使用最新的Azure Powershell SDK,但似乎仍然无法通过 API Management 在 Azure 中为 CDN 创建自定义 SSL 域。我们有 100 多个要创建的子域,并且需要能够编写此任务的创建脚本以供将来扩展。
由于SDK 不支持,有谁知道如何通过 REST API 切换此标志?我们正在使用New-AzureRmCdnCustomDomain命令行开关。
问问题
588 次
1 回答
2
更新: AzureRM 6.13.0 模块和新的 Az 模块(包括 Az.Cdn)现在使用 cmdlet 支持此功能。请参阅Enable-AzureCdnCustomDomain (AzureRM.Cdn) 或 Enable-AzCdnCustomDomain (Az.Cdn)
用于启用自定义域 HTTPS 的 REST API 记录在docs.microsoft.com
启用自定义 Https
启用自定义域的 https 传递。
POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/endpoints/{endpointName}/customDomains/{customDomainName}/enableCustomHttps?api-version=2017-10-12
在您可以使用 Azure REST API 之前,您需要获取一个访问令牌:
使用 PowerShell 生成访问令牌:
$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{ "grant_type" = "client_credentials" "resource" = "https://management.core.windows.net/" "client_id" = "<application id>" "client_secret" = "<password you selected for authentication>" }响应包含访问令牌、有关该令牌有效时间的信息以及有关您可以将该令牌用于什么资源的信息。您在之前的 HTTP 调用中收到的访问令牌必须传递给对资源管理器 API 的所有请求。您将其作为名为“Authorization”的标头值传递,其值为“Bearer YOUR_ACCESS_TOKEN”。注意“Bearer”和您的访问令牌之间的空格。
通过在 Azure AD 中创建应用注册来检索客户端 ID,并且在创建的应用注册的 Keys 部分中生成 clientkey。这可以组合成这样的解决方案:
$subscriptionId = "..."
$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."
$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
"grant_type" = "client_credentials"
"resource" = "https://management.core.windows.net/"
"client_id" = "<application id>"
"client_secret" = "<password you selected for authentication>"
}
$header = @{
"Authorization"= "Bearer $($Token.access_token)"
}
Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2016-10-02"
如果您不需要自动化脚本,您可以使用此修改后的示例(基于Source )使用 GUI 手动登录(无需应用程序注册)。它需要AzureRM -module,可以使用以下方式安装Install-Module AzureRM:
Function Login-AzureRESTApi {
Import-Module AzureRM.Profile
# Load ADAL Azure AD Authentication Library Assemblies
$modulepath = Split-Path (Get-Module -Name AzureRM.Profile).Path
$adal = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
$null = [System.Reflection.Assembly]::LoadFrom($adal)
$null = [System.Reflection.Assembly]::LoadFrom($adalforms)
# Login to Azure
$Env = Login-AzureRmAccount
# Select Subscription
$Subscription = (Get-AzureRmSubscription | Out-GridView -Title "Choose a subscription ..." -PassThru)
$adTenant = $Subscription.TenantId
$global:SubscriptionID = $Subscription.SubscriptionId
# Client ID for Azure PowerShell
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
# Set redirect URI for Azure PowerShell
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
# Set Resource URI to Azure Service Management API | @marckean
$resourceAppIdURIASM = "https://management.core.windows.net/"
$resourceAppIdURIARM = "https://management.azure.com/"
# Set Authority to Azure AD Tenant
$authority = "https://login.windows.net/$adTenant"
# Create Authentication Context tied to Azure AD Tenant
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority
# Acquire token
$global:authResultASM = $authContext.AcquireToken($resourceAppIdURIASM, $clientId, $redirectUri, "Auto")
$global:authResultARM = $authContext.AcquireToken($resourceAppIdURIARM, $clientId, $redirectUri, "Auto")
}
$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."
Login-AzureRESTApi
#Reuse selected subscription from login
$Subscription = $global:subscriptionId
$header = @{
"Authorization"= $global:authResultARM.CreateAuthorizationHeader()
}
Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2017-10-12"
于 2017-04-12T23:00:37.667 回答