Azure REST access token

1
votes

I want next: From my website to be able to start virtual server (Ubuntu, linux, windows server). I dit this with AWS and there was simple to find via IAM the access key and token.

I would like to do the same if possible with Azure, to get the access key and token. I found some tutorials on how to like here: https://www.youtube.com/watch?v=ujzrq8Fg9Gc&t=51s but it makes so much things and I just need key token and secret token to be able to access the virtual hosts and manipulate it.

I see there is also oAuth2 and tha is too much to set it up for this project.

there is also so called azure ad https://docs.microsoft.com/en-us/rest/api/

So any help would be nice to find that easy access key key and token to list, create, update virtual machines.

Maybe because I have free account?

Update: I found this one and it is very easy: https://docs.microsoft.com/en-us/rest/api/compute/virtualmachines/createorupdate

just say: PUT https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}?api-version=2017-12-01

subscriptionID if I provide this, would that be enough? I was thinking there should be some authorization?

2
azureazure-web-app-service
there is authorization, read the docs4c74356b41

2 Answers

4
votes

As Thuan Ng said, you need get token firstly. If you want to get the token, you need create a service principal and give it Owner role. More information please check this link.

After the sp is created, you will get client id, client secret. You could use them to get token. More information you could get the link. For power shell to get token, you could use the following example:

##get token
$TENANTID=""
$APPID=""
$PASSWORD=""
$result=Invoke-RestMethod -Uri https://login.microsoftonline.com/$TENANTID/oauth2/token?api-version=1.0 -Method Post -Body @{"grant_type" = "client_credentials"; "resource" = "https://management.core.windows.net/"; "client_id" = "$APPID"; "client_secret" = "$PASSWORD" }
$token=$result.access_token

##set subscriptionId and resource group name
$subscriptionId=""
$resourcegroupname="shui5"

$Headers=@{
    'authorization'="Bearer $token"
    'host'="management.azure.com"
    'contentype'='application/json'
}
$body='{
    "location": "northeurope",
     "tags": {
        "tagname1": "test-tag"
    }
 }'
Invoke-RestMethod  -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourcegroups/${resourcegroupname}?api-version=2015-01-01"  -Headers $Headers -Method PUT -Body $body

For postman: enter image description here

After you get the token, you could call rest API. For example:

enter image description here

0
votes

To be authorized by Azure AD Authorization server, you need to get access token first. The URI (PUT) is not enough. To get access token, normally you need to go to Azure AD to register your client app (it is kind of object to be used for authorization, not an app in Apple or Android store you might think). When registering app, you are given client ID and can generate a client secret. With tenant ID, client ID and client secret, you can use HTTP Request to request access token from the OAuth2 endpoint https://login.microsoftonline.com/{tenantID}/oauth2/token. After you have access token, you need to construct authorization header in your Http request. It's Bearer token.

When using PUT, you also need to construct the request body object. Here is an example

var requestBody = new
{
    location = westus,
    properties = new
    {
        hardwareProfile = new
        {
            vmSize = "Standard_D1_v2"
        },
    storageProfile = new
    {
        osDisk = new
        {
            name = "VMDisk",
            image = new
            {
                uri = ...
            }
        }
    }
    ....
};

The request body doesn't have to be anonymous type like the one I defined above. That depends on your familiarity. If using such a structure, you can use PutAsJsonAsync(url, requestBody) . Url is actually the request Url which is the combination of Uri (management.azure.com) and the parameter {subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Compute/virtualMachines/{vmName}?api-version=2017-12-01

I detailed the access token with Http Request here http://thuansoldier.net/?p=6790

And if you want to know more details about how to use PUT to request to Azure Resource Manager API, here is the detail http://thuansoldier.net/?p=7292 (looking up the heading Creating a new key vault in which I described how to use PUT and to construct request body) This is exactly what you'd need to create a new VM resource.