Federated Identity Credentials - Get

參考

Service:: Managed Identity

API Version:: 2023-01-31

取得同盟身分識別認證。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials/{federatedIdentityCredentialResourceName}?api-version=2023-01-31

URI 參數

名稱	位於	必要	類型	Description
federatedIdentityCredentialResourceName	path	True	string	同盟身分識別認證資源的名稱。 Regex pattern: `^[a-zA-Z0-9]{1}[a-zA-Z0-9-_]{2,119}$`
resourceGroupName	path	True	string	身分識別所屬的資源群組名稱。
resourceName	path	True	string	身分識別資源的名稱。
subscriptionId	path	True	string	身分識別所屬訂用帳戶的標識碼。
api-version	query	True	string	要叫用的 API 版本。

回應

名稱	類型	Description
200 OK	FederatedIdentityCredential	正常。要求的同盟身分識別認證。
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

FederatedIdentityCredentialGet

Sample Request

GET https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials/ficResourceName?api-version=2023-01-31


/** Samples for FederatedIdentityCredentials Get. */
public final class Main {
    /*
     * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/
     * FederatedIdentityCredentialGet.json
     */
    /**
     * Sample code: FederatedIdentityCredentialGet.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void federatedIdentityCredentialGet(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.identities().manager().serviceClient().getFederatedIdentityCredentials().getWithResponse("rgName",
            "resourceName", "ficResourceName", com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-msi
# USAGE
    python federated_identity_credential_get.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServiceIdentityClient(
        credential=DefaultAzureCredential(),
        subscription_id="c267c0e7-0a73-4789-9e17-d26aeb0904e5",
    )

    response = client.federated_identity_credentials.get(
        resource_group_name="rgName",
        resource_name="resourceName",
        federated_identity_credential_resource_name="ficResourceName",
    )
    print(response)


# x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmsi_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/3d7a3848106b831a4a7f46976fe38aa605c4f44d/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
func ExampleFederatedIdentityCredentialsClient_Get() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmsi.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	res, err := clientFactory.NewFederatedIdentityCredentialsClient().Get(ctx, "rgName", "resourceName", "ficResourceName", nil)
	if err != nil {
		log.Fatalf("failed to finish the request: %v", err)
	}
	// You could use response here. We use blank identifier for just demo purposes.
	_ = res
	// If the HTTP response code is 200 as defined in example definition, your response structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
	// res.FederatedIdentityCredential = armmsi.FederatedIdentityCredential{
	// 	Name: to.Ptr("ficResourceName"),
	// 	Type: to.Ptr("Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"),
	// 	ID: to.Ptr("/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName"),
	// 	Properties: &armmsi.FederatedIdentityCredentialProperties{
	// 		Audiences: []*string{
	// 			to.Ptr("api://AzureADTokenExchange")},
	// 			Issuer: to.Ptr("https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID"),
	// 			Subject: to.Ptr("system:serviceaccount:ns:svcaccount"),
	// 		},
	// 	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ManagedServiceIdentityClient } = require("@azure/arm-msi");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Gets the federated identity credential.
 *
 * @summary Gets the federated identity credential.
 * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
 */
async function federatedIdentityCredentialGet() {
  const subscriptionId =
    process.env["MSI_SUBSCRIPTION_ID"] || "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
  const resourceGroupName = process.env["MSI_RESOURCE_GROUP"] || "rgName";
  const resourceName = "resourceName";
  const federatedIdentityCredentialResourceName = "ficResourceName";
  const credential = new DefaultAzureCredential();
  const client = new ManagedServiceIdentityClient(credential, subscriptionId);
  const result = await client.federatedIdentityCredentials.get(
    resourceGroupName,
    resourceName,
    federatedIdentityCredentialResourceName
  );
  console.log(result);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ManagedServiceIdentities;

// Generated from example definition: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialGet.json
// this example is just showing the usage of "FederatedIdentityCredentials_Get" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this UserAssignedIdentityResource created on azure
// for more information of creating UserAssignedIdentityResource, please refer to the document of UserAssignedIdentityResource
string subscriptionId = "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
string resourceGroupName = "rgName";
string resourceName = "resourceName";
ResourceIdentifier userAssignedIdentityResourceId = UserAssignedIdentityResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, resourceName);
UserAssignedIdentityResource userAssignedIdentity = client.GetUserAssignedIdentityResource(userAssignedIdentityResourceId);

// get the collection of this FederatedIdentityCredentialResource
FederatedIdentityCredentialCollection collection = userAssignedIdentity.GetFederatedIdentityCredentials();

// invoke the operation
string federatedIdentityCredentialResourceName = "ficResourceName";
NullableResponse<FederatedIdentityCredentialResource> response = await collection.GetIfExistsAsync(federatedIdentityCredentialResourceName);
FederatedIdentityCredentialResource result = response.HasValue ? response.Value : null;

if (result == null)
{
    Console.WriteLine($"Succeeded with null as result");
}
else
{
    // the variable result is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    FederatedIdentityCredentialData resourceData = result.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
  "name": "ficResourceName",
  "properties": {
    "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
    "subject": "system:serviceaccount:ns:svcaccount",
    "audiences": [
      "api://AzureADTokenExchange"
    ]
  },
  "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
}

定義

名稱	Description
CloudError	ManagedServiceIdentity 服務的錯誤回應。
CloudErrorBody	ManagedServiceIdentity 服務的錯誤回應。
createdByType	建立資源的身分識別類型。
FederatedIdentityCredential	描述同盟身分識別認證。
systemData	與建立和上次修改資源相關的元數據。

CloudError

ManagedServiceIdentity 服務的錯誤回應。

名稱	類型	Description
error	CloudErrorBody	錯誤的其他詳細數據清單。

CloudErrorBody

ManagedServiceIdentity 服務的錯誤回應。

名稱	類型	Description
code	string	錯誤的識別碼。
details	CloudErrorBody[]	錯誤的其他詳細數據清單。
message	string	描述錯誤的訊息，適用於在使用者介面中顯示。
target	string	特定錯誤的目標。例如，錯誤中的屬性名稱。

createdByType

建立資源的身分識別類型。

名稱	類型	Description
Application	string
Key	string
ManagedIdentity	string
User	string

FederatedIdentityCredential

描述同盟身分識別認證。

名稱	類型	Description
id	string	資源的完整資源識別碼。例如“/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”
name	string	資源的名稱
properties.audiences	string[]	可以出現在已發行權杖中的受眾清單。
properties.issuer	string	要信任的簽發者 URL。
properties.subject	string	外部身分識別的識別碼。
systemData	systemData	Azure Resource Manager 包含 createdBy 和 modifiedBy 資訊的中繼資料。
type	string	資源類型。例如“Microsoft.Compute/virtualMachines” 或 “Microsoft.Storage/storageAccounts”

systemData

與建立和上次修改資源相關的元數據。

名稱	類型	Description
createdAt	string	資源建立的時間戳 (UTC) 。
createdBy	string	建立資源的身分識別。
createdByType	createdByType	建立資源的身分識別類型。
lastModifiedAt	string	上次修改的資源時間戳 (UTC)
lastModifiedBy	string	上次修改資源的身分識別。
lastModifiedByType	createdByType	上次修改資源的身分識別類型。