我可以使用
Connect-AzAccount$vms = Get-AzVM我在租户中创建了应用程序注册,并创建了用于身份验证的证书。
我希望我的脚本使用这种基于证书的身份验证来进行相同的调用或与上面类似的操作。
这是我一直在玩的代码,我觉得我已经很接近了。
$tenantID = "aGUID"
$applicationID = "anotherGUID"
$resourceGroup = "aGroup"
$subscriptionID = "Azure subscription 1"
# Connect to Entra ID with Certificate
$certThumbPrint = "acertGUID"
$certPass = ConvertTo-SecureString -String "somepassword" -Force -AsPlainText
#$cert = Get-Item -Path Cert:\CurrentUser\My\$certThumbPrint
# Import the certificate
#$cert = New-Object System.Security.Cryptography.X509Certificates.X509Certificate2("C:\temp\cert.pfx", $certPass, "Exportable,PersistKeySet")
# Get the Azure AD application
$azureAdApplication = Get-AzADApplication -ApplicationId $applicationID -TenantId $tenantID
# Get the certificate associated with the application
$cert = Get-AzADAppCredential -ApplicationId $applicationID -TenantId $tenantID | Where-Object { $_.Type -eq "AsymmetricX509Cert" -and $_.Usage -eq "Verify" }
# Authenticate using the certificate
$token = Get-AzAccessToken -ResourceUrl "https://management.azure.com" -TenantId $tenantID -CertificateThumbprint $certThumbPrint -ApplicationId $applicationID -Credential $cert
# Authenticate to Azure AD using the certificate
#$token = Get-AzAccessToken -ResourceUrl "https://management.azure.com" -TenantId $tenantID -ClientId $applicationID -CertificateThumbprint $cert.Thumbprint
$token = Get-AzAccessToken -ResourceUrl "https://management.azure.com" -TenantId $tenantID -ServicePrincipalId $applicationID -CertificateThumbprint $certThumbPrint
# Set the Azure context
Set-AzContext -AadAccessToken $token.Token -SubscriptionId $subscriptionID
# Get a list of VMs
$vms = Get-AzVM
# Display VM information
foreach ($vm in $vms) {
Write-Host "VM Name: $($vm.Name), Resource Group: $($vm.ResourceGroupName)"
# Add more details as needed
}
使用-ResourceUrl时,请确保该值与当前的Azure环境匹配。您可以参考(Get-AzContext).Environment的值。
https://learn.microsoft.com/en-us/powershell/module/az.accounts/get-azaccesstoken?view=azps-11.1.0