powershell - Azure CDN - 通过资源管理 API 的自定义域 SSL

Question

使用最新的Azure Powershell SDK ，但似乎仍然无法create Custom SSL Domains for CDNs in Azure via API Management 。我们有数百个子域需要创建，并且需要能够编写此任务的创建脚本以实现 future 的可扩展性。

有谁知道如何通过 REST API 切换此标志，因为 SDK has no support ？我们正在使用New-AzureRmCdnCustomDomain commandlet .

Answer 1

更新:AzureRM 6.13.0 模块和新的 Az 模块(包括 Az.Cdn)现在使用 cmdlet 支持此功能。请参阅Enable-AzureCdnCustomDomain (AzureRM.Cdn) 或启用-AzCdnCustomDomain (Az.Cdn)

---

用于启用自定义域 HTTPS 的 REST API 记录在 learn.microsoft.com

Enable Custom Https

Enable https delivery of the custom domain.

POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/endpoints/{endpointName}/customDomains/{customDomainName}/enableCustomHttps?api-version=2017-10-12

在使用 Azure REST API 之前，您需要获取 an access token :

Generating access token using PowerShell:

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}

The response contains an access token, information about how long that token is valid, and information about what resource you can use that token for. The access token you received in the previous HTTP call must be passed in for all request to the Resource Manager API. You pass it as a header value named "Authorization" with the value "Bearer YOUR_ACCESS_TOKEN". Notice the space between "Bearer" and your access token.

通过在 Azure AD 中创建应用程序注册来检索客户端 ID，并在创建的应用程序注册的 key 部分中生成客户端 key 。这可以组合成这样的解决方案:

$subscriptionId = "..."
$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}

$header = @{
     "Authorization"= "Bearer $($Token.access_token)"
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2016-10-02"

如果您不需要自动化脚本，您可以使用此修改后的示例(基于 Source )使用 GUI 手动登录(无需应用程序注册)。它需要 AzureRM -module，可以使用Install-Module AzureRM安装:

Function Login-AzureRESTApi {

    Import-Module AzureRM.Profile

    # Load ADAL Azure AD Authentication Library Assemblies
    $modulepath = Split-Path (Get-Module -Name AzureRM.Profile).Path
    $adal = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    $adalforms = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
    $null = [System.Reflection.Assembly]::LoadFrom($adal)
    $null = [System.Reflection.Assembly]::LoadFrom($adalforms)

    # Login to Azure
    $Env = Login-AzureRmAccount

    # Select Subscription
    $Subscription = (Get-AzureRmSubscription | Out-GridView -Title "Choose a subscription ..." -PassThru)
    $adTenant = $Subscription.TenantId
    $global:SubscriptionID = $Subscription.SubscriptionId

    # Client ID for Azure PowerShell
    $clientId = "1950a258-227b-4e31-a9cf-717495945fc2"

    # Set redirect URI for Azure PowerShell
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob"

    # Set Resource URI to Azure Service Management API | @marckean
    $resourceAppIdURIASM = "https://management.core.windows.net/"
    $resourceAppIdURIARM = "https://management.azure.com/"

    # Set Authority to Azure AD Tenant
    $authority = "https://login.windows.net/$adTenant"

    # Create Authentication Context tied to Azure AD Tenant
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    # Acquire token
    $global:authResultASM = $authContext.AcquireToken($resourceAppIdURIASM, $clientId, $redirectUri, "Auto")
    $global:authResultARM = $authContext.AcquireToken($resourceAppIdURIARM, $clientId, $redirectUri, "Auto")

} 

$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

Login-AzureRESTApi

#Reuse selected subscription from login
$Subscription = $global:subscriptionId

$header = @{
     "Authorization"= $global:authResultARM.CreateAuthorizationHeader()
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2017-10-12"