使用 Azure CLI 获取 Azure 应用程序网关的“principalId”值

Question

PS /home/ian> az network application-gateway identity show --gateway-name "xxx-inf-abc-wag" --resource-group "network-xxx"
{
  "principalId": null,
  "tenantId": null,
  "type": "userAssigned",
  "userAssignedIdentities": {
    "/subscriptions/XXXXXXXXX-80b8-4447-b2a6-XXXXXXXXXX/resourcegroups/network-rg/providers/Microsoft.ManagedIdentity/userAssignedIdentities/dev-gpp-wag-mi": {
      "clientId": "DDDDDDDDD-eb2e-4836-898a-DDDDDDDDD",
      "principalId": "UUUUUUUUUU-b7c8-43d2-80a2-UUUUUUUUUU"
    }
  }
}

我只想从运行“az.network application-gateway identity show”返回的上述 json 中检索字段“principalId”的值。

我想我需要添加“--query...something”。 我尝试了“--query.principalId”，但这不起作用。 我知道我的“--query”语法有问题但不知道如何解决？

Answer 1

通过使用另一个 az 命令解决了它...

$id = $(az ad sp list --display-name "XXX-abc-wag-mi" --query [0].id --output tsv)

Answer 2

az.network application-gateway identity show使用以下查询表达式

$id=$(az.network application-gateway identity show -g MyResourceGroup --gateway ag1 --query 'userAssignedIdentities."/subscriptions/XXXXXXXXX-80b8-4447-b2a6-XXXXXXXXXX/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1".principalId' -o tsv)

解释

az.network application-gateway identity show -g MyResourceGroup --gateway-name ag1给出以下 output：

{
  "principalId": null,
  "tenantId": null,
  "type": "userAssigned",
  "userAssignedIdentities": {
    "/subscriptions/XXXXXXXXX-80b8-4447-b2a6-XXXXXXXXXX/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1": {
      "clientId": "DDDDDDDDD-eb2e-4836-898a-DDDDDDDDD",
      "principalId": "UUUUUUUUUU-b7c8-43d2-80a2-UUUUUUUUUU"
    }
  }
}

由于密钥/subscriptions/XXXXXXXXX-80b8-4447-b2a6-XXXXXXXXXX/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/id1包含正斜杠和点字符（特殊字符），因此必须对其进行转义。

因此，密钥应该用双引号引起来