如何获取访问令牌以提取特定订阅的Azure Monitor指标?

问题描述 投票:0回答:1

我们需要生成一个AAD访问令牌,客户端可以使用它来查询Azure Monitor指标(通过Fluent API)以获取特定的订阅。因此要求是:1.令牌只能用于查询特定订阅的指标,而不能查询其他订阅2.仅可以从Azure监控查询指标(我相信是通过ARM)

我们如何:1.获取访问令牌?2.对于Azure Management Fluent SDK,如何直接使用令牌?

谢谢!

azure-active-directory access-token azure-resource-manager azure-monitoring microsoft-identity-platform
1个回答
0
投票

1。如何获取访问令牌以列出Azure资源指标

a。创建一个服务主体并为sp分配Reader角色。 (我使用Azure CLI来做到这一点)

az login
az account set --subscription "<your subscription id>"
az ad sp create-for-rbac -n "readMetric" --role Reader

enter image description here

b。获取访问令牌

POST /<your sp tenant>/oauth2/token HTTP/1.1
Host: login.microsoftonline.com
Content-Type: application/x-www-form-urlencoded

grant_type=client_credentials
&client_id=<your sp appid>
&client_secret=<your sp password>
&resource=https://management.azure.com/

c。列出一种Azure资源的指标

GET https://management.azure.com/{resource id}/providers/microsoft.insights/metrics?api-version=2018-01-01&metricnames=""
Authorization : Bearer <access_token>

enter image description here

2。对于Azure Management Fluent SDK,如何直接使用令牌?

关于此问题,请参考以下步骤

static async Task Main(string[] args)
        {
       /*
           Please install sdk Microsoft.IdentityModel.Clients.ActiveDirectory and Microsoft.Azure.Management.Fluent 

      */

            var tenantId = "<your sp tenant>";
            var clientId = "<your sp appId>";
            var clientSecret = "<your sp password>";
            var subscriptionId = "<your subscription id>";
            var context = new AuthenticationContext("https://login.microsoftonline.com/" + tenantId, false);
            var credential = new ClientCredential(clientId: clientId, clientSecret: clientSecret);
            var result = await context.AcquireTokenAsync("https://management.azure.com/", credential);

            var token = result.AccessToken;
            var tokenCredentials = new TokenCredentials(token);
            var azureCredentials = new AzureCredentials(
                tokenCredentials,
                tokenCredentials,
                tenantId,
                AzureEnvironment.AzureGlobalCloud);
            var client = RestClient
                .Configure()
                .WithEnvironment(AzureEnvironment.AzureGlobalCloud)
                .WithLogLevel(HttpLoggingDelegatingHandler.Level.Basic)
                .WithCredentials(azureCredentials)
                .Build();
            var azure = Microsoft.Azure.Management.Fluent.Azure
                          .Authenticate(client, tenantId)
                          .WithSubscription(subscriptionId);
            var resourceId = "/subscriptions/e5b0fcfa-e859-43f3-8d84-5e5fe29f4c68/resourceGroups/jimtest/providers/Microsoft.Compute/virtualMachines/testvm";
            foreach (var metricDefinition in await azure.MetricDefinitions.ListByResourceAsync(resourceId))
            {
                var metricCollection = await metricDefinition.DefineQuery()
                                .StartingFrom(DateTime.UtcNow.AddMinutes(-5))
                                .EndsBefore(DateTime.UtcNow)
                                .ExecuteAsync();
                Console.WriteLine("Metrics for '" + resourceId + "':");
                Console.WriteLine("Namespacse: " + metricCollection.Namespace);
                Console.WriteLine("Query time: " + metricCollection.Timespan);
                Console.WriteLine("Time Grain: " + metricCollection.Interval);
                Console.WriteLine("Cost: " + metricCollection.Cost);
                foreach (var metric in metricCollection.Metrics)
                {
                    Console.WriteLine("\tMetric: " + metric.Name.LocalizedValue);
                    Console.WriteLine("\tType: " + metric.Type);
                    Console.WriteLine("\tUnit: " + metric.Unit);
                    Console.WriteLine("\tTime Series: ");
                    foreach (var timeElement in metric.Timeseries)
                    {
                        Console.WriteLine("\t\tMetadata: ");
                        foreach (var metadata in timeElement.Metadatavalues)
                        {
                            Console.WriteLine("\t\t\t" + metadata.Name.LocalizedValue + ": " + metadata.Value);
                        }
                        Console.WriteLine("\t\tData: ");
                        foreach (var data in timeElement.Data)
                        {
                            Console.WriteLine("\t\t\t" + data.TimeStamp
                                    + " : (Min) " + data.Minimum
                                    + " : (Max) " + data.Maximum
                                    + " : (Avg) " + data.Average
                                    + " : (Total) " + data.Total
                                    + " : (Count) " + data.Count);
                        }
                    }
                }
            }
  }

enter image description here

有关更多详细信息,请参阅document

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.