Federated Identity Credentials - Get

Referencia

Service:: Managed Identity

API Version:: 2023-01-31

Obtiene la credencial de identidad federada.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials/{federatedIdentityCredentialResourceName}?api-version=2023-01-31

Parámetros de identificador URI

Nombre	En	Requerido	Tipo	Description
federatedIdentityCredentialResourceName	path	True	string	Nombre del recurso de credenciales de identidad federada. Regex pattern: `^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$`
resourceGroupName	path	True	string	Nombre del grupo de recursos al que pertenece la identidad.
resourceName	path	True	string	Nombre del recurso de identidad.
subscriptionId	path	True	string	Identificador de la suscripción a la que pertenece la identidad.
api-version	query	True	string	Versión de la API que se va a invocar.

Respuestas

Nombre	Tipo	Description
200 OK	FederatedIdentityCredential	Aceptar. Credencial de identidad federada solicitada.
Other Status Codes	CloudError	Respuesta de error que describe el motivo del error de la operación.

Seguridad

azure_auth

Flujo OAuth2 de Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nombre	Description
user_impersonation	suplantación de su cuenta de usuario

Ejemplos

FederatedIdentityCredentialGet

Sample Request

GET https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials/ficResourceName?api-version=2023-01-31


/** Samples for FederatedIdentityCredentials Get. */
public final class Main {
    /*
     * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/
     * FederatedIdentityCredentialGet.json
     */
    /**
     * Sample code: FederatedIdentityCredentialGet.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void federatedIdentityCredentialGet(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.identities().manager().serviceClient().getFederatedIdentityCredentials().getWithResponse("rgName",
            "resourceName", "ficResourceName", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-msi
# USAGE
    python federated_identity_credential_get.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServiceIdentityClient(
        credential=DefaultAzureCredential(),
        subscription_id="c267c0e7-0a73-4789-9e17-d26aeb0904e5",
    )

    response = client.federated_identity_credentials.get(
        resource_group_name="rgName",
        resource_name="resourceName",
        federated_identity_credential_resource_name="ficResourceName",
    )
    print(response)


# x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmsi_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/3d7a3848106b831a4a7f46976fe38aa605c4f44d/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
func ExampleFederatedIdentityCredentialsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmsi.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewFederatedIdentityCredentialsClient().Get(ctx, "rgName", "resourceName", "ficResourceName", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FederatedIdentityCredential = armmsi.FederatedIdentityCredential{
	// 	Name: to.Ptr("ficResourceName"),
	// 	Type: to.Ptr("Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"),
	// 	ID: to.Ptr("/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName"),
	// 	Properties: &armmsi.FederatedIdentityCredentialProperties{
	// 		Audiences: []*string{
	// 			to.Ptr("api://AzureADTokenExchange")},
	// 			Issuer: to.Ptr("https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID"),
	// 			Subject: to.Ptr("system:serviceaccount:ns:svcaccount"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ManagedServiceIdentityClient } = require("@azure/arm-msi");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the federated identity credential.
 *
 * @summary Gets the federated identity credential.
 * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
 */
async function federatedIdentityCredentialGet() {
  const subscriptionId =
    process.env["MSI_SUBSCRIPTION_ID"] || "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
  const resourceGroupName = process.env["MSI_RESOURCE_GROUP"] || "rgName";
  const resourceName = "resourceName";
  const federatedIdentityCredentialResourceName = "ficResourceName";
  const credential = new DefaultAzureCredential();
  const client = new ManagedServiceIdentityClient(credential, subscriptionId);
  const result = await client.federatedIdentityCredentials.get(
    resourceGroupName,
    resourceName,
    federatedIdentityCredentialResourceName
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ManagedServiceIdentities;

// Generated from example definition: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
// this example is just showing the usage of "FederatedIdentityCredentials_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this UserAssignedIdentityResource created on azure
// for more information of creating UserAssignedIdentityResource, please refer to the document of UserAssignedIdentityResource
string subscriptionId = "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
string resourceGroupName = "rgName";
string resourceName = "resourceName";
ResourceIdentifier userAssignedIdentityResourceId = UserAssignedIdentityResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, resourceName);
UserAssignedIdentityResource userAssignedIdentity = client.GetUserAssignedIdentityResource(userAssignedIdentityResourceId);

// get the collection of this FederatedIdentityCredentialResource
FederatedIdentityCredentialCollection collection = userAssignedIdentity.GetFederatedIdentityCredentials();

// invoke the operation
string federatedIdentityCredentialResourceName = "ficResourceName";
NullableResponse<FederatedIdentityCredentialResource> response = await collection.GetIfExistsAsync(federatedIdentityCredentialResourceName);
FederatedIdentityCredentialResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine($"Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    FederatedIdentityCredentialData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
  "name": "ficResourceName",
  "properties": {
    "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
    "subject": "system:serviceaccount:ns:svcaccount",
    "audiences": [
      "api://AzureADTokenExchange"
    ]
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}

Definiciones

Nombre	Description
CloudError	Respuesta de error del servicio ManagedServiceIdentity.
CloudErrorBody	Respuesta de error del servicio ManagedServiceIdentity.
createdByType	Tipo de identidad que creó el recurso.
FederatedIdentityCredential	Describe una credencial de identidad federada.
systemData	Metadatos relacionados con la creación y la última modificación del recurso.

CloudError

Respuesta de error del servicio ManagedServiceIdentity.

Nombre	Tipo	Description
error	CloudErrorBody	Lista de detalles adicionales sobre el error.

CloudErrorBody

Respuesta de error del servicio ManagedServiceIdentity.

Nombre	Tipo	Description
code	string	Identificador del error.
details	CloudErrorBody[]	Lista de detalles adicionales sobre el error.
message	string	Mensaje que describe el error, diseñado para ser adecuado para mostrarse en una interfaz de usuario.
target	string	Destino del error concreto. Por ejemplo, el nombre de la propiedad en error.

createdByType

Tipo de identidad que creó el recurso.

Nombre	Tipo	Description
Application	string
Key	string
ManagedIdentity	string
User	string

FederatedIdentityCredential

Describe una credencial de identidad federada.

Nombre	Tipo	Description
id	string	Identificador de recurso completo del recurso. Por ejemplo, "/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}"
name	string	Nombre del recurso.
properties.audiences	string[]	La lista de audiencias que pueden aparecer en el token emitido.
properties.issuer	string	La dirección URL del emisor en que se va a confiar.
properties.subject	string	El identificador de la identidad externa.
systemData	systemData	Metadatos de Azure Resource Manager que contienen información sobre los valores de createdBy y modifiedBy.
type	string	Tipo de recurso. Por ejemplo, "Microsoft.Compute/virtualMachines" o "Microsoft.Storage/storageAccounts"

systemData

Metadatos relacionados con la creación y la última modificación del recurso.

Nombre	Tipo	Description
createdAt	string	Marca de tiempo de creación de recursos (UTC).
createdBy	string	Identidad que creó el recurso.
createdByType	createdByType	Tipo de identidad que creó el recurso.
lastModifiedAt	string	Marca de tiempo de la última modificación del recurso (UTC)
lastModifiedBy	string	Identidad que modificó por última vez el recurso.
lastModifiedByType	createdByType	Tipo de identidad que modificó por última vez el recurso.