堆棧內存溢出
  簡體   English   中英

如何使用REST API為Classic和ARM重新生成Azure存儲密鑰

[英]How to Regenerate Azure Storage Key for Classic and ARM using REST API

 原文  2018-12-13 02:17:59       azure/ azure-storage

問題描述

使用Azure Rest API,可以為經典存儲帳戶和基於Azure資源管理器的存儲帳戶重新生成主鍵和輔助鍵。

1 個解決方案

解決方案1
 0  2018-12-13 02:18:55

下面的腳本通過Azure Active Directory應用程序利用REST API查詢來聯系Azure資源並執行必要的操作。

有關如何配置Azure Active Directory APP的更多詳細信息

出於此腳本的目的,您需要確保Azure Active Directory APP在哪個主機存儲帳戶的資源組上具有“貢獻者”權限。 

    $subscriptionid = "Your Azure Subscription ID"
    $resourcegroup = "Azure Resource Group which host the storage account"
    $storageaccountname = "Azure Storage Account name for which keys needs to be re-generation."

### Below query gets the Oauth URI
    $queryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/listKeys?api-version=2018-07-01"
    $response = try{Invoke-RestMethod -Method GET -Uri $queryUrl -Headers @{}} catch{$_.Exception.Response}
    $authHeader = $response.Headers['www-authenticate']
    $endpoint = [regex]::match($authHeader, 'authorization_uri="(.*?)"').Groups[1].Value
    $oauthUri = "$endpoint/oauth2/token"


### Get the access token. For this you would need to Azure Active Directory APP Id and Key. 
    $clientSecret = $aadClientKey ## AAD App Key
    $oath2Uri = $oauthUri
    $body = 'grant_type=client_credentials'
    $body += '&client_id=' + $aadClientId ## AAD App ID
    $body += '&client_secret=' + [Uri]::EscapeDataString($clientSecret)
    $body += '&resource=' + [Uri]::EscapeDataString("https://management.core.windows.net")
    $headers = @{"Accept"="application/json"}
    $response = try { Invoke-RestMethod -Method POST -Uri $oath2Uri -Headers $headers -Body $body } catch { throw; }
    $accessToken = $response.access_token


### Regenerate storage account key for Classic and ARM based storage account. 
    $header = "Bearer " + $accessToken
    $headers = @{ 'Authorization' = $header;'Content-Type'="application/json";}
    $armPutQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/regenerateKey?api-version=2018-07-01"
    $classicPutQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/$storageaccountname/regenerateKey?api-version=2016-11-01"
    $classicGetQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.ClassicStorage/storageAccounts/$storageaccountname/listKeys?api-version=2016-11-01"
    $armGetQueryUrl = "https://management.azure.com/subscriptions/$subscriptionid/resourceGroups/$resourcegroup/providers/Microsoft.Storage/storageAccounts/$storageaccountname/listKeys?api-version=2018-07-01"
    $useClassApiCall = $false
    try 
    {
        Invoke-RestMethod -Method POST -Uri $armGetQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json) 
    } 
    catch 
    { 
        try
        {
            Invoke-RestMethod -Method POST -Uri $classicGetQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json)
            $useClassApiCall = $true ## This variable controls from now one wheather the storage account supplied is a classic storage account or an ARM based storage account.
         }
         catch
         {
             throw
         }
    }
    if($useClassApiCall)
    {
        try
        {
            $body = @{"KeyType"='Primary'}
            $keyResponse = try { Invoke-RestMethod -Method POST -Uri $classicPutQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json) } catch { throw; }
            $keyResponses.Add($keyResponse.primaryKey) > $nul
            $body = @{"KeyType"='Secondary'}
            $keyResponse = try { Invoke-RestMethod -Method POST -Uri $classicPutQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json) } catch { throw; }
            $keyResponses.Add($keyResponse.secondaryKey) > $null
        }
        catch
        {
            throw
        }
    }
    else
    {
        try
        {
            $body = @{"keyName"='key1'}
            $keyResponse = try { Invoke-RestMethod -Method POST -Uri $armPutQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json) } catch { throw; }
            $keyResponses.Add($keyResponse.keys[0].value) > $nul
            $body = @{"keyName"='key2'}
            $keyResponse = try { Invoke-RestMethod -Method POST -Uri $armPutQueryUrl -Headers $headers -Body ($body  | ConvertTo-Json) } catch { throw; }
            $keyResponses.Add($keyResponse.keys[1].value) > $null
        }
        catch
        {
            throw
        }
    }

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 如何使用REST API(ARM)訪問Azure存儲表 無法使用 Azure 管理 API 重新生成存儲密鑰 使用訪問密鑰的 REST Api 到 Azure blob 存儲 Azure REST Api創建經典的部署模型存儲帳戶 將生產“經典” Azure存儲帳戶遷移到ARM 將 Azure 經典存儲遷移到 ARM 時出錯 Azure - 將經典存儲帳戶遷移到 ARM 如何使用Azure ARM API獲取CloudService(經典)的配置 REST API:使用REST API列出所有Azure ARM模板 Azure:使用StorageManagementClient獲取經典存儲帳戶密鑰
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM