我们需要生成一个AAD访问令牌,客户端可以使用它来查询Azure Monitor指标(通过Fluent API)以获取特定的订阅。因此要求是:1.令牌只能用于查询特定订阅的指标,而不能查询其他订阅2.仅可以从Azure监控查询指标(我相信是通过ARM)
我们如何:1.获取访问令牌?2.对于Azure Management Fluent SDK,如何直接使用令牌?
谢谢!
1。如何获取访问令牌以列出Azure资源指标
a。创建一个服务主体并为sp分配Reader角色。 (我使用Azure CLI来做到这一点)
az login
az account set --subscription "<your subscription id>"
az ad sp create-for-rbac -n "readMetric" --role Reader
b。获取访问令牌
POST /<your sp tenant>/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded
grant_type=client_credentials
&client_id=<your sp appid>
&client_secret=<your sp password>
&resource=https://management.azure.com/
c。列出一种Azure资源的指标
GET https://management.azure.com/{resource id}/providers/microsoft.insights/metrics?api-version=2018-01-01&metricnames=""
Authorization : Bearer <access_token>
2。对于Azure Management Fluent SDK,如何直接使用令牌?
关于此问题,请参考以下步骤
static async Task Main(string[] args)
{
/*
Please install sdk Microsoft.IdentityModel.Clients.ActiveDirectory and Microsoft.Azure.Management.Fluent
*/
var tenantId = "<your sp tenant>";
var clientId = "<your sp appId>";
var clientSecret = "<your sp password>";
var subscriptionId = "<your subscription id>";
var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId, false);
var credential = new ClientCredential(clientId: clientId, clientSecret: clientSecret);
var result = await context.AcquireTokenAsync("https://management.azure.com/", credential);
var token = result.AccessToken;
var tokenCredentials = new TokenCredentials(token);
var azureCredentials = new AzureCredentials(
tokenCredentials,
tokenCredentials,
tenantId,
AzureEnvironment.AzureGlobalCloud);
var client = RestClient
.Configure()
.WithEnvironment(AzureEnvironment.AzureGlobalCloud)
.WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
.WithCredentials(azureCredentials)
.Build();
var azure = Microsoft.Azure.Management.Fluent.Azure
.Authenticate(client, tenantId)
.WithSubscription(subscriptionId);
var resourceId = "/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/jimtest/providers/Microsoft.Compute/virtualMachines/testvm";
foreach (var metricDefinition in await azure.MetricDefinitions.ListByResourceAsync(resourceId))
{
var metricCollection = await metricDefinition.DefineQuery()
.StartingFrom(DateTime.UtcNow.AddMinutes(-5))
.EndsBefore(DateTime.UtcNow)
.ExecuteAsync();
Console.WriteLine("Metrics for '" + resourceId + "':");
Console.WriteLine("Namespacse: " + metricCollection.Namespace);
Console.WriteLine("Query time: " + metricCollection.Timespan);
Console.WriteLine("Time Grain: " + metricCollection.Interval);
Console.WriteLine("Cost: " + metricCollection.Cost);
foreach (var metric in metricCollection.Metrics)
{
Console.WriteLine("\tMetric: " + metric.Name.LocalizedValue);
Console.WriteLine("\tType: " + metric.Type);
Console.WriteLine("\tUnit: " + metric.Unit);
Console.WriteLine("\tTime Series: ");
foreach (var timeElement in metric.Timeseries)
{
Console.WriteLine("\t\tMetadata: ");
foreach (var metadata in timeElement.Metadatavalues)
{
Console.WriteLine("\t\t\t" + metadata.Name.LocalizedValue + ": " + metadata.Value);
}
Console.WriteLine("\t\tData: ");
foreach (var data in timeElement.Data)
{
Console.WriteLine("\t\t\t" + data.TimeStamp
+ " : (Min) " + data.Minimum
+ " : (Max) " + data.Maximum
+ " : (Avg) " + data.Average
+ " : (Total) " + data.Total
+ " : (Count) " + data.Count);
}
}
}
}
}
有关更多详细信息,请参阅document