Azure 广告应用程序 - 以编程方式更新清单 [英] Azure ad app - Updating manifest programmatically

问题描述

我正在尝试找到一种方法，使用 json 文件通过 powershell 更新已注册 Azure 广告的应用程序清单.

I am trying to find a way to update an Azure Ad registered app's manifest via powershell, utilizing a json file.

Json 文件包含所有应用程序角色，我想简单地将应用程序角色:[] 直接注入应用程序角色括号

The Json file contains all of the app roles, and i would like to simple inject the App Roles: [] right into the App Role Brackets

有没有办法通过 power shell 或 CLI 来实现?

Is there a way to achieve this via power shell or CLI?

推荐答案

请记住，Azure AD 门户中显示的清单"只不过是应用程序对象的轻度约束表示，如公开通过 Azure AD 图形 API:https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity

Keep in mind that the "manifest", as displayed in the Azure AD portal, is nothing more than a lightly-constrained representation of the Application object, as exposed by the Azure AD Graph API: https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity

Azure AD PowerShell(AzureAD 模块)只是同一 API 的简单包装.New-AzureADApplication 在 /applications 上执行 POST，Get-AzureADApplication 执行 GET，Set-AzureADApplication 执行 PATCH，Remove-AzureADApplication 执行 DELETE.

Azure AD PowerShell (the AzureAD module) is just a simple wrapper around the same API. New‑AzureADApplication does a POST on /applications, Get‑AzureADApplication does a GET, Set‑AzureADApplication does a PATCH, and Remove‑AzureADApplication does a DELETE.

因此，请记住这一点，请考虑以下输入文件 app-roles.json:

So, keeping that in mind, consider the following input file app-roles.json:

[
    {
        "allowedMemberTypes": [ "Application" ],
        "description": "Read some things in the My App service",
        "displayName": "Read some things",
        "id": "b2b2e6de-bb42-41b4-92db-fda89218b5ae",
        "isEnabled": true,
        "value": "Things.Read.Some"
    },
    {
        "allowedMemberTypes": [ "User" ],
        "description": "Super admin role for My App",
        "displayName": "My App Super Admin",
        "id": "a01eca9b-0c55-411d-aa5f-d8cfdbadf500",
        "isEnabled": true,
        "value": "super_admin"
    }
]

您可以使用以下脚本在应用上设置这些应用角色(请注意，这将删除任何现有的应用角色，这将导致错误，因为它们之前没有被禁用):

You could use the following script to set those app roles on an app (note this will remove any existing app roles, which will cause an error is they weren't previously disabled):

$appId = "{app-id}"
$pathToAppRolesJson = "app-roles.json"

# Read all desired app roles from JSON file
$appRolesFromJson = Get-Content -Path $pathToAppRolesJson -Raw | ConvertFrom-Json

# Build a new list of Azure AD PowerShell AppRole objects
$appRolesForApp = @()
$appRolesFromJson | ForEach-Object {

    # Create new Azure AD PowerShell AppRole object for each app role
    $appRole = New-Object "Microsoft.Open.AzureAD.Model.AppRole"
    $appRole.AllowedMemberTypes = $_.allowedMemberTypes
    $appRole.Description = $_.description
    $appRole.DisplayName = $_.displayName
    $appRole.Id = $_.id
    $appRole.IsEnabled = $_.isEnabled
    $appRole.Value = $_.value

    # Add to the list of app roles
    $appRolesForApp += $appRole
}

# Update the Application object with the new list of app roles
$app = Get-AzureADApplication -Filter ("appId eq '{0}'" -f $appId)
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRolesForApp

这篇关于Azure 广告应用程序 - 以编程方式更新清单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！