我正在尝试找到一种方法,利用json文件通过Powershell更新Azure Ad注册的应用程序的清单。
Json文件包含所有应用程序角色,我想简单地将应用程序角色:[]直接插入到应用程序角色括号中
有没有一种方法可以通过Power Shell或CLI来实现?
答案 0 :(得分:2)
是的,您可以通过PowerShell更新Azure AD应用程序的清单。
专门用于添加应用程序角色,这是一个PowerShell脚本。
如果您在创建新应用程序时尝试执行此操作,只需使用New-AzureADApplication
而不是Set-AzureADApplication
。
Connect-AzureAD -TenantId <Tenant GUID>
# Create an application role of given name and description
Function CreateAppRole([string] $Name, [string] $Description)
{
$appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole
$appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string]
$appRole.AllowedMemberTypes.Add("User");
$appRole.DisplayName = $Name
$appRole.Id = New-Guid
$appRole.IsEnabled = $true
$appRole.Description = $Description
$appRole.Value = $Name;
return $appRole
}
# ObjectId for application from App Registrations in your AzureAD
$appObjectId = "<Your Application Object Id>"
$app = Get-AzureADApplication -ObjectId $appObjectId
$appRoles = $app.AppRoles
Write-Host "App Roles before addition of new role.."
Write-Host $appRoles
$newRole = CreateAppRole -Name "MyNewApplicationRole" -Description "This is my new Application Role"
$appRoles.Add($newRole)
Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRoles
答案 1 :(得分:1)
请记住,Azure AD门户中显示的“清单”只不过是由Azure AD Graph API:https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity公开的对应用程序对象的轻微约束表示形式>
Azure AD PowerShell(AzureAD模块)只是围绕同一API的简单包装。 New‑AzureADApplication
对POST
做/applications
,Get‑AzureADApplication
做GET
,Set‑AzureADApplication
做PATCH
,而{{1} }进行Remove‑AzureADApplication
。
因此,请记住以下几点,请考虑以下输入文件DELETE
:
app-roles.json
您可以使用以下脚本在应用程序上设置这些应用程序角色(请注意,这将删除任何现有的应用程序角色,这将导致错误,因为它们之前未被禁用):
[
{
"allowedMemberTypes": [ "Application" ],
"description": "Read some things in the My App service",
"displayName": "Read some things",
"id": "b2b2e6de-bb42-41b4-92db-fda89218b5ae",
"isEnabled": true,
"value": "Things.Read.Some"
},
{
"allowedMemberTypes": [ "User" ],
"description": "Super admin role for My App",
"displayName": "My App Super Admin",
"id": "a01eca9b-0c55-411d-aa5f-d8cfdbadf500",
"isEnabled": true,
"value": "super_admin"
}
]
答案 2 :(得分:0)
Azure客户端命令
async loadAllObjectsInfo() {
const requestOptions = {
method: 'GET',
headers: {
'Content-Type': 'application/json',
'bbuser': this.state.user.user
'bbtoken': this.state.user.secret
},
};
let response = await fetch('https://xxxxx/api/objects', requestOptions);
let data = await response.json();
// here is another fetch - change to fit your request parameters (this is just example)
let info = await fetch('https://xxxxx/api/objects/' + data.id);
this.setState({ data });
}
manifest.json
az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --app-roles @manifest.json