你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

Certificate - Refresh Secret

参考

服务:: API Management

API 版本:: 2022-08-01

在 KeyVault 中，刷新用于后端身份验证的证书。

POST https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ApiManagement/service/{serviceName}/certificates/{certificateId}/refreshSecret?api-version=2022-08-01

URI 参数

名称	在	必需	类型	说明
certificateId	path	True	string	证书实体的标识符。在当前API 管理服务实例中必须是唯一的。正则表达式模式: `^[^*#&+:<>?]+$`
resourceGroupName	path	True	string	资源组的名称。此名称不区分大小写。
serviceName	path	True	string	API 管理服务的名称。正则表达式模式: `^[a-zA-Z](?:[a-zA-Z0-9-]*[a-zA-Z0-9])?$`
subscriptionId	path	True	string	目标订阅的 ID。
api-version	query	True	string	要用于此操作的 API 版本。

响应

名称

类型

说明

200 OK

CertificateContract

已成功更新证书详细信息。

标头

ETag: string

Other Status Codes

描述操作失败原因的错误响应。

安全性

azure_auth

Azure Active Directory OAuth2 Flow。

类型: oauth2
流向: implicit
授权 URL: https://login.microsoftonline.com/common/oauth2/authorize

作用域

名称	说明
user_impersonation	模拟用户帐户

示例

ApiManagementRefreshCertificate

示例请求

POST https://management.azure.com/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv/refreshSecret?api-version=2022-08-01

/** Samples for Certificate RefreshSecret. */
public final class Main {
    /*
     * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementRefreshCertificate.json
     */
    /**
     * Sample code: ApiManagementRefreshCertificate.
     *
     * @param manager Entry point to ApiManagementManager.
     */
    public static void apiManagementRefreshCertificate(
        com.azure.resourcemanager.apimanagement.ApiManagementManager manager) {
        manager
            .certificates()
            .refreshSecretWithResponse("rg1", "apimService1", "templateCertkv", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential

from azure.mgmt.apimanagement import ApiManagementClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-apimanagement
# USAGE
    python api_management_refresh_certificate.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ApiManagementClient(
        credential=DefaultAzureCredential(),
        subscription_id="subid",
    )

    response = client.certificate.refresh_secret(
        resource_group_name="rg1",
        service_name="apimService1",
        certificate_id="templateCertkv",
    )
    print(response)


# x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementRefreshCertificate.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armapimanagement_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/apimanagement/armapimanagement/v2"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/4cd95123fb961c68740565a1efcaa5e43bd35802/specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementRefreshCertificate.json
func ExampleCertificateClient_RefreshSecret() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armapimanagement.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewCertificateClient().RefreshSecret(ctx, "rg1", "apimService1", "templateCertkv", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.CertificateContract = armapimanagement.CertificateContract{
	// 	Name: to.Ptr("templateCertkv"),
	// 	Type: to.Ptr("Microsoft.ApiManagement/service/certificates"),
	// 	ID: to.Ptr("/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv"),
	// 	Properties: &armapimanagement.CertificateContractProperties{
	// 		ExpirationDate: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2037-01-01T07:00:00.000Z"); return t}()),
	// 		KeyVault: &armapimanagement.KeyVaultContractProperties{
	// 			IdentityClientID: to.Ptr("ceaa6b06-c00f-43ef-99ac-f53d1fe876a0"),
	// 			SecretIdentifier: to.Ptr("https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert"),
	// 			LastStatus: &armapimanagement.KeyVaultLastAccessStatusContractProperties{
	// 				Code: to.Ptr("Success"),
	// 				TimeStampUTC: to.Ptr(func() time.Time { t, _ := time.Parse(time.RFC3339Nano, "2020-09-22T00:24:53.319Z"); return t}()),
	// 			},
	// 		},
	// 		Subject: to.Ptr("CN=*.msitesting.net"),
	// 		Thumbprint: to.Ptr("EA**********************9AD690"),
	// 	},
	// }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ApiManagementClient } = require("@azure/arm-apimanagement");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to From KeyVault, Refresh the certificate being used for authentication with the backend.
 *
 * @summary From KeyVault, Refresh the certificate being used for authentication with the backend.
 * x-ms-original-file: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementRefreshCertificate.json
 */
async function apiManagementRefreshCertificate() {
  const subscriptionId = process.env["APIMANAGEMENT_SUBSCRIPTION_ID"] || "subid";
  const resourceGroupName = process.env["APIMANAGEMENT_RESOURCE_GROUP"] || "rg1";
  const serviceName = "apimService1";
  const certificateId = "templateCertkv";
  const credential = new DefaultAzureCredential();
  const client = new ApiManagementClient(credential, subscriptionId);
  const result = await client.certificate.refreshSecret(
    resourceGroupName,
    serviceName,
    certificateId
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using Azure;
using Azure.ResourceManager;
using System;
using System.Threading.Tasks;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager.ApiManagement.Models;
using Azure.ResourceManager.ApiManagement;

// Generated from example definition: specification/apimanagement/resource-manager/Microsoft.ApiManagement/stable/2022-08-01/examples/ApiManagementRefreshCertificate.json
// this example is just showing the usage of "Certificate_RefreshSecret" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this ApiManagementCertificateResource created on azure
// for more information of creating ApiManagementCertificateResource, please refer to the document of ApiManagementCertificateResource
string subscriptionId = "subid";
string resourceGroupName = "rg1";
string serviceName = "apimService1";
string certificateId = "templateCertkv";
ResourceIdentifier apiManagementCertificateResourceId = ApiManagementCertificateResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, serviceName, certificateId);
ApiManagementCertificateResource apiManagementCertificate = client.GetApiManagementCertificateResource(apiManagementCertificateResourceId);

// invoke the operation
ApiManagementCertificateResource result = await apiManagementCertificate.RefreshSecretAsync();

// the variable result is a resource, you could call other operations on this instance as well
// but just for demo, we get its data from this resource instance
ApiManagementCertificateData resourceData = result.Data;
// for demo we just print out the id
Console.WriteLine($"Succeeded on id: {resourceData.Id}");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

示例响应

状态代码:: 200

{
  "id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.ApiManagement/service/apimService1/certificates/templateCertkv",
  "type": "Microsoft.ApiManagement/service/certificates",
  "name": "templateCertkv",
  "properties": {
    "subject": "CN=*.msitesting.net",
    "thumbprint": "EA**********************9AD690",
    "expirationDate": "2037-01-01T07:00:00Z",
    "keyVault": {
      "secretIdentifier": "https://rpbvtkeyvaultintegration.vault-int.azure-int.net/secrets/msitestingCert",
      "identityClientId": "ceaa6b06-c00f-43ef-99ac-f53d1fe876a0",
      "lastStatus": {
        "code": "Success",
        "timeStampUtc": "2020-09-22T00:24:53.3191468Z"
      }
    }
  }
}

定义

名称	说明
CertificateContract	证书详细信息。
ErrorFieldContract	错误字段协定。
ErrorResponse	错误响应。
KeyVaultContractProperties	KeyVault 合同详细信息。
KeyVaultLastAccessStatusContractProperties	颁发合同更新属性。

CertificateContract

证书详细信息。

名称	类型	说明
id	string	资源的完全限定的资源 ID。例如 - /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}
name	string	资源的名称
properties.expirationDate	string	证书的到期日期。日期符合以下格式： `yyyy-MM-ddTHH:mm:ssZ` 由 ISO 8601 标准指定。
properties.keyVault	KeyVaultContractProperties	证书的 KeyVault 位置详细信息。
properties.subject	string	证书的主题属性。
properties.thumbprint	string	证书的指纹。
type	string	资源类型。例如“Microsoft.Compute/virtualMachines”或“Microsoft.Storage/storageAccounts”

ErrorFieldContract

错误字段协定。

名称	类型	说明
code	string	属性级错误代码。
message	string	属性级错误的可读表示形式。
target	string	属性名称。

ErrorResponse

错误响应。

名称	类型	说明
error.code	string	服务定义的错误代码。此代码用作响应中指定的 HTTP 错误代码的子状态。
error.details	ErrorFieldContract[]	在发生验证错误的情况下，在请求中发送的无效字段列表。
error.message	string	错误的用户可读表示形式。

KeyVaultContractProperties

KeyVault 合同详细信息。

名称	类型	说明
identityClientId	string	SystemAssignedIdentity 为 Null，或 UserAssignedIdentity 的客户端 ID，用于访问密钥保管库机密。
lastStatus	KeyVaultLastAccessStatusContractProperties	上次同步和刷新密钥保管库中的机密状态。
secretIdentifier	string	用于提取机密的密钥保管库机密标识符。提供版本控制机密将阻止自动刷新。这要求API 管理服务配置 aka.ms/apimmsi

KeyVaultLastAccessStatusContractProperties

颁发合同更新属性。

名称	类型	说明
code	string	用于从密钥保管库同步和刷新机密的最后状态代码。
message	string	错误的详细信息为空。
timeStampUtc	string	上次访问机密的时间。日期符合以下格式： `yyyy-MM-ddTHH:mm:ssZ` 由 ISO 8601 标准指定。