Azure上有多种获取Access Token的方式,这里介绍通过rest api获取service principal的token,和通过azure cli获取用户token的方法。
一 获取token
1 通过rest api的方式获取service principal的access token
通过如下命令获取token
sub_id=xxxx-xxxx-xxxx-xxxx-xxxx secret=xxxx-_xxxxm-xxxx-xxxx client_id= xxxx-xxxx-xxxx-xxxx-xxxx tenant_id= xxxx-xxxx-xxxx-xxxx-xxxx token=$(curl -X POST -s -d "grant_type=client_credentials&client_id=$client_id&client_secret=$secret&resource=https%3A%2F%2Fmanagement.azure.com%2F" https://login.microsoftonline.com/$tenant_id/oauth2/token | jq -r .access_token)
2 通过azure命令行获取用户的access token
token=$(az account get-access-token | jq -r .accessToken)
二 验证token
通过Rest API获取Subscription信息
通过Service Principal的方式,只能获取已经授权的订阅:
curl -X GET -s -H "Authorization: Bearer $token" -H "Content-Type: application/json" https://management.azure.com/subscriptions?api-version=2020-01-01 | jq
{ "value": [ { "id": "/subscriptions/ xxxx-xxxx-xxxx-xxxx-xxxx", "authorizationSource": "RoleBased", "managedByTenants": [], "subscriptionId": " xxxx-xxxx-xxxx-xxxx-xxxx", "tenantId": " xxxx-xxxx-xxxx-xxxx-xxxx", "displayName": "xxxx", "state": "Enabled", "subscriptionPolicies": { "locationPlacementId": "Internal_2014-09-01", "quotaId": "Internal_2014-09-01", "spendingLimit": "Off" } } ], "count": { "type": "Total", "value": 1 } }
这里只有一个授权的订阅信息。
通过用户的Access-token:
curl -s -X GET -H "Authorization: Bearer $token" -H "Content-Type: application/json" https://management.azure.com/subscriptions?api-version=2020-01-01 | jq .value[].subscriptionId
"fXbXXXXX-cXXX-XXfX-a1dX-XfXXbbXXXX1X" "XXcXXXXX-XccX-X1ca-XbXa-dfXdda1XeXaX" "XXbXXXcc-aX1a-XX1X-Xbfd-1aXXbcXddfXd" "bacXXXed-cXfc-XaXX-Xac1-XcXcXXda1dXe" "XaXeX1fX-Xdae-XXXX-bXXX-XXbXaafcbbed" "Xae1XXXe-fXXX-XXXX-aXXX-1X1XXbaXXXfX" "XXdXXXXX-X1eX-XXdX-X1d1-XXXXbXXX111X" "dX1aXeXf-XeXX-XbXX-XbaX-Xe1XXbcXfeXd" "XXXXXX1d-cXXX-Xc1X-XfdX-cX1fXXfXXXcX" "XfdXXdcc-aXXX-XbXf-XfXc-XdacXXXfddaX" "XXXXXaXd-XXXX-XaXd-XfXf-cXacXXaXddfd" "caXXbc1X-cfXX-XXeX-bbeX-XcXXbXXX1XdX"
这里有多个订阅的信息。