[英]How to Regenerate Azure Storage Key for Classic and ARM using REST API
使用Azure Rest API,可以為經典存儲帳戶和基於Azure資源管理器的存儲帳戶重新生成主鍵和輔助鍵。
下面的腳本通過Azure Active Directory應用程序利用REST API查詢來聯系Azure資源並執行必要的操作。
有關如何配置Azure Active Directory APP的更多詳細信息
出於此腳本的目的,您需要確保Azure Active Directory APP在哪個主機存儲帳戶的資源組上具有“貢獻者”權限。
$subscriptionid = "Your Azure Subscription ID"
$resourcegroup = "Azure Resource Group which host the storage account"
$storageaccountname = "Azure Storage Account name for which keys needs to be re-generation."
### Below query gets the Oauth URI
$queryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/listKeys?api-version=2018-07-01"
$response = try{Invoke-RestMethod -Method GET -Uri $queryUrl -Headers @{}} catch{$_.Exception.Response}
$authHeader = $response.Headers['www-authenticate']
$endpoint = [regex]::match($authHeader, 'authorization_uri="(.*?)"').Groups[1].Value
$oauthUri = "$endpoint/oauth2/token"
### Get the access token. For this you would need to Azure Active Directory APP Id and Key.
$clientSecret = $aadClientKey ## AAD App Key
$oath2Uri = $oauthUri
$body = 'grant_type=client_credentials'
$body += '&client_id=' + $aadClientId ## AAD App ID
$body += '&client_secret=' + [Uri]::EscapeDataString($clientSecret)
$body += '&resource=' + [Uri]::EscapeDataString("https://management.core.windows.net")
$headers = @{"Accept"="application/json"}
$response = try { Invoke-RestMethod -Method POST -Uri $oath2Uri -Headers $headers -Body $body } catch { throw; }
$accessToken = $response.access_token
### Regenerate storage account key for Classic and ARM based storage account.
$header = "Bearer " + $accessToken
$headers = @{ 'Authorization' = $header;'Content-Type'="application/json";}
$armPutQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/regenerateKey?api-version=2018-07-01"
$classicPutQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/$storageaccountname/regenerateKey?api-version=2016-11-01"
$classicGetQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/$storageaccountname/listKeys?api-version=2016-11-01"
$armGetQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/listKeys?api-version=2018-07-01"
$useClassApiCall = $false
try
{
Invoke-RestMethod -Method POST -Uri $armGetQueryUrl -Headers $headers -Body ($body | ConvertTo-Json)
}
catch
{
try
{
Invoke-RestMethod -Method POST -Uri $classicGetQueryUrl -Headers $headers -Body ($body | ConvertTo-Json)
$useClassApiCall = $true ## This variable controls from now one wheather the storage account supplied is a classic storage account or an ARM based storage account.
}
catch
{
throw
}
}
if($useClassApiCall)
{
try
{
$body = @{"KeyType"='Primary'}
$keyResponse = try { Invoke-RestMethod -Method POST -Uri $classicPutQueryUrl -Headers $headers -Body ($body | ConvertTo-Json) } catch { throw; }
$keyResponses.Add($keyResponse.primaryKey) > $nul
$body = @{"KeyType"='Secondary'}
$keyResponse = try { Invoke-RestMethod -Method POST -Uri $classicPutQueryUrl -Headers $headers -Body ($body | ConvertTo-Json) } catch { throw; }
$keyResponses.Add($keyResponse.secondaryKey) > $null
}
catch
{
throw
}
}
else
{
try
{
$body = @{"keyName"='key1'}
$keyResponse = try { Invoke-RestMethod -Method POST -Uri $armPutQueryUrl -Headers $headers -Body ($body | ConvertTo-Json) } catch { throw; }
$keyResponses.Add($keyResponse.keys[0].value) > $nul
$body = @{"keyName"='key2'}
$keyResponse = try { Invoke-RestMethod -Method POST -Uri $armPutQueryUrl -Headers $headers -Body ($body | ConvertTo-Json) } catch { throw; }
$keyResponses.Add($keyResponse.keys[1].value) > $null
}
catch
{
throw
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.