I'm using Azure Powershell 3.8.0
I'm trying to fetch the Object ID that can be seen in this screen:
I tried using the following:
PS> (Get-AzResource -Name "func-example").Identity.PrincipalId
But it does not match the Object ID.
then also:
PS> (Get-AzWebApp -Name "func-example" -ResourceGroupName RGNAME).Identity
But also does not match
Does anyone know how to fetch that ID using Azure Powershell?
You can do this,
With PowerShell :
Get-AzADServicePrincipal -DisplayName 'func-example'
With CLI :
az ad sp list --display-name 'func-example'
Related
I am trying to get the subscription keys for my products as well as default subscription key using cli. I have gone through the documentation https://learn.microsoft.com/en-us/cli/azure/apim/api?view=azure-cli-latest , but right now I don't see any commands to get me the subscription key.
While I can see there are powershell way of getting it, we run the tasks in ubuntu pipeline, and the commands listed below is not working in the linux agent. It says Set-AzContext is not a known command
$subscriptionId = "id"
$RG = "rg"
$service = "apim-name"
Set-AzContext -Subscription $subscriptionIdÂ
$apimContext = New-AzApiManagementContext -ResourceGroupName $RG -ServiceName $service
Get-AzApiManagementSubscriptionKey -Context $apimContext -SubscriptionId "master"
Update
I am able to fetch the details through powershell task for Azure in the DevOps pipeline. If there is no option in azure cli I will use this as a workaround.
Using az rest it is possible:
APIMID=`az apim show -n apimname -g resourcegroup --query id -o tsv`
az rest --method post --uri ${APIMID}/subscriptions/test-subscription/listSecrets?api-version=2021-08-01 --query primaryKey -o tsv
where test-subscription is the name of the subscription.
Currently it is not possible to fetch subscription key using AZ CLI commands. The PowerShell command used is the correct way to go. Just in case if it helps another way to get the subscription key is by using Management API call
We are using the Azure API Management Product subscription id in our Front End applications and there is no track on which frontend application is using which id as the product is having multiple subscription id and the one API has multiple products attached to it.
Sometimes we need to add the header policies where the front-end developer will give us the subscription id they are using and it becomes difficult to check in the portal UI to get the name of the product from the subscription id.
Looking for a Powershell script or az command which can give the list of products with subscription id so that it will be easy and useful.
Thanks
List products: https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/get-azapimanagementproduct?view=azps-5.5.0
List subscriptions: https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/get-azapimanagementsubscription?view=azps-5.5.0
Get subscription key: https://learn.microsoft.com/en-us/powershell/module/az.apimanagement/get-azapimanagementsubscriptionkey?view=azps-5.5.0
APIM az reference: https://learn.microsoft.com/en-us/cli/azure/apim?view=azure-cli-latest
I do it like this. Unfortunately, I don't know yet how to extract the secret keys of the apim subscriptions, which do not appear here:
Set-ExecutionPolicy -ExecutionPolicy RemoteSigned -Scope CurrentUser
Install-Module -Name Az -Scope CurrentUser -Repository PSGallery -Force
Connect-AzAccount
Select-AzSubscription -SubscriptionName 'my-playground'
$apimContext = New-AzApiManagementContext -ResourceGroupName "my-
playground" -ServiceName "my-apim-playground"
Get-AzApiManagementSubscription -Context $apimContext | Format-Table -
Property Name, SubscriptionId
I have a container created by someone and I'm using it load the data. In the manage access tab I see my user name and also $superuser(Owner) and $superuser(Owning Group) with different level of ACLs set.
How to find who is the superuser for that container? I tried Get Properties API but still seeing the response as $superuser
You could use the Az powershell command to get $superuser(Owner), it returns the Object ID of the Owner, which could be a user, group, service principal in Azure AD.
Connect-AzAccount
$storageAccount = Get-AzStorageAccount -ResourceGroupName <group-name> -AccountName <storage-account-name>
$ctx = $storageAccount.Context
$filesystemName = "<container-name>"
$filesystem = Get-AzDataLakeGen2Item -Context $ctx -FileSystem $filesystemName
$filesystem.Owner
If you want to get the details of the Object ID, you could use the AzureAD command below.
Connect-AzureAD
Get-AzureADObjectByObjectId -ObjectIds $filesystem.Owner
Update:
Yes, you could use the azure cli command az storage blob directory access show, first you need to add the storage-preview extension.
az extension add -n storage-preview
az login
az storage blob directory access show -d '/' -c '<container-name>' --account-name '<account-name>'
It also returns the Object ID of the $superuser(Owner), but in azure cli, there is no built-in command to get the directory object with Object ID, you can get the details about the object with az ad user show, az ad sp show, az ad group show, you need to know the type of the object previously.
If you don't know the type of the object, you can just use az rest to call Microsoft Graph to get the details.
az rest --method get --uri https://graph.microsoft.com/v1.0/directoryObjects/<Object ID>
I have a logic App with Managed Identity enabled. For automation purposes, I need to use either Azure CLI or Powershell to grab the objectID of the Logic App Managed Identity to grant it access to a keyvault.
I have done the same for Azure Data Factory using a Poweshell command like this:
(Get-AzureRMDataFactoryV2 -ResourceGroupName $ResourceGroup -Name $DataFactoryName).Identity
Tried something similar for logic app but it does not return the identity.
Looks like the Workflow object returned by Get-AzLogicApp doesn't have the identity property defined.
A workaround would be to use the Get-AzResource cmdlet instead.
$ID = (Get-AzResource -Name myLogicApp -ResourceType Microsoft.Logic/workflows).Identity.PrincipalId
Based on the previous answer by Joey Cai, you can do the following in AZ CLI also:
$ID = az resource show --name "myLogicApp" --resource-group "myResourceGroup" --resource-type "Microsoft.Logic/workflows" --query "identity.principalId" | ConvertFrom-Json
How can I get the Object Id of an Azure resource using PowerShell cmdlets?
I tried using Get-AzureRmResource -ResourceName 'my-resource' | fl but it fails with error: Parameter set cannot be resolved using the specified named parameters
I also tried using Get-AzResource -Name 'my-resource' but among the information it retrieves it doesn't include the Object Id.
In Azure, there is no such Object Id for azure resources in the subscription, there is just a ResourceId with the format /subscriptions/{subscription-id}/resourceGroups/{resource-group-name}/{resource-provider-namespace}/{resource-type}/{resource-name}.
You can get it via Get-AzResource you used, it returns the ResourceId.