Federated Identity Credentials - List

參考

Service:: Managed Identity

API Version:: 2023-01-31

清單指定使用者指派的身分識別下的所有同盟身分識別認證。

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials?api-version=2023-01-31

With optional parameters:

GET https://management.azure.com/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.ManagedIdentity/userAssignedIdentities/{resourceName}/federatedIdentityCredentials?$top={$top}&$skiptoken={$skiptoken}&api-version=2023-01-31

URI 參數

名稱	位於	必要	類型	Description
resourceGroupName	path	True	string	身分識別所屬的資源群組名稱。
resourceName	path	True	string	身分識別資源的名稱。
subscriptionId	path	True	string	身分識別所屬訂用帳戶的標識碼。
api-version	query	True	string	要叫用的 API 版本。
$skiptoken	query		string	略過標記可用來在作業傳回部分結果之後繼續擷取專案。如果先前的回應包含 nextLink 元素，nextLink 元素的值會包含 skipToken 參數，以指定要用於後續呼叫的起點。
$top	query		integer int32	要傳回的記錄數目。

回應

名稱	類型	Description
200 OK	FederatedIdentityCredentialsListResult	正常。已擷取並成功傳回指定使用者指派之身分識別的同盟身分識別認證清單。
Other Status Codes	CloudError	描述作業失敗原因的錯誤回應。

安全性

azure_auth

Azure Active Directory OAuth2 Flow

Type: oauth2
Flow: implicit
Authorization URL: https://login.microsoftonline.com/common/oauth2/authorize

Scopes

名稱	Description
user_impersonation	模擬您的用戶帳戶

範例

FederatedIdentityCredentialList

Sample Request

GET https://management.azure.com/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourceGroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials?api-version=2023-01-31


/** Samples for FederatedIdentityCredentials List. */
public final class Main {
    /*
     * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/
     * FederatedIdentityCredentialList.json
     */
    /**
     * Sample code: FederatedIdentityCredentialList.
     *
     * @param azure The entry point for accessing resource management APIs in Azure.
     */
    public static void federatedIdentityCredentialList(com.azure.resourcemanager.AzureResourceManager azure) {
        azure.identities().manager().serviceClient().getFederatedIdentityCredentials().list("rgName", "resourceName",
            null, null, com.azure.core.util.Context.NONE);
    }
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

from azure.identity import DefaultAzureCredential
from azure.mgmt.msi import ManagedServiceIdentityClient

"""
# PREREQUISITES
    pip install azure-identity
    pip install azure-mgmt-msi
# USAGE
    python federated_identity_credential_list.py

    Before run the sample, please set the values of the client ID, tenant ID and client secret
    of the AAD application as environment variables: AZURE_CLIENT_ID, AZURE_TENANT_ID,
    AZURE_CLIENT_SECRET. For more info about how to get the value, please see:
    https://docs.microsoft.com/azure/active-directory/develop/howto-create-service-principal-portal
"""


def main():
    client = ManagedServiceIdentityClient(
        credential=DefaultAzureCredential(),
        subscription_id="c267c0e7-0a73-4789-9e17-d26aeb0904e5",
    )

    response = client.federated_identity_credentials.list(
        resource_group_name="rgName",
        resource_name="resourceName",
    )
    for item in response:
        print(item)


# x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
if __name__ == "__main__":
    main()

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

package armmsi_test

import (
	"context"
	"log"

	"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
	"github.com/Azure/azure-sdk-for-go/sdk/resourcemanager/msi/armmsi"
)

// Generated from example definition: https://github.com/Azure/azure-rest-api-specs/blob/3d7a3848106b831a4a7f46976fe38aa605c4f44d/specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
func ExampleFederatedIdentityCredentialsClient_NewListPager() {
	cred, err := azidentity.NewDefaultAzureCredential(nil)
	if err != nil {
		log.Fatalf("failed to obtain a credential: %v", err)
	}
	ctx := context.Background()
	clientFactory, err := armmsi.NewClientFactory("<subscription-id>", cred, nil)
	if err != nil {
		log.Fatalf("failed to create client: %v", err)
	}
	pager := clientFactory.NewFederatedIdentityCredentialsClient().NewListPager("rgName", "resourceName", &armmsi.FederatedIdentityCredentialsClientListOptions{Top: nil,
		Skiptoken: nil,
	})
	for pager.More() {
		page, err := pager.NextPage(ctx)
		if err != nil {
			log.Fatalf("failed to advance page: %v", err)
		}
		for _, v := range page.Value {
			// You could use page here. We use blank identifier for just demo purposes.
			_ = v
		}
		// If the HTTP response code is 200 as defined in example definition, your page structure would look as follows. Please pay attention that all the values in the output are fake values for just demo purposes.
		// page.FederatedIdentityCredentialsListResult = armmsi.FederatedIdentityCredentialsListResult{
		// 	Value: []*armmsi.FederatedIdentityCredential{
		// 		{
		// 			Name: to.Ptr("ficResourceName"),
		// 			Type: to.Ptr("Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"),
		// 			ID: to.Ptr("/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName"),
		// 			Properties: &armmsi.FederatedIdentityCredentialProperties{
		// 				Audiences: []*string{
		// 					to.Ptr("api://AzureADTokenExchange")},
		// 					Issuer: to.Ptr("https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID"),
		// 					Subject: to.Ptr("system:serviceaccount:ns:svcaccount"),
		// 				},
		// 		}},
		// 	}
	}
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

const { ManagedServiceIdentityClient } = require("@azure/arm-msi");
const { DefaultAzureCredential } = require("@azure/identity");

/**
 * This sample demonstrates how to Lists all the federated identity credentials under the specified user assigned identity.
 *
 * @summary Lists all the federated identity credentials under the specified user assigned identity.
 * x-ms-original-file: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
 */
async function federatedIdentityCredentialList() {
  const subscriptionId =
    process.env["MSI_SUBSCRIPTION_ID"] || "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
  const resourceGroupName = process.env["MSI_RESOURCE_GROUP"] || "rgName";
  const resourceName = "resourceName";
  const credential = new DefaultAzureCredential();
  const client = new ManagedServiceIdentityClient(credential, subscriptionId);
  const resArray = new Array();
  for await (let item of client.federatedIdentityCredentials.list(
    resourceGroupName,
    resourceName
  )) {
    resArray.push(item);
  }
  console.log(resArray);
}

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

using System;
using System.Threading.Tasks;
using Azure;
using Azure.Core;
using Azure.Identity;
using Azure.ResourceManager;
using Azure.ResourceManager.ManagedServiceIdentities;

// Generated from example definition: specification/msi/resource-manager/Microsoft.ManagedIdentity/stable/2023-01-31/examples/FederatedIdentityCredentialList.json
// this example is just showing the usage of "FederatedIdentityCredentials_List" operation, for the dependent resources, they will have to be created separately.

// get your azure access token, for more details of how Azure SDK get your access token, please refer to https://learn.microsoft.com/en-us/dotnet/azure/sdk/authentication?tabs=command-line
TokenCredential cred = new DefaultAzureCredential();
// authenticate your client
ArmClient client = new ArmClient(cred);

// this example assumes you already have this UserAssignedIdentityResource created on azure
// for more information of creating UserAssignedIdentityResource, please refer to the document of UserAssignedIdentityResource
string subscriptionId = "c267c0e7-0a73-4789-9e17-d26aeb0904e5";
string resourceGroupName = "rgName";
string resourceName = "resourceName";
ResourceIdentifier userAssignedIdentityResourceId = UserAssignedIdentityResource.CreateResourceIdentifier(subscriptionId, resourceGroupName, resourceName);
UserAssignedIdentityResource userAssignedIdentity = client.GetUserAssignedIdentityResource(userAssignedIdentityResourceId);

// get the collection of this FederatedIdentityCredentialResource
FederatedIdentityCredentialCollection collection = userAssignedIdentity.GetFederatedIdentityCredentials();

// invoke the operation and iterate over the result
await foreach (FederatedIdentityCredentialResource item in collection.GetAllAsync())
{
    // the variable item is a resource, you could call other operations on this instance as well
    // but just for demo, we get its data from this resource instance
    FederatedIdentityCredentialData resourceData = item.Data;
    // for demo we just print out the id
    Console.WriteLine($"Succeeded on id: {resourceData.Id}");
}

Console.WriteLine($"Succeeded");

To use the Azure SDK library in your project, see this documentation. To provide feedback on this code sample, open a GitHub issue

Sample Response

Status code:: 200

{
  "value": [
    {
      "id": "/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/identityName/federatedIdentityCredentials/ficResourceName",
      "name": "ficResourceName",
      "properties": {
        "issuer": "https://oidc.prod-aks.azure.com/TenantGUID/IssuerGUID",
        "subject": "system:serviceaccount:ns:svcaccount",
        "audiences": [
          "api://AzureADTokenExchange"
        ]
      },
      "type": "Microsoft.ManagedIdentity/userAssignedIdentities/federatedIdentityCredentials"
    }
  ],
  "nextLink": "https://serviceRoot/subscriptions/c267c0e7-0a73-4789-9e17-d26aeb0904e5/resourcegroups/rgName/providers/Microsoft.ManagedIdentity/userAssignedIdentities/resourceName/federatedIdentityCredentials?api-version=2023-01-31&$skipToken=X'12345'"
}

定義

名稱	Description
CloudError	ManagedServiceIdentity 服務的錯誤回應。
CloudErrorBody	ManagedServiceIdentity 服務的錯誤回應。
createdByType	建立資源的身分識別類型。
FederatedIdentityCredential	描述同盟身分識別認證。
FederatedIdentityCredentialsListResult	清單作業針對同盟身分識別認證所傳回的值。
systemData	與建立和上次修改資源相關的元數據。

CloudError

ManagedServiceIdentity 服務的錯誤回應。

名稱	類型	Description
error	CloudErrorBody	錯誤的其他詳細數據清單。

CloudErrorBody

ManagedServiceIdentity 服務的錯誤回應。

名稱	類型	Description
code	string	錯誤的識別碼。
details	CloudErrorBody[]	錯誤的其他詳細數據清單。
message	string	描述錯誤的訊息，適用於在使用者介面中顯示。
target	string	特定錯誤的目標。例如，錯誤中的屬性名稱。

createdByType

建立資源的身分識別類型。

名稱	類型	Description
Application	string
Key	string
ManagedIdentity	string
User	string

FederatedIdentityCredential

描述同盟身分識別認證。

名稱	類型	Description
id	string	資源的完整資源識別碼。例如“/subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/{resourceProviderNamespace}/{resourceType}/{resourceName}”
name	string	資源的名稱
properties.audiences	string[]	可以出現在已發行權杖中的受眾清單。
properties.issuer	string	要信任的簽發者 URL。
properties.subject	string	外部身分識別的識別碼。
systemData	systemData	Azure Resource Manager 包含 createdBy 和 modifiedBy 資訊的中繼資料。
type	string	資源類型。例如“Microsoft.Compute/virtualMachines” 或 “Microsoft.Storage/storageAccounts”

FederatedIdentityCredentialsListResult

清單作業針對同盟身分識別認證所傳回的值。

名稱	類型	Description
nextLink	string	如果有任何結果，則為取得下一頁結果的URL。
value	FederatedIdentityCredential[]	清單作業所傳回的同盟識別認證集合。

systemData

與建立和上次修改資源相關的元數據。

名稱	類型	Description
createdAt	string	資源建立的時間戳 (UTC) 。
createdBy	string	建立資源的身分識別。
createdByType	createdByType	建立資源的身分識別類型。
lastModifiedAt	string	上次修改的資源時間戳 (UTC)
lastModifiedBy	string	上次修改資源的身分識別。
lastModifiedByType	createdByType	上次修改資源的身分識別類型。