gpt4 book ai didi

azure - 使用系统分配的标识创建 Azure Runbook 以发出 GRAPH 请求

转载 作者:行者123 更新时间:2023-12-03 06:52:45 25 4
gpt4 key购买 nike

目前我正在使用此处找到的资源来验证系统管理身份 Runbook Authentication Tutorial

在本教程中,我使用此工作流程连接到我的系统管理身份

# Resources
# https://learn.microsoft.com/en-us/azure/automation/learn/automation-tutorial-runbook-textual
# https://learn.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=portal%2Cpowershell

param(
[String] $resourceGroup = "ResourceGroupName", # Resource Group
[String] $subscription = "SubscriptionName", # Subscription name
[String] $SAMI = "Default tenant ID" # System Access Management Identity (Tenant ID)
)

$automationAccount = "myAutomationAccountName"
Disable-AzContextAutosave -Scope Process | out-null

try {

$AzureContext = (Connect-AzAccount -Identity).context
$azProfile = [Microsoft.Azure.Commands.Common.Authentication.Abstractions.AzureRmProfileProvider]::Instance.Profile
$profileClient = New-Object -TypeName Microsoft.Azure.Commands.ResourceManager.Common.RMProfileClient -ArgumentList ($azProfile)
$token = $profileClient.AcquireAccessToken($AzureContext.Subscription.TenantId)

if(-not ($token.AccessToken)){
throw
}

$authHeader = @{
'Content-Type'='application/json'
'Authorization'='Bearer ' + $token.AccessToken
'ExpiresOn' = $token.ExpiresOn
'X-IDENTITY-HEADER'= $env:IDENTITY_HEADER
}
# Output the generated access token
Write-Output $token.AccessToken

# I want to make a graph request getting a list of devices and then use that to set the last logged-on user as the primary user. I can't even make a request though...
$uri = "https://graph.microsoft.com/v1.0/deviceManagement/managedDevices"
Invoke-RestMethod -Uri $uri -Headers $authHeader -Method Get

} catch{
write-output $_.Exception.Message
}

$AzureContext = Set-AzContext -SubscriptionName $subscription -DefaultProfile $AzureContext

当我在测试 Pane 中启动 Runbook 时,它会输出 JWT。然后,当尝试发出请求时,它会抛出错误

The remote server returned an error: (401) Unauthorized.

然后我打开 PostMan 并输入 URL(端点),我知道从我的用户帐户创建的有效 JWT 可以工作,我将此生成的 token 放入授权承载 token 中并收到此 JSON 错误

{
"error": {
"code": "InvalidAuthenticationToken",
"message": "Access token validation failure. Invalid audience.",
"innerError": {
"date": "2022-08-22T19:14:43",
"request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx",
"client-request-id": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxx"
}
}
}

我去https://jwt.io/并获取编码的 JWT,并注意到期日期正是它创建的时间。这是一个可能的问题吗?如果是这样,我如何延长本操作手册中的到期日期?或者,这是否是基于角色的 GRAPH API 拒绝 token 的问题?请帮忙...

最佳答案

我已关注MSDOC我可以在write-output中查看Graph请求。

  • 确保为特定用户分配特定的读取访问权限角色。

解决方法

我已在 Azure Runbook 中发出请求以捕获图形请求的响应。

enter image description here

结果

enter image description here

关于azure - 使用系统分配的标识创建 Azure Runbook 以发出 GRAPH 请求,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/73406533/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com