从多个租户获取虚拟机详细信息 [英] Fetching VM details from multiple tenants
问题描述
我们正在开发一个应用程序,任何客户都可以使用Azure活动目录登录.我们需要某种方式来读取用户租户信息,然后获取与其订阅相关联的所有VM.
也许您可以将应用程序注册为多租户应用程序,以便外部Azure AD中的用户能够登录您的应用程序.有关多租户应用程序的详细信息,请参考此此步骤仅用于检查您的应用是否已成功驻留客户的租户.
Step3
此步骤将为租户B的某些Azure订阅授予与VM相关的权限到您的多租户应用程序.您应该让Azure订阅管理员(具有所有者角色)授予此权限:转到订阅刀片:
在多租户应用程序中添加虚拟机贡献者"角色(这是一个内置角色,具有所有VM管理权限,但具有读取权限),您可以使用其应用程序ID查找您的应用程序:选择它,然后单击保存",此步骤完成.
第4步
尝试从B租户的某些Azure订阅中获取VM信息.这一步,我将使用REST API来获取您需要的VM信息.从B租户处获取访问令牌:
请求网址:POST https://login.microsoftonline.com/<-B租户名称->/oauth2/token请求标头:内容类型:application/x-www-form-urlencoded要求正文:client_id =<-您的多用途应用程序ID->&client_secret =<-多租户应用的客户端机密->&grant_type = client_credentials&资源= https://management.azure.com/ 您可以通过下面的REST API获取access_token以获取所需的VM信息:
请求网址:GET https://management.azure.com/subscriptions/<-您的用户的订阅ID->/resourceGroups/<要查询的资源组->/providers/Microsoft.Compute/virtualMachines?api-version = 2018-06-01请求标头:授权:Bearer<-访问令牌-> 我已经接受了测试,对我有用:
希望有帮助!
we are developing an application where any customer can log in using Azure active directory. We need some way to read user tenant information and then fetch all the VM associated with his subscription.
maybe you can register your application as multi-tenant app so that users in external Azure AD will be able to login your application . For details about multi-tenant app, pls refer to this doc
For fetching VM information in users' Azure subscription , you need to implement a process that letting your user(should with Azure subscription owner role) to grant at least read VMs permission of users' subscription to your multi-tenant app so that your app can get users' VM information you need.
I'll explain the details of the hole processes of your requirement :
Step1:
You can just refer to this doc to deploy a multi-site app.If users from other Azure AD(We call it B tenant here)want to use your multi-tenant app , the admin of B tenant should sign up in your app (This process you can see the details here)
Step2:
Once the AD admin finished the sign-up process, your multi-tenant app will appears in "Enterprise applications" of B tenant . You can find it using your multi-tenant app ID : This step is just for checking that if your app have resided customer's tenant successfully .
Step3
This step will grant VM related permissions of certain Azure subscription of tenant B to your multi-tenant app. You should let the Azure Subscription Admin(who has the owner role) to grant this permission: Go to subscription blade :
Add "Virtual machine contributor" role(this is a built-in role,it has all VM management permissions, for than reading permission ) to your multi-tenant app ,you can find your app using its app id : Select it and then click "save", this step is finished .
Step 4
Trying to get the VM information from certain Azure subscription of B tenant. This step , I will use REST API to get the VM information you need. Get access token from B tenant :
Request URL:
POST https://login.microsoftonline.com/<-B tenant name->/oauth2/token
Request header:
Content-Type: application/x-www-form-urlencoded
Request Body:
client_id=<-your multi teant app id->&
client_secret=<-client secret of your multi tenant app->&
grant_type=client_credentials&
resource=https://management.azure.com/
You can get an access_token to get the VM infos you need via the REST API below :
Request URL:
GET https://management.azure.com/subscriptions/<-your users' subscription ID->/resourceGroups/<-the resource group you want to query ->/providers/Microsoft.Compute/virtualMachines?api-version=2018-06-01
Request Header :
Authorization: Bearer <-access token->
I have tested on my side and it works for me :
Hope it helps !
这篇关于从多个租户获取虚拟机详细信息的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
