Azure的AD通过Azure的CLI中添加键 [英] Azure AD add keys via Azure CLI

问题描述

我试图使用Azure的CLI我的Azure AD应用程序添加一个关键。
但看throught Azure的CLI API似乎没有这样的命令。

I'm trying to add a key in my Azure AD application using Azure CLI. But looking throught the Azure CLI API it seems that there is no such command.

有关〔实施例：

我想从自动通过Azure的CLI以下链接任务：
http://blog.davidebbo.com/2014/12/azure-service -principal.html

I'm trying to automate the task from the link below via Azure CLI: http://blog.davidebbo.com/2014/12/azure-service-principal.html

我可以创建AD应用程序，服务主体，但我不能找到一种方法来添加键新创建的AD应用程序。

I can create AD application, service principal, but I can't find a way to add key for newly create AD application.

我将AP preciate任何想法和方向：）

I'll appreciate any ideas and directions :)

在此先感谢！

推荐答案

有关新的AD应用程序，同时建立可以指定 -p 的关键。例如，

For a new AD application, you can specify a key with -p while creating. For example,

azure ad app create -n <your application name> --home-page <the homepage of you application> -i <the identifier URI of you application> -p <your key>

对于现有的AD应用程序，想必图形API能够更新AD应用程序凭据。阅读这个API参考，你可以看到密码凭据能够使用POST，GET，PATCH。然而，这是过于复杂，使用图形API。我有检查Azure的CLI。该功能还没有实现，源是不可读的我。然后，我看了看的Azure SDK用于Python的，因为我很熟悉Python，我发现他们已在2.0.0rc2付诸实施。请参阅 GitHub的回购

For an existing AD application, surely the Graph API is able to update the AD Application Credential. Read this API reference, and you can see that the password credential is able to use "POST, GET, PATCH". However, it's too complicated to use the Graph API. I have check the Azure CLI. That functionality is not yet implemented, and the source is unreadable for me. Then, I took a look at Azure SDK for Python, because I am familiar with python, and I found out that they have already implemented it in 2.0.0rc2. See the GitHub Repo

我写了一个python脚本。但是，为了用我的脚本，你需要安装不仅azure2.0.0rc2，也msrest和msrestazure。

I have written a python script. But, in order to use my script you need to install not only azure2.0.0rc2, but also msrest and msrestazure.

from azure.common.credentials import UserPassCredentials
from azure.graphrbac import GraphRbacManagementClient, GraphRbacManagementClientConfiguration
from azure.graphrbac.models import ApplicationCreateParameters, PasswordCredential

credentials = UserPassCredentials("<your Azure Account>", "<your password>")

subscription_id = "<your subscription id>"

tenant_id = "<your tenant id>"

graphrbac_client = GraphRbacManagementClient(
    GraphRbacManagementClientConfiguration(
        credentials,
        subscription_id,
        tenant_id
    )
)

application = graphrbac_client.application.get('<your application object id>')

passwordCredential = PasswordCredential(start_date="2016-04-13T06:08:04.0863895Z", 
                                        end_date="2018-04-13T06:08:04.0863895Z",
                                        value="<your new key>")

parameters = ApplicationCreateParameters(application.available_to_other_tenants,
                                     application.display_name,
                                     "<the homepage of your AD application>",
                                     application.identifier_uris,
                                     reply_urls=application.reply_urls,
                                     password_credentials = [passwordCredential])

application = graphrbac_client.application.update('<your application object id>', parameters)

与此脚本唯一的问题是，你只能够覆盖你的AD应用程序的所有现有的密钥。你是不是能够追加一个新的密钥。这是在图形API的问题。该图形API不允许用户读取现有的密钥。一个可能的解决办法是在其他地方保存现有的钥匙。但是，这会带来额外的安全风险。

The only problem with this script is that you are only able to override all the existing keys of you AD application. You are not able to append a new key. This is a problem of the Graph API. The Graph API does not allow users to read an existing key. One possible solution would be storing your existing keys somewhere else. But, this will bring extra security risk.

这篇关于Azure的AD通过Azure的CLI中添加键的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！