This document is for testing purposes to provide reference documentation and sample scripts designed, as you deploy in a production environment, do not directly use
Ø Get token
A method (i.e., by the service principle SPN):
Refer to open the following documentation:
In the very detailed step, wherein the base is performed stepwise, i.e., the decomposition step through scripts.
among them,
Set-AzureRmContext -SubscriptionId $subscription.subscriptionId -TenantId $subscription.TenantID
This step may be in the TenantID, AAD-> Properties in directoryID found in the portal:
Secondly, please referred to therein Assign the Contributor role to the service principal to the bit reader role:
New-AzureRmRoleAssignment -RoleDefinitionName Contributor -ServicePrincipalName $app.ApplicationId.Guid
Contributor->reader
In addition, please note the following URL two minor changes:
1. If you use third-party tools like curl, please
curl --request POST "https://login.windows.net/[tennantid]/oauth2/token" --data-urlencode "resource=https://management.core.windows.net" --data-urlencode "client_id=[clientid]" --data-urlencode "grant_type=client_credentials" --data-urlencode "client_secret=[clientsecret]"
[/sourcecode]
This step change in the login URL:
https://login.chinacloudapi.cn/common/oauth2/token
2. If you are using power shell, please
[sourcecode language='powershell' ]
#Azure Authtentication Token
#requires -Version 3
#SPN ClientId and Secret
$ClientID = "clientid" #ApplicationID
$ClientSecret = "ClientSecret" #key from Application
$tennantid = "TennantID"
$TokenEndpoint = {https://login.windows.net/{0}/oauth2/token} -f $tennantid
$ARMResource = "https://management.core.windows.net/";
$Body = @{
'resource'= $ARMResource
'client_id' = $ClientID
'grant_type' = 'client_credentials'
'Client_secret = $ ClientSecret
}
$params = @{
ContentType = 'application/x-www-form-urlencoded'
Headers = @{'accept'='application/json'}
Body = $Body
Method = 'Post'
URI = $ TokenEndpoint
}
$token = Invoke-RestMethod @params
$token | select access_token, @{L='Expires';E={[timezone]::CurrentTimeZone.ToLocalTime(([datetime]'1/1/1970').AddSeconds($_.expires_on))}} | fl *
This step in
$TokenEndpoint = {https://login.windows.net/{0}/oauth2/token} -f $tennantid
URL changed https://login.chinacloudapi.cn/common/oauth2/token
The end of the -f $ tenantid unchanged
$ ARMResource = URL to read:
https://management.chinacloudapi.cn/
=====================================================================================
Method Two (AAD username password mode):
By the following function:
## get-token function gets the password security applications
function get-token {
username = $ " [email protected] "; ## subscription account
$ Password = "xxxxx"; ## subscription password
$client_id = "1950a258-227b-4e31-a9cf-717495945fc2"
$resource = "https://management.chinacloudapi.cn/"
$creds = @{
grant_type = "password"
username = $username
password = $password
client_id = $client_id
resource = $resource
};
$headers = $null
try
{
$response = Invoke-RestMethod "https://login.chinacloudapi.cn/common/oauth2/token" -Method Post -Body $creds -Headers $headers;
$token = $response.access_token;
return $token;
}
catch
{
$result = $_.Exception.Response.GetResponseStream();
$reader = New-Object System.IO.StreamReader($result);
$reader.BaseStream.Position = 0;
$reader.DiscardBufferedData();
$responseBody = $reader.ReadToEnd() | ConvertFrom-Json
Write-Host "ERROR: $($responseBody.error)"
return;
}
}
$bearer = get-token
$header = @{
Authorization = "Bearer " + $bearer
}
======================================================================================
Ø need to get value from metric api monitored by token:
##How to
## through powershell, or log in to view the properties portal application gateway, access to resource uri virtual machine, and replace highlight the following command in the display portion
$uri = "https://management.chinacloudapi.cn/<resource uri>/providers/microsoft.insights/metrics?api-version=2018-01-01&metricnames=TotalRequests"
## calling Rest API, to obtain virtual machine state history data
$result = Invoke-RestMethod -Method GET -Uri $uri -Headers $header -Body $null
## print historical state data of the virtual machine
$result.value
## examples
In my test environment resource ID as an example:
https://management.chinacloudapi.cn/subscriptions/test-fbfe-4f11-9af2-b81f0ee26453/resourceGroups/testresourcegroup-E/providers/Microsoft.Network/applicationGateways/TESTAPPGW/providers/microsoft.insights/metrics?api-version=2018-01-01&metricnames=TotalRequests
You can replace highlights other metric:
$result = Invoke-RestMethod -Method GET -Uri $uri -Headers $header -Body $null
$result.value