Federated Identity Credentials - List

Service:

Managed Identity

API Version:

2023-01-31

Listes toutes les informations d’identification d’identité fédérée sous l’identité affectée par l’utilisateur spécifiée.

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials?api-version=2023-01-31

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials?$top={$top}&$skiptoken={$skiptoken}&api-version=2023-01-31

Paramètres URI

Nom	Dans	Obligatoire	Type	Description
resourceGroupName	path	True	string	Nom du groupe de ressources auquel l’identité appartient.
resourceName	path	True	string	Nom de la ressource d’identité.
subscriptionId	path	True	string	ID de l’abonnement auquel l’identité appartient.
api-version	query	True	string	Version de l’API à appeler.
$skiptoken	query		string	Un jeton skip est utilisé pour continuer à récupérer des éléments après qu’une opération retourne un résultat partiel. Si une réponse précédente contient un élément nextLink, la valeur de l’élément nextLink inclut un paramètre skipToken qui spécifie un point de départ à utiliser pour les appels suivants.
$top	query		integer int32	Nombre d’enregistrements à renvoyer.

Réponses

Nom	Type	Description
200 OK	FederatedIdentityCredentialsListResult	OK. La liste des informations d’identification d’identité fédérée pour l’identité affectée par l’utilisateur spécifiée a été récupérée et retournée avec succès.
Other Status Codes	CloudError	Réponse d’erreur décrivant la raison de l’échec de l’opération.

Sécurité

azure_auth

Flux OAuth2 Azure Active Directory

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

Nom	Description
user_impersonation	Emprunter l’identité de votre compte d’utilisateur

Exemples

FederatedIdentityCredentialList

Sample Request

HTTP

GET https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials?api-version=2023-01-31

Java

/** Samples for FederatedIdentityCredentials List. */
public final class Main {
    /*
     * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/
     * FederatedIdentityCredentialList.json
     */
    /**
     * Sample code: FederatedIdentityCredentialList.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void federatedIdentityCredentialList(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.identities().manager().serviceClient().getFederatedIdentityCredentials().list("rgName", "resourceName",
            null, null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Python

from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-msi
# USAGE
    python federated_identity_credential_list.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServiceIdentityClient(
        credential=DefaultAzureCredential(),
        subscription_id="c267c0e7-0a73-4789-9e17-d26aeb0904e5",
    )

    response = client.federated_identity_credentials.list(
        resource_group_name="rgName",
        resource_name="resourceName",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Go

package armmsi_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/3d7a3848106b831a4a7f46976fe38aa605c4f44d/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
func ExampleFederatedIdentityCredentialsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmsi.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewFederatedIdentityCredentialsClient().NewListPager("rgName", "resourceName", &armmsi.FederatedIdentityCredentialsClientListOptions{Top: nil,
		Skiptoken: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.FederatedIdentityCredentialsListResult = armmsi.FederatedIdentityCredentialsListResult{
		// 	Value: []*armmsi.FederatedIdentityCredential{
		// 		{
		// 			Name: to.Ptr("ficResourceName"),
		// 			Type: to.Ptr("Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"),
		// 			ID: to.Ptr("/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName"),
		// 			Properties: &armmsi.FederatedIdentityCredentialProperties{
		// 				Audiences: []*string{
		// 					to.Ptr("api://AzureADTokenExchange")},
		// 					Issuer: to.Ptr("https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID"),
		// 					Subject: to.Ptr("system:serviceaccount:ns:svcaccount"),
		// 				},
		// 		}},
		// 	}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

JavaScript

const { ManagedServiceIdentityClient } = require("@azure/arm-msi");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Lists all the federated identity credentials under the specified user assigned identity.
 *
 * @summary Lists all the federated identity credentials under the specified user assigned identity.
 * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
 */
async function federatedIdentityCredentialList() {
  const subscriptionId =
    process.env["MSI_SUBSCRIPTION_ID"] || "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
  const resourceGroupName = process.env["MSI_RESOURCE_GROUP"] || "rgName";
  const resourceName = "resourceName";
  const credential = new DefaultAzureCredential();
  const client = new ManagedServiceIdentityClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.federatedIdentityCredentials.list(
    resourceGroupName,
    resourceName
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

dotnet

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ManagedServiceIdentities;

// Generated from example definition: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
// this example is just showing the usage of "FederatedIdentityCredentials_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this UserAssignedIdentityResource created on azure
// for more information of creating UserAssignedIdentityResource, please refer to the document of UserAssignedIdentityResource
string subscriptionId = "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
string resourceGroupName = "rgName";
string resourceName = "resourceName";
ResourceIdentifier userAssignedIdentityResourceId = UserAssignedIdentityResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, resourceName);
UserAssignedIdentityResource userAssignedIdentity = client.GetUserAssignedIdentityResource(userAssignedIdentityResourceId);

// get the collection of this FederatedIdentityCredentialResource
FederatedIdentityCredentialCollection collection = userAssignedIdentity.GetFederatedIdentityCredentials();

// invoke the operation and iterate over the result
await foreach (FederatedIdentityCredentialResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    FederatedIdentityCredentialData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:

200

{
  "value": [
    {
      "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
      "name": "ficResourceName",
      "properties": {
        "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
        "subject": "system:serviceaccount:ns:svcaccount",
        "audiences": [
          "api://AzureADTokenExchange"
        ]
      },
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
    }
  ],
  "nextLink": "https://serviceRoot/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials?api-version=2023-01-31&$skipToken=X'12345'"
}

Définitions

Nom	Description
CloudError	Réponse d’erreur du service ManagedServiceIdentity.
CloudErrorBody	Réponse d’erreur du service ManagedServiceIdentity.
createdByType	Type d’identité qui a créé la ressource.
FederatedIdentityCredential	Décrit des informations d’identification d’identité fédérée.
FederatedIdentityCredentialsListResult	Valeurs retournées par l’opération List pour les informations d’identification d’identité fédérée.
systemData	Métadonnées relatives à la création et à la dernière modification de la ressource.

CloudError

Réponse d’erreur du service ManagedServiceIdentity.

Nom	Type	Description
error	CloudErrorBody	Liste des détails supplémentaires sur l’erreur.

CloudErrorBody

Réponse d’erreur du service ManagedServiceIdentity.

Nom	Type	Description
code	string	Identificateur de l'erreur.
details	CloudErrorBody[]	Liste des détails supplémentaires sur l’erreur.
message	string	Message décrivant l’erreur, destiné à être affiché dans une interface utilisateur.
target	string	Cible de l’erreur particulière. Par exemple, le nom de la propriété dans l’erreur.

createdByType

Type d’identité qui a créé la ressource.

Nom	Type	Description
Application	string
Key	string
ManagedIdentity	string
User	string

FederatedIdentityCredential

Décrit des informations d’identification d’identité fédérée.

Nom	Type	Description
id	string	ID de ressource complet pour la ressource. Par exemple, « /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName} »
name	string	nom de la ressource.
properties.audiences	string[]	Liste des audiences qui peuvent apparaître dans le jeton émis.
properties.issuer	string	URL de l’émetteur à approuver.
properties.subject	string	Identificateur de l’identité externe.
systemData	systemData	Métadonnées Azure Resource Manager contenant les informations createdBy et modifiedBy.
type	string	Type de la ressource. Par exemple, « Microsoft.Compute/virtualMachines » ou « Microsoft.Storage/storageAccounts »

FederatedIdentityCredentialsListResult

Valeurs retournées par l’opération List pour les informations d’identification d’identité fédérée.

Nom	Type	Description
nextLink	string	URL permettant d’obtenir la page de résultats suivante, le cas échéant.
value	FederatedIdentityCredential[]	Collection d’informations d’identification d’identité fédérée retournées par l’opération de référencement.

systemData

Métadonnées relatives à la création et à la dernière modification de la ressource.

Nom	Type	Description
createdAt	string	Horodatage de la création de ressources (UTC).
createdBy	string	Identité qui a créé la ressource.
createdByType	createdByType	Type d’identité qui a créé la ressource.
lastModifiedAt	string	Horodatage de la dernière modification de la ressource (UTC)
lastModifiedBy	string	Identité qui a modifié la ressource pour la dernière fois.
lastModifiedByType	createdByType	Type d’identité qui a modifié la ressource pour la dernière fois.