我创建了具有系统托管身份的Azure容器注册表。我知道如何检查为其创建的服务主体:
C:\> az ad sp show --id 4***8
{
"accountEnabled": "True",
"alternativeNames": [
"isExplicit=False",
"/subscriptions/d***8/resourcegroups/VictorTestRG/providers/Microsoft.ContainerRegistry/registries/victorTestContainerRegistry"
],
"appId": "7***6",
"displayName": "victorTestContainerRegistry",
"keyCredentials": [...],
"objectId": "4***8",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/2***b/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"servicePrincipalNames": [
"7***6",
"https://identity.azure.net/o***F/p***="
],
"servicePrincipalType": "ManagedIdentity"
}
(为了简洁起见,我擦洗了某些值,并省略了以null或[]作为其值的字段)
现在,我想重设此服务主体的凭据,但以下任何一项都不适合我:
C:\> az ad sp credential reset --name 4***8
Resource '4***8' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "7***6"
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name victorTestContainerRegistry
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "https://identity.azure.net/o***F/p***="
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\>
因此,如何重置系统管理身份的凭据?
系统将自动在后台旋转身份使用的证书。您不需要为此做任何事情。