如何从交互式 PowerShell 会话调用 Azure REST API
[英]How do I call the Azure REST API from an interactive PowerShell session
问题描述
I want to be able to call Azure REST API methods from an interactive PowerShell session.
我希望能够从交互式 PowerShell 会话中调用 Azure REST API 方法。 There are instructions on how to do this with a Service Principal here but I want to be able to call these methods using my own credentials rather than switching to a different set.有关于如何使用服务主体做到这一点说明在这里,但我希望能够用我自己的凭据,而不是切换到不同的组来调用这些方法。 This will make it easier to work out the methods I need to call locally and also to gather information from Azure on an ad hoc basis.这样可以更轻松地计算出我需要在本地调用的方法,以及临时从 Azure 收集信息。
An example of a call I'd like to make that can't be done with existing PowerShell cmdlets is我想使用现有 PowerShell cmdlet 无法完成的调用示例是
https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/products/{productId}/policies/policy?api-version=2019-01-01
2 个解决方案
解决方案1
0 已采纳 2019-12-03 18:29:31
When you login to Azure with Login-AzureRmAccount or Login-AzAccount and then call an AzureRm or Az cmdlet a bearer token will be obtained by from Azure and stored in your context object.当您使用 Login-AzureRmAccount 或 Login-AzAccount 登录到 Azure,然后调用 AzureRm 或 Az cmdlet 时,将从 Azure 获取不记名令牌并将其存储在您的上下文对象中。 You can retrieve your context object with Get-AzureRmContext or Get-AzContext and parse the token from that object.可以使用 Get-AzureRmContext 或 Get-AzContext 检索上下文对象,并从该对象解析令牌。
$Context = Get-AzContext
$Cache = $Context.TokenCache
$CacheItems = $Cache.ReadItems()
$Token = ($CacheItems | Where-Object { $_.Resource -eq "https://management.core.windows.net/" })
The token will last for an hour, if it expires you'll need to renew it by calling an Azure cmdlet again (though it may be possible to renew it programatically).该令牌将持续一个小时,如果它过期,您需要通过再次调用 Azure cmdlet 来更新它(尽管可以通过编程方式更新它)。
This code could be wrapped in a function like这段代码可以包装在一个函数中
function Invoke-AzureRestApi {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[String]$Uri
)
$Context = Get-AzContext
$Cache = $Context.TokenCache
$CacheItems = $Cache.ReadItems()
$Token = ($CacheItems | Where-Object { $_.Resource -eq "https://management.core.windows.net/" })
$Headers = @{Authorization = "Bearer $($Token.AccessToken)"}
Invoke-RestMethod -Method GET -Uri $Uri -Headers $Headers
}
# run an Az or AzureRm cmdlet to get a token prior to calling the function
Invoke-AzureRestApi -Uri https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/products/{productId}/policies/policy?api-version=2019-01-01
# A simpler example to test the function (though this particular example can be more easily achieved with Get-AzResourceGroup)
Invoke-AzureRestApi -Uri https://management.azure.com/subscriptions/{subscriptionId}/resourcegroups?api-version=2019-08-01
UPDATE (31/8/2021): the token can now be retrieved simply using the Get-AzAccessToken cmdlet更新 (31/8/2021):现在只需使用 Get-AzAccessToken cmdlet 即可检索令牌
function Invoke-AzureRestApi {
[CmdletBinding()]
param(
[Parameter(Mandatory=$true)]
[String]$Uri
)
$Token = Get-AzAccessToken
$Headers = @{Authorization = "Bearer $($Token.Token)"}
Invoke-RestMethod -Method GET -Uri $Uri -Headers $Headers
}
解决方案2
0 2019-12-03 18:32:08
you could just use Get-AzResource to achieve the same outcome, without the headache of dealing with tokens.您可以使用Get-AzResource来实现相同的结果,而无需为处理令牌而头疼。
Your particular example call doesnt make a lot of sense, it can be replaced with Get-AzResourceGroup您的特定示例调用没有Get-AzResourceGroup意义,可以用Get-AzResourceGroup
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.