Click on the three dots to open the menu and select 'Reservations'

You then get a screen like this:

It is not possible to add a reservation and it looks like some screens are mixed up.

Expected behavior
I would like to be able to add a reservation after the steps I listed above.

Desktop (please complete the following information):

• OS: Windows 11
• Browser: Microsoft Edge
• Version 107.0.1418.56 (Official build) (64-bit)

Smartphone (please complete the following information):
Not used

Additional context
No

Is your feature request related to a problem? Please describe.
Keep Docisfy updated to reflect new and additional functionality.

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Issue:

Due to our limited permission in Azure AD, we chose to do the two-part deployment. As part of stage 1, a parameters file is populated with the necessary parameters to deploy the infrastructure.
In the parameter file, we changed the privateAcr flag to true and ran the deployment script. But it did not deploy a private ACR instance; instead used the default one.

Steps:

1. Run deployment script in AppsOnly mode

./deploy.ps1 `
  -AppsOnly `
  -UIAppName "ui-app-reg" `
  -EngineAppName "engine-app-reg" 

2. Update the privateAcr flag to true in the auto generated main.parameters.json file

3. Run the stage 2 deployment

./deploy.ps1 `
  -Location "uksouth" `
  -ParameterFile ./main.parameters.json

Expected:

Pushes images to private ACR.

Hi,

I am trying to add vNet to block named aks in space azure.
I am able to do it using UI but when I try to do it using API I am getting "internal server error".
below you can find logs from app service,.

2022-07-07T10:36:49.995300252Z INFO: 172.16.4.4:52062 - "POST /api/spaces/azure/blocks/aks/networks HTTP/1.0" 500 Internal Server Error 2022-07-07T10:36:49.995841161Z ERROR: Exception in ASGI application 2022-07-07T10:36:49.995898662Z Traceback (most recent call last): 2022-07-07T10:36:49.995904962Z File "/usr/local/lib/python3.9/site-packages/uvicorn/protocols/http/httptools_impl.py", line 372, in run_asgi 2022-07-07T10:36:49.995910362Z result = await app(self.scope, self.receive, self.send) 2022-07-07T10:36:49.995915962Z File "/usr/local/lib/python3.9/site-packages/uvicorn/middleware/proxy_headers.py", line 75, in __call__ 2022-07-07T10:36:49.995920963Z return await self.app(scope, receive, send) 2022-07-07T10:36:49.995925263Z File "/usr/local/lib/python3.9/site-packages/fastapi/applications.py", line 269, in __call__ 2022-07-07T10:36:49.995929963Z await super().__call__(scope, receive, send) 2022-07-07T10:36:49.995934463Z File "/usr/local/lib/python3.9/site-packages/starlette/applications.py", line 124, in __call__ 2022-07-07T10:36:49.995939563Z await self.middleware_stack(scope, receive, send) 2022-07-07T10:36:49.995945063Z File "/usr/local/lib/python3.9/site-packages/starlette/middleware/errors.py", line 184, in __call__ 2022-07-07T10:36:49.995957663Z raise exc 2022-07-07T10:36:49.995962863Z File "/usr/local/lib/python3.9/site-packages/starlette/middleware/errors.py", line 162, in __call__ 2022-07-07T10:36:49.995967863Z await self.app(scope, receive, _send) 2022-07-07T10:36:49.995972363Z File "/usr/local/lib/python3.9/site-packages/starlette/middleware/cors.py", line 84, in __call__ 2022-07-07T10:36:49.995977463Z await self.app(scope, receive, send) 2022-07-07T10:36:49.995981864Z File "/usr/local/lib/python3.9/site-packages/starlette/exceptions.py", line 93, in __call__ 2022-07-07T10:36:49.995987064Z raise exc 2022-07-07T10:36:49.996006964Z File "/usr/local/lib/python3.9/site-packages/starlette/exceptions.py", line 82, in __call__ 2022-07-07T10:36:49.996012364Z await self.app(scope, receive, sender) 2022-07-07T10:36:49.996016964Z File "/usr/local/lib/python3.9/site-packages/fastapi/middleware/asyncexitstack.py", line 21, in __call__ 2022-07-07T10:36:49.996871979Z raise e 2022-07-07T10:36:49.996890779Z File "/usr/local/lib/python3.9/site-packages/fastapi/middleware/asyncexitstack.py", line 18, in __call__ 2022-07-07T10:36:49.996897379Z await self.app(scope, receive, send) 2022-07-07T10:36:49.996902179Z File "/usr/local/lib/python3.9/site-packages/starlette/routing.py", line 670, in __call__ 2022-07-07T10:36:49.996907179Z await route.handle(scope, receive, send) 2022-07-07T10:36:49.996912179Z File "/usr/local/lib/python3.9/site-packages/starlette/routing.py", line 266, in handle 2022-07-07T10:36:49.996917179Z await self.app(scope, receive, send) 2022-07-07T10:36:49.996921779Z File "/usr/local/lib/python3.9/site-packages/starlette/routing.py", line 65, in app 2022-07-07T10:36:49.996926679Z response = await func(request) 2022-07-07T10:36:49.996933280Z File "/usr/local/lib/python3.9/site-packages/fastapi/routing.py", line 227, in app 2022-07-07T10:36:49.996938480Z raw_response = await run_endpoint_function( 2022-07-07T10:36:49.996943180Z File "/usr/local/lib/python3.9/site-packages/fastapi/routing.py", line 160, in run_endpoint_function 2022-07-07T10:36:49.996948080Z return await dependant.call(**values) 2022-07-07T10:36:49.996953180Z File "/code/./app/routers/space.py", line 866, in create_block_vnet 2022-07-07T10:36:49.996958380Z target = next((x for x in vnet_list if x['id'].lower() == v.lower()), None) 2022-07-07T10:36:49.996963480Z File "/code/./app/routers/space.py", line 866, in <genexpr> 2022-07-07T10:36:49.996968880Z target = next((x for x in vnet_list if x['id'].lower() == v.lower()), None) 2022-07-07T10:36:49.996973580Z AttributeError: 'dict' object has no attribute 'lower' 2022-07-07T10:36:49.996738276Z 172.16.4.1 - - [07/Jul/2022:10:36:49 +0000] "POST /api/spaces/azure/blocks/aks/networks HTTP/1.1" 500 21 "-" "PostmanRuntime/7.29.0"

First, thank your for your solution, you respond to a concrete need in Azure Landing zone projects. In fact, the only missing piece in your solution is a Terraform Provider.

Having a Terraform Provider would help to integrate your solution into complex Landing zones deployments.

At minimum, the Terraform provider should offer :

• Reservation of an IP Range
• Lease reservation of an IP Range

I Was deploying this IPAM solution in my MSDN professional subscription for testing but it failed with following error

Logging in to Microsoft Graph
PS>TerminatingError(Connect-MgGraph): "Cannot bind parameter 'AccessToken'. Cannot convert the "xxxx" value of type "System.String" to type "System.Security.SecureString"."

TerminatingError(Grant-AdminConsent): "Cannot bind parameter 'AccessToken'. Cannot convert the "xxxx" value of type "System.String" to type "System.Security.SecureString"."

I have followed the deployment documentation and Ran below command to deploy

.\deploy.ps1 -location ukwest

its has created the app registration and service principles

Is your feature request related to a problem? Please describe.
How will the customer interact with IPAM?

Describe the solution you'd like
Simple Web Front end for MVP... React?

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
After following the How-to guide and creating Spaces, associated a Block with it then assigning a vnet to it as outlined here:
https://azure.github.io/ipam/#/how-to/README?id=virtual-network-association
I am then able to see the Spaces and Blocks under the discover tab, but no vnets or subnets. Curiously, it also shows that the Block is 100% allocated, which it is not. I have tried on a few subscriptions, some with existing vnets and others I just created and the behavior is identical.

Deployment was done via App Services model and there were no recorded errors in the deployment (ran with -Verbose switch). Porcess was performed with a Global Admin account. The ipam-engine-app principal is applied successfully at the root management group and propagates to other MGs in the hierarchy.

Expected behavior
See vnets and subnets listed under the discover tab

Additional context
Add any other context about the problem here.

I opened a discussion around how I might be able to achieve my goal, however I thought it might be worthwhile to open a feature request.

Can we allow Managed Identities to use the admin only API tools?

I have been trying to use an automation account managed identity to add VNETs to a Block, but the response i get is only admins can use this API, and it seems there is no way to add my managed identity to the admins list either, so I'm stuck.

Describe the bug
When trying to deploy using the function only deployment, poor error messages are given with little information. Setting debug trace in PowerShell slightly helps.

To Reproduce
Steps to reproduce the behavior:
Run deploy script as follows

PS /home/craig/craig-workspace/azure-ipam/deploy> ./deploy.ps1 `
>>   -Location "uksouth" `
>>   -AsFunction
NOTE: IPAM Deployment Type: Function
INFO: Fetching Tenant ID from Azure PowerShell SDK
INFO: Fetching Azure Cloud type from Azure PowerShell SDK
INFO: Validating Azure Region selected for deployment
INFO: Azure Region validated successfully
INFO: Creating Azure IPAM Engine Application
INFO: Creating Azure IPAM Engine Service Principal
INFO: Creating Azure IPAM Engine Secret
INFO: Azure IPAM Engine & UI Applications/Service Principals created successfully
INFO: Logging in to Microsoft Graph
INFO: Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine application
INFO: Admin consent for Azure Service Management API permissions granted successfully
INFO: Deploying IPAM bicep templates
ERROR: Unable to deploy Azure IPAM solution due to an exception, see logs for detailed information!
Run Log: ../logs/deploy_20230405121940PM.log
Error Log: ../logs/error_20230405121940PM.log

I have Global Admin and owner on my context subscription. I am connected using PowerShell and Azure-Cli on the same context.

Expected behavior
Logs saying what's wrong are more descriptive.

Deploy log

********************** PowerShell transcript start Start time: 20230405121940 Username: blah RunAs User: blah Configuration Name: Machine: blah (Unix 5.15.90.1) Host Application: /opt/microsoft/powershell/7/pwsh.dll Process ID: 4753 PSVersion: 7.3.3 PSEdition: Core GitCommitId: 7.3.3 OS: Linux 5.15.90.1-microsoft-standard-WSL2 #1 SMP Fri Jan 27 02:56:13 UTC 2023 Platform: Unix PSCompatibleVersions: 1.0, 2.0, 3.0, 4.0, 5.0, 5.1.10032.0, 6.0.0, 6.1.0, 6.2.0, 7.0.0, 7.1.0, 7.2.0, 7.3.3 PSRemotingProtocolVersion: 2.3 SerializationVersion: 1.1.0.1 WSManStackVersion: 3.0 ********************** NOTE: IPAM Deployment Type: Function INFO: Fetching Tenant ID from Azure PowerShell SDK INFO: Fetching Azure Cloud type from Azure PowerShell SDK INFO: Validating Azure Region selected for deployment INFO: Azure Region validated successfully INFO: Creating Azure IPAM Engine Application INFO: Creating Azure IPAM Engine Service Principal INFO: Creating Azure IPAM Engine Secret INFO: Azure IPAM Engine & UI Applications/Service Principals created successfully INFO: Logging in to Microsoft Graph INFO: Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine application INFO: Admin consent for Azure Service Management API permissions granted successfully INFO: Deploying IPAM bicep templates PS>TerminatingError(New-AzDeployment): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: 12:19:54 - Error: Code=InvalidTemplateDeployment; Message=The template deployment failed with multiple errors. Please see details for more information. " >> TerminatingError(New-AzDeployment): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: 12:19:54 - Error: Code=InvalidTemplateDeployment; Message=The template deployment failed with multiple errors. Please see details for more information. " >> TerminatingError(New-AzDeployment): "The running command stopped because the preference variable "ErrorActionPreference" or common parameter is set to Stop: 12:19:54 - Error: Code=InvalidTemplateDeployment; Message=The template deployment failed with multiple errors. Please see details for more information. " ERROR: Unable to deploy Azure IPAM solution due to an exception, see logs for detailed information! Run Log: ../logs/deploy_20230405121940PM.log Error Log: ../logs/error_20230405121940PM.log ********************** PowerShell transcript end End time: 20230405121954 **********************  

Error Log

New-AzDeployment: /home/craig/craig-workspace/azure-ipam/deploy/deploy.ps1:703 Line |  703 |        New-AzSubscriptionDeployment `      |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~      | 12:19:54 - Error: Code=InvalidTemplateDeployment; Message=The template deployment failed with multiple errors. Please see details for more information.  

Is your feature request related to a problem? Please describe.
Can IPAM take advantage of Managed Applicationd for a better "native" portal experience? Worth exploring..

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context

Use Case:

We would like to restrict the IP Reservations management only to the users/groups who created them. At the same time, the admins have access to all of the reservations.

At the moment, I guess the GET API call would return all the IP reservations on the system.

Is there any off-the-shelf option for this requirement? Can we use Azure RBAC somehow?

Another option is the create a custom resource in Azure using "Azure Custom Resource Providers" so we can have the IP Reservations stored in respective subscriptions, and at the same time, we have this like a state that we can use.

Describe the bug
Error in logstream:
2022-12-16T00:34:00.416143657Z 2022/12/16 00:34:00 [error] 6#6: *12 connect() failed (111: Connection refused) while connecting to upstream, client: 172.16.7.1, server: , request: "GET /api/users/me HTTP/1.1", upstream: "http://172.16.7.3:80/api/users/me", host: ".azurewebsites.net", referrer: "https://.azurewebsites.net/configure"

To Reproduce
Steps to reproduce the behavior:

1. Deploy with depoly.ps1
2. Start app
3. UI starts, but never retrieves any data and is stuck

Expected behavior
Should work

Desktop (please complete the following information):

• OS: Windows 11
• Browser Edge
• Version< 110

Additional context
Deployed with app service, not function

We would like to migrate from our internal tool to Azure IPAM and need a way to bulk upload the Spaces and Blocks from a CSV file. This will make it easy for the migration.

I suppose we could connect to the database and update it there.

Is your feature request related to a problem? Please describe.

• We have a number of Azure virtual networks, that consume IP ranges from 2 different Azure IPAM blocks. Some vnets even have 2 or more address space from 1 block and 1 or more from the other block.
• The problem we have - is 'because there only 1 X-IPAM-RES-ID tag - then only 1 reservation gets consumed' / network registered.
• The other reservations made for a virtual network dont get consumed.
• This leads to a mgmt overhead trying to track reservations that 'will never be consumed, but need to stay and never be removed' else an IP that is in use might be re-issued!

Describe the solution you'd like

• X-IPAM-RES-ID-1 & X-IPAM-RES-ID-2 to X-IPAM-RES-ID-N functionality, so many tags with a common start of name can be added to a virtual network, allowing multiple IPAM reservations to be consumed correctly.

Describe alternatives you've considered

• a manual tracking sheet that will not scale
• having 2 vnets (1 per block) and peering them together. At the scale we intend to get to, this will not be a good place to be.

Is your feature request related to a problem? Please describe.
A large number of managed subscriptions and the id is not significant to identify the subscription.

Describe the solution you'd like
It would be very useful if the tooltips displayed in the "visualize" and "peering" options would include the subscription name.

Describe alternatives you've considered

Additional context

The example Terraform script provided is using a bash script that invokes reservation endpoint and it allocates new IP every time the Terraform is run.

We constantly run the Terraform scripts and would like this to be idempotent. Is there a get existing IP reservation by tag so we can first query its existence and create a new one if it doesn't.

Whats a way to go about adding a cidr that overlaps with another subnet but neither vnet will be peered.

We are in the process of designing a migration strategy from our legacy internal IPAM solution to Azure IPAM.

To Bring the existing IP Allocation retaining the IP Range to the New system we wonder if it is possible to specify the IP Range where the IPAM automatically does the reservation irrespective of the space and block.

Our existing interface was dynamic and it takes region and size as parameters, Then carves out a subnet from the available CIDR pools.

The IP range was used to create VNet and our team would need to retain the IP as it would disrupt their infrastructure.

Is your feature request related to a problem? Please describe.
Need to work on object models for IPAM data received from Azure

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
The option Analysis -> Peering produces white screen, nothing is displayed.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Analysis.'
2. Click on 'Peerings'
3. White screen is displayed
4. See error in console "properties of undefined (reading 'color') at peering.js:521:39"

Expected behavior
The network and peerings graph should display normally.

Screenshots

Desktop (please complete the following information):

• OS: Windows 10
• Browser: Microsoft Edge
• Version: 112.0.1722.34

Additional context
Debugging in the browser I think the cause is that there is a peering with a different status than the expected (Connected, Disconnected, Updating).

Performing a KQL query I have found a peering in state "Initiated"

So I was able to get the ipam deployed but After i save the administrators and then go into the subscriptions tab its just shows the blue line going back and forth but never shows anything. Are there any specific permissions that are needed.

Describe the bug
When accessing the analysis-visualize option, before selecting a space, the following error occurs in the console and the page is not displayed.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Analysis'
2. Click on 'Visualize'
3. See error in console

Expected behavior
The page expected to be rendered and displayed, allowing to select a space.

Screenshots

Desktop (please complete the following information):

• OS: Windows 10
• Browser Microsoft Edge
• Version 110.0.1587.50

Additional context
The error occurs iterating the existing endpoints in each subnet, in the file /ui/src/features/analysis/visualize.js.
Is related to the information of the existing subnets in our subscriptions.
I temporarily prevent it by checking that the variable endpoint is not null, or by removing the call to the .toLowerCase() method.

Is there sample on how to deploy this IPAM solution with Container instances. I'm trying to do it but I've got a blank page when trying to access IPAM running on container instances. I presume issues with JS or something like since it's working locally but not on Azure.

Or linked to CORS, how can we deal with it using ACI?

Any inputs or people already try it ?

Thanks

Hi trying to deploy this solution in azure nearly all worked fine apart from some identity stuff which i presume is causing subscriptions to not appear error is below

New-AzRoleAssignment: /usr/local/share/powershell/Modules/Az.Resources/6.5.1/MSGraph.Autorest/custom/New-AzADServicePrincipal.ps1:752
Line |
752 | $ra = New-AzRoleAssignment @param
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Operation returned an invalid status code 'Forbidden'

Describe the bug
On first startup of engine container the database is not created.

Error in logstream:
/home/LogFiles/2022_12_15_ln1sdlwk000F0E_ipam-engine_docker.log (https://.scm.azurewebsites.net/api/vfs/LogFiles/2022_12_15_ln1sdlwk000F0E_ipam-engine_docker.log)
2022-12-15T23:11:57.446430985Z Message: "Operation 'POST' on resource 'dbs' is not allowed through Azure Cosmos DB endpoint. Please switch on such operations for your account, or perform this operation through Azure Resource Manager, Azure Portal, Azure CLI or Azure Powershell"

To Reproduce
Steps to reproduce the behavior:

1. Deploy with deploy.ps1 script
2. Access UI
3. Nothing happens; no data, UI stuck

Expected behavior
Database should be created

Screenshots
If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

• OS: Windows 11
• Browser Edge
• Version 110

Is your feature request related to a problem? Please describe.
A full integration of the reservation functionality with Terraform is not allowed via script or data resources.

Describe the solution you'd like
We have implemented a terraform provider to interact with the Azure IPAM API for reservation management, available at https://registry.terraform.io/providers/XtratusCloud/azureipam/latest

Additional context
We consider it recommendable to include in the product documentation the availability of this terraform provider, so that it can be freely used by the end users, since it increases the application functionality.

NOTE; That the provider makes use of the functionality implemented to allow new tags to be added when making a reservation, and requested in the issue 84

Is your feature request related to a problem? Please describe.
Looking to leverage Bicep to deploy IPAM if possible

Describe the solution you'd like
Build Bicep deployment template for IPAM application

Describe alternatives you've considered
ARM, Terraform, etc

Additional context
Add any other context or screenshots about the feature request here.

Describe the bug
A network displayed in the vnet option as 'unassigned', cannot be associated to the appropriate block because it does not appear in the 'Virtual Network Association' list.

To Reproduce
Steps to reproduce the behavior:

1. Go to 'Discover' + 'vNets'
2. Search Unassigned vNets
3. Select one
4. Determinate the space & block by their cidr
5. Go to 'Configuration'
6. Select space and block
7. Click on ... + Virtual Networks
8. The unassigned vnet don't appears in the list.

Expected behavior
The unassigned vnet appears in the and allows to associate it

Screenshots
The vnet appears as unassigned

But don't appears in the block Virtual Networks

The vnet cidr (10.84.2.0/26) should be assignable to the block (10.84.0.0/15).

Additional context

If I deploy the solution with -PrivateACR enabled, the deployment is successful, however the service does not actually work. Seems to be something with the docker instances being in a read-only mode

UI Error post deployment attached

Log trace from App service logger
/home/LogFiles/2022_10_19_ln0sdlwk0006EW_docker.log (https://acrip-7nk45gqrphpc6.scm.azurewebsites.net/api/vfs/LogFiles/2022_10_19_ln0sdlwk0006EW_docker.log)
2022-10-19T04:59:09.967132977Z /docker-entrypoint.sh: Looking for shell scripts in /docker-entrypoint.d/
2022-10-19T04:59:09.970722633Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/10-listen-on-ipv6-by-default.sh
2022-10-19T04:59:09.975609708Z 10-listen-on-ipv6-by-default.sh: info: can not modify /etc/nginx/conf.d/default.conf (read-only file system?)
2022-10-19T04:59:09.975902013Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/20-envsubst-on-templates.sh
2022-10-19T04:59:09.984075840Z /docker-entrypoint.sh: Launching /docker-entrypoint.d/30-tune-worker-processes.sh
2022-10-19T04:59:09.993215582Z /docker-entrypoint.sh: Configuration complete; ready for start up
2022-10-19T04:59:10.110001396Z 2022/10/19 04:59:10 [emerg] 1#1: host not found in upstream "ipam-ui" in /etc/nginx/conf.d/default.conf:5
2022-10-19T04:59:10.110044397Z nginx: [emerg] host not found in upstream "ipam-ui" in /etc/nginx/conf.d/default.conf:5

IPAM page just shows white screen. There is HTML getting returned (there is a title for the page for example) but nothing else in the page.

To Reproduce
Steps to reproduce the behavior:

1. Go to the address

Expected behavior
The IPAM front end shows, the picture of "PAM"

Screenshots
Imagine white. That.

The actual content returned is;

<!doctype html><script type="text/javascript" src="[/env.js](view-source:https://ipam.prd.boq.com.au/env.js)"></script><title>Azure IPAM</title><script defer="defer" src="[/static/js/main.65ea9fde.js](view-source:https://ipam.prd.boq.com.au/static/js/main.65ea9fde.js)"></script>You need to enable JavaScript to run this app.

Describe the bug
The Subscription section under Admin is returning blank. You can briefly see the basics of the page only for it to then disappear and go blank.

To Reproduce
Steps to reproduce the behavior:

1. Open Azure IPAM
2. Expand the menu
3. Expand Admin
4. Click Subscriptions

Expected behavior
I expect all the Subscriptions to be loaded and manageable.
Everything else in the IPAM Solution seems to work fine.

Screenshots

Desktop (please complete the following information):

• OS: Windows 11 (22621.1105)
• Browser: Edge (Version 109.0.1518.70 (Official build) (64-bit))

Describe the bug
If name prefix is longer than 7 character deployment will fail on Keyvault step but RG, LAW and MI is created.

documentation not specifying what is allowed here.
-NamePrefix | Replaces the default resource prefix of "ipam" with an alternative prefix

To Reproduce
Deploy IPAM with parameter -NamePrefix "ipam-test" `

Expected behavior
Successful deployment

Screenshots
If applicable, add screenshots to help explain your problem.

Result:
Status Message: At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details. (Code: DeploymentFailed)

• {
  "error": {
  "code": "VaultNameNotValid",
  "message": "The vault name 'ipam-test-kv-2jhngm4kxwuh4' is invalid. A vault's name must be between 3-24 alphanumeric characters. The name must begin with a letter, end with a letter or digit, and not contain consecutive hyphens. Follow this link for more information: https://go.microsoft.com/fwlink/?linkid=2147742"
  }
  } (Code:BadRequest)

i recommend either to change naming standard for kv or stop deployment script before bicep deployment mode.
It's not a blocer but nice to have feature ;)

From the rollout, I suddenly get a Bad Gateway error 500 through the API.

Then when I want to access the web app page through the Azure portal I get a blank blank screen. No error message or the like.

Colleague has checked it and also in another environment the same issue. Did a web app restore from the backup of 1 month ago but that doesn't work either.

Is this problem known? Any idea how to troubleshoot this?

Thanks!

Is your feature request related to a problem? Please describe.
What database (Cosmos? Something else?)
Python example code on getting hooked up to the database
Reading/Writing example code

Describe the solution you'd like
A clear and concise description of what you want to happen.

Describe alternatives you've considered
Looking to begin testing with Core SQL and adjust if needed.

Currently testing:

• Importing all necessary modules
• instantiating a CosmosDB Client
• Creating/Modifying/Deleting DB's via Python SDK

Additional context
The current iteration is being done via Mongo, we discussed updating to Core SQL since we are releasing after the hackathon.

I have started the deploy script for a POC, and I am stuck with this error.

We use SP with the necessary permission to log in from the command line, and we are not sure what permission to be given for the SP we use here. Any clue/suggestion?

The SP we use has restricted permission, so we definitely need to add more, but we are not sure which one.

INFO: Granting admin consent for Azure Service Management API permissions assigned to IPAM Engine application
New-MgOauth2PermissionGrant_CreateExpanded1: deploy.ps1:564:7
Line |
 564 |        New-MgOauth2PermissionGrant `
     |        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     | Insufficient privileges to complete the operation.

Describe the bug
when running the terraform example, even with plan it will generate e new reservation

To Reproduce
Steps to reproduce the behavior:

1. terraform init & terraform plan with the TF sample given in /examples
2. run tf plan afain, the output of the data object will be changed

Expected behavior
consistent state,

• plan doesn't alter state and reports changes against current state
• apply aligns state with configuration, subsequent applies will not alter state

IP reservation from Swagger API UI errors with "Authorization header missing". Even with the token entered in the space provided the call does not include the auth header.
So we constructed the curl command with the authorization header, which worked fine.

When I log in with privileged account admin option is no longer available. The first time I logged in it was there, and I added a couple of spaces, now it is not there, and I can no longer add spaces.

Describe the bug
get the error unable to deploy azure ipam due to an exception

To Reproduce
Steps to reproduce the behavior:
ran the .\deploy.ps1 -Location "eastus"

and got the following error

Line |
737 | $azureCloud = $AZURE_ENV_MAP[(Get-AzContext).Environment.Name]
| ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
| Index operation failed; the array index evaluated to null.

do i need to set this beforehand

Is your feature request related to a problem? Please describe.
In our organization the number of pending reservations starts to be high, and the list displayed leaves no evidence of the project or architecture for which it has been requested.

Describe the solution you'd like
Allow to include additional tags when creating the reservation via API, and display this tags in the UI in one additional column

Additional context
We currently have it already implemented in the following commit (in our repository),
XtratusCloud@de57542

which includes the following:

• Allow to add "tags" in the boyd of POST reservation request to API
  

• Manage the tag content in the reservation class, in models:
  

• And finally, add an additional column in UI, in the reservation windows, to display the tags.
  

Is your feature request related to a problem? Please describe.
Currently both UI and API apps are required to be hosted in same context URL which is making difficult for customers to deploy both apps as de coupled approach.

Describe the solution you'd like
Providing the engine URL via environment variable and leverage that env for engine URL in UI App will provide customer easy deployment patterns and not really need to depend on App Service or APGW based infra deployments where it's difficult to test and validate tool in dev environments.

Describe alternatives you've considered
I have tried to deploy tool in ACIs with all three containers and it failed for nginx always. Tried docker compose in App Service, it failed there as well because we want vnets integration in our App service which is not supported for docker compose. Container Apps are not an option either because it doesn't provide the terraform deployment patterns yet which is only approved tool for us to deploy overall infrastructure in Azure

Additional context
In my simple approach, I would want to
Deploy UI as App Service. Single container
Deploy API as function App. Single Container.
Both services having vnet integrations.

Is your feature request related to a problem? Please describe.
we have a Terraform Cloud setup with self hosted runners and we don't want to install az cli on them. This goes for all teams running this on remote agents (e.g. GH actions)

Describe the solution you'd like
providing a token to access IPAM engine without az cli dependency, only curl & jq

Additional context
code example:

token=$(curl -X POST https://login.microsoftonline.com/${tenantId}/oauth2/token \
  -d "client_id=${clientId}" \
  -d "client_secret=${clientSecret}" \
  -d "grant_type=client_credentials" \
  -d "resource=${apiGuid}" \
  -s \
  | jq -r .access_token)

The IPAM web app is only used by a specific team who manages the IP address allocation. The current implementation connects with the Azure AD and any user from the tenant can access the application.

We would like to restrict access only to users from an AD group. Is this something we can configure with the current implementation? Please advice.