我想使用 az cli 创建一个引用密钥保管库机密的 apim 命名值。
似乎本机不支持此功能:https://github.com/Azure/azure-cli/issues/27822
我已经尝试使用 az rest 解决方法,但到目前为止还没有运气。
$ApiUrl = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ApiManagement/service/$apimServiceName/namedValues/${namedValueName}?api-version=2023-09-01-preview"
Write-Host $ApiUrl
Write-Host $NamedValueProperties
# Use az rest command to invoke Azure REST API for creating/updating the named value
$response = az rest --method put --url $ApiUrl --body $namedValuePropertiesString --headers "Content-Type=application/json" --output json | ConvertFrom-Json
# Output the response status code and body for diagnosis
Write-Host $response.properties
$ApiUrl = "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.ApiManagement/service/$apimServiceName/namedValues/${namedValueName}?api-version=2023-09-01-preview" Write-Host $ApiUrl Write-Host $NamedValueProperties
# Use az rest command to invoke Azure REST API for creating/updating the named value $response = az rest --method put --url $ApiUrl --body $namedValuePropertiesString --headers "Content-Type=application/json"
--output json | ConvertFrom-Json
# Output the response status code and body for diagnosis Write-Host $response.properties https://management.azure.com/subscriptions/sub-id/resourceGroups/rg/providers/Microsoft.ApiManagement/service/apim-name/namedValues/nv-name?api-version=2023-09-01-preview {
"properties":
{
"keyVault": {
"identityClientId": "client-id",
"secretIdentifier": "https://kv-name.vault.azure.net/secrets/SecretThing"
},
"displayName": "nv-name",
"secret": true
} } @{ProvisioningState=InProgress}
因此,它运行时没有错误,但“ProvisioningState”永远不会超出“InProgress”,并且我没有看到新的命名值出现在 Azure 门户中(或通过使用 az cli 查询)。
来自 Github 问题的示例正文不正确:
{
"properties": {
"displayName": "$namedValue",
"secret": true,
"keyVault": {
"identityClient": "$managedIdentityClientId",
"secretIdentifier": "$keyVaultSecretUri"
}
}
}
根据 Microsoft 文档,以下正文是正确的:
{
"properties": {
"displayName": "prop6namekv",
"secret": true,
"keyVault": {
"identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
"secretIdentifier": "https://contoso.vault.azure.net/secrets/aadSecret"
}
}
}
问题在于 json-property 的名称。
错误:
identityClient
正确:
identityClientId