I am curious to know if it is even possible to export mailbox rule from one tenant (tenant A) to a new tenant (tenant B). This is after Tenant A has been migrated to Tenant B.
I have tested 3 different methods with no success.
Microsoft Graph API: The code works but it doesn’t allow us to import from A to B. If I export from A and import to A teanant or different account on that tenant it works.
{ "error": { "code": "MessageRuleValidationError", "message": "ErrorCode: 'InvalidValue', Message: 'No mailbox with such guid.', Field: 'Action.CopyToFolder', Value: 'AQMkAGM0NWJhZDMxLTYyNmUtNGIxNy1hMmQ4LWRjMDlkMDQ0AGM1OWUALgAAAymAV8m5TCtGuN0NJDnVw4gBAAi19MYDG7VEuldE4lOvZFEAAAIBQgAAAA=='.", "innerError": { "request-id": "ca3c9777-8ddc-41f0-8790-938294661ebc", "date": "2018-12-28T06:13:23" } } }
Manual Process: I was able to export and import within the same environment on multiple accounts but once I imported onto Tenant B it failed
ADAccount01#sjhtestad2.org ) becuase I only had access to one PHS account.
New-InboxRule Method: I used the exported file and try to import using New-InboxRule and I got the following error
`The specified mailbox "AAMkADZkZTU5ZTgzLTUzNDUtNDAwNy1hYTBlLTFkNmVhNWFhMzk2YwAuAAAAAABZtDH804khSZs_9ansnr8hAQACqSktPeE9SrZAHfG14OfYAAARNiPIAAA=" doesn't exist.
CategoryInfo : NotSpecified: (:) [New-InboxRule], ManagementObjectNotFoundException`
Any ideas?
No you can't Export and Import, because the Identifiers used for Mailbox Folder, address lists, recipients (eg if they are in the Native Address format) etc are only work in the Mailbox where the Rule was created.
You would be better investing the time to create a process that create a new rule using the rule from the Mailbox you want to export from as a Template. But you will need to write a process to find folders if its a Move rule etc but its not that much effort and will be a lot more reliable then what you trying to do.
Related
I used Google People API v1.otherContacts.copyOtherContactToMyContactsGroup (reference) to copy a contact from "Other Contacts" to "myContacts" contact group. I now want to delete the original contact from "Other Contacts" using the same API.
REST Resource v1.otherContacts (reference) does not list a DELETE action.
I tried using v1.people.deleteContact (reference) passing the resource name of my "Other Contact":
import pickle
from googleapiclient.discovery import build
with open('token.pickle', 'rb') as token:
creds = pickle.load(token)
people_api = build('people', 'v1', credentials=creds)
people_service = people_api.people()
response = people_service.deleteContact(resourceName='otherContacts/c1971897568350947161').execute()
But I got an error saying:
TypeError: Parameter "resourceName" value "otherContacts/c1971897568350947161" does not match the pattern "^people/[^/]+$"
Looks like v1.people.deleteContact does not work for deleting a contact in "Other Contacts".
How can I programmatically delete a contact from "Other Contacts"?
EDIT: Based on #DaImTo's suggestion below, I tried replacing otherContacts/ in the resource name with people/ and invoking the v1.people.deleteContact API, but I got an error saying:
googleapiclient.errors.HttpError: <HttpError 404 when requesting https://people.googleapis.com/v1/people/c1971897568350947161:deleteContact?alt=json returned " generic::NOT_FOUND: Contact person resources are not found.". Details: "[{'#type': 'type.googleapis.com/google.rpc.BadRequest', 'fieldViolations': [{'field': 'resourceNames[0]', 'description': 'Resource not found.'}]}]">
I advice consulting the documentation for people.deleteContact
Required. The resource name of the contact to delete.
DELETE https://people.googleapis.com/v1/{resourceName=people/*}:deleteContact
That means it should be people/c1971897568350947161 assuming that is the id of the user you want to delete c1971897568350947161.
Looks like Other Contacts are read only, according to this announcement from Google: https://developers.google.com/contacts/v3/announcement
The new People API has the same functionality as the legacy Contacts
API for all features, with the following exceptions for “Other
Contacts”:
Administrators have read-only permissions for “Other Contacts” through
the new scope. As sending mutate/write signals back to “Other
Contacts” is not supported, your users will have to add the Other
Contact as a My Contact if they wish to update its data fields.
I'm trying to handle backwards compatibility with my GraphQL API.
We have on-premise servers that get periodically updated based off of when they connect to the internet. We have a Mobile app that talks to the on-premise server.
Problem
We get into an issue where the Mobile app is up to date and the on-premise server isn't. When a change in the Schema occurs, it causes issues.
Example
Product version 1
type Product {
name: String
}
Product version 2
type Product {
name: String
account: String
}
New version of mobile app asks for:
product(id: "12345") {
name
account
}
Because account is not valid in version 1, I get the error:
"Cannot query field \"account\" on type \"Product\"."
Does anyone know how I can avoid this issue so I don't recieve this particular error. I'm totally fine with account coming back with Null or just some other plan of attack for updating Schema's. But having it completely blow up with no response is not good
Your question did not specify what you're actually using on the backend. But it should be possible to customize the validation rules a GraphQL service uses in any implementation based on the JavaScript reference implementation. Here's how you do it in GraphQL.js:
const { execute, parse, specifiedRules, validate } = require('graphql')
const validationRules = specifiedRules.filter(rule => rule.name !== 'FieldsOnCorrectType')
const document = parse(someQuery)
const errors = validate(schema, document, validationRules)
const data = await execute({ schema, document })
By omitting the FieldsOnCorrectType rule, you won't get any errors and unrecognized fields will simply be left off the response.
But you really shouldn't do that.
Modifying the validation rules will result in spec-breaking changes to your server, which can cause issues with client libraries and other tools you use.
This issue really boils down to your deployment process. You should not push new versions of the client that depend on a newer version of the server API until that version is deployed to the server. Period. That would hold true regardless of whether you're using GraphQL, REST, SOAP, etc.
I am writing some integration tests at the moment for my website, I have noticed that I have been creating accounts without deleting them.
I have just been deauthing them with
try {
info('deauthing: ' .$accountID);
OAuth::deauthorize([
'stripe_user_id' => $accountID,
]);
} catch (\Stripe\Error\OAuth\OAuthBase $e) {
exit("Error: " . $e->getMessage());
}
when i try to reuse an email address for a testing account, it tells me that account already exists. But I can't see it anywhere in my dashboard.
I have tried to delete the account at the end of my test run but I get this error
Stripe\Error\Permission : This application is not authorized to delete this account.
the code i am using is this
public function deleteAccount($accountID)
{
$account = \Stripe\Account::retrieve($accountID);
$account->delete();
}
what am I missing?
There is no way to delete a Standard account via the API. As the platform you can create one, but it is then owned by a separate user and you can not control its deletion for security reasons. De-authorizing the account is the closest thing you can do in this situation.
If you're doing this for unit tests, you might want to create Custom accounts instead to avoid the address conflict. Otherwise, use a random suffix like my+12345#email.com
EDIT: rest-server gives the option "Specify if you want the generated REST API to be secured: (y/N)", is this to enforce the acl?
I've been trying to setup a simple test using hyperledger-composer node js client. In my config I have the following:
"connection-info" : {
"participantId" : "gk1",
"participantPwd" :"CjysyeLjriRT",
"businessNetworkIdentifier" : "myBizNetwork",
"connectionProfile" : "defaultProfile"}
In my business network definition I have the following:
rule Default {
description: "DENY all participants access to all resources"
participant: "ANY"
operation: ALL
resource: "net.name.myBizNetwork"
action: DENY }
When I call the following code in node js app, I can still see the resources:
this.bizNetworkConnection.getAssetRegistry('net.name.myBizNetwork.TestAsset');
}).then((registry) => {
return registry.find('testAssetId = ' + id);
Obviously I'd like to do more scenarios with access control, but in my understanding this should work.
A good first point of call is to try out your model, acl, and script files in the online playground here https://composer-playground.mybluemix.net/
Note - you are an admin by default, to simulate being a participant you can do so by:
Clicking 'admin' in the top right of the playground
'+ Issue New ID'
Supply a User ID (whatever you like) and participant (will be one you created earlier) and then press 'Create New'
Select Option 2: '+ Add to my Wallet' (This will allow you to then use the identity and you will 'be' that participant
From looking at your code, the resource you deny is "net.name.myBizNetwork".
Following the documentation here https://hyperledger.github.io/composer/reference/acl_language.html I think that to deny access to the resources within your network you will need to add a '*' wildcard (see the Examples section in the link). If that doesn't work it may have something to do with identities.
Another note, from my understanding, you need to secure the API if you want to use identities. However, you also need to create/bind identities to existing participants, and then use those identities to 'be' that participant. See the article here https://hyperledger.github.io/composer/managing/identity-issue.html
By default, you are a Null participant (you can see what participant you currently 'are' by pinging the network)
I'm getting Insufficient permissions when trying to call the acl.list method of the google calendar api via python.
service.acl().list(calendarId='primary').execute();
*** HttpError: <HttpError 403 when requesting https://www.googleapis.com/calendar/v3/calendars/primary/acl?alt=json returned "Insufficient Permission">
I'm using the scope 'https://www.googleapis.com/auth/calendar' as recommended in the documentation. Additionally, other API methods do work, for example service.calendarList
service.calendarList().list(pageToken=page_token).execute()
What am I missing?
Here is the code I'm using based almost entirely on the sample they provide:
import sys
from oauth2client import client
from googleapiclient import sample_tools
def main(argv):
# Authenticate and construct service.
# import pdb;pdb.set_trace()
service, flags = sample_tools.init(
argv, 'calendar', 'v3', __doc__, __file__,
# scope='https://www.googleapis.com/auth/calendar.readonly')
scope='https://www.googleapis.com/auth/calendar')
try:
page_token = None
while True:
calendar_list = service.calendarList().list(pageToken=page_token).execute()
for calendar_list_entry in calendar_list['items']:
print calendar_list_entry['summary']
page_token = calendar_list.get('nextPageToken')
service.acl().list(calendarId='primary').execute();
if not page_token:
break
except client.AccessTokenRefreshError:
print ('The credentials have been revoked or expired, please re-run'
'the application to re-authorize.')
if __name__ == '__main__':
main(sys.argv)
You might have to delete existing credentials, in the form of .json files. I had a similar "Insufficient permissions" problem, and I had to delete stored credentials. I had the additional problem that because of trying out some of Google's scripts in their tutorials, unknowingly I had credentials stored in a hidden .credentials folder in my home directory (users/home). Since they were hidden, I had to look for them through Terminal (on Mac), and delete them there. Once deleted, the problem was solved, since I could create new and proper credentials, suitable for the scope of my new script.
Something is wrong with your authentication. Insufficent permissions means that you don't have access.
I can verify that the scope https://www.googleapis.com/auth/calendar is enough to display ACL.list on the primary calendar.
You have to find the location of "calendar-dotnet-quickstart.json" file and delete it. I used .NET example and I have to debug the following code the find exact location.
string credPath = System.Environment.GetFolderPath(
System.Environment.SpecialFolder.Personal);
credPath = Path.Combine(credPath, ".credentials/calendar-dotnet-quickstart.json");
Then change scope as bellow and rebuild the solution.
string[] scopes = { CalendarService.Scope.Calendar};
You will notice that google will ask to confirm the access again.