Question

我正在尝试找到一种方法，利用json文件通过Powershell更新Azure Ad注册的应用程序的清单。

Json文件包含所有应用程序角色，我想简单地将应用程序角色：[]直接插入到应用程序角色括号中

有没有一种方法可以通过Power Shell或CLI来实现？

Answer 1

是的，您可以通过PowerShell更新Azure AD应用程序的清单。

专门用于添加应用程序角色，这是一个PowerShell脚本。

如果您在创建新应用程序时尝试执行此操作，只需使用New-AzureADApplication而不是Set-AzureADApplication。

Connect-AzureAD -TenantId <Tenant GUID>

# Create an application role of given name and description
Function CreateAppRole([string] $Name, [string] $Description)
{
    $appRole = New-Object Microsoft.Open.AzureAD.Model.AppRole
    $appRole.AllowedMemberTypes = New-Object System.Collections.Generic.List[string]
    $appRole.AllowedMemberTypes.Add("User");
    $appRole.DisplayName = $Name
    $appRole.Id = New-Guid
    $appRole.IsEnabled = $true
    $appRole.Description = $Description
    $appRole.Value = $Name;
    return $appRole
}

# ObjectId for application from App Registrations in your AzureAD
$appObjectId = "<Your Application Object Id>"
$app = Get-AzureADApplication -ObjectId $appObjectId
$appRoles = $app.AppRoles
Write-Host "App Roles before addition of new role.."
Write-Host $appRoles

$newRole = CreateAppRole -Name "MyNewApplicationRole" -Description "This is my new Application Role"
$appRoles.Add($newRole)

Set-AzureADApplication -ObjectId $app.ObjectId -AppRoles $appRoles

Answer 2

请记住，Azure AD门户中显示的“清单”只不过是由Azure AD Graph API：https://msdn.microsoft.com/Library/Azure/Ad/Graph/api/entity-and-complex-type-reference#application-entity公开的对应用程序对象的轻微约束表示形式

Azure AD PowerShell（AzureAD模块）只是围绕同一API的简单包装。 New‑AzureADApplication对POST做/applications，Get‑AzureADApplication做GET，Set‑AzureADApplication做PATCH，而{{1} }进行Remove‑AzureADApplication。

因此，请记住以下几点，请考虑以下输入文件DELETE：

app-roles.json

您可以使用以下脚本在应用程序上设置这些应用程序角色（请注意，这将删除任何现有的应用程序角色，这将导致错误，因为它们之前未被禁用）：

[
    {
        "allowedMemberTypes": [ "Application" ],
        "description": "Read some things in the My App service",
        "displayName": "Read some things",
        "id": "b2b2e6de-bb42-41b4-92db-fda89218b5ae",
        "isEnabled": true,
        "value": "Things.Read.Some"
    },
    {
        "allowedMemberTypes": [ "User" ],
        "description": "Super admin role for My App",
        "displayName": "My App Super Admin",
        "id": "a01eca9b-0c55-411d-aa5f-d8cfdbadf500",
        "isEnabled": true,
        "value": "super_admin"
    }
]

Answer 3

Azure客户端命令

async loadAllObjectsInfo() {
    const requestOptions = {
        method: 'GET',
        headers: {
            'Content-Type': 'application/json',
            'bbuser': this.state.user.user
            'bbtoken': this.state.user.secret
        },
    };

    let response = await fetch('https://xxxxx/api/objects', requestOptions);
    let data = await response.json();

    // here is another fetch - change to fit your request parameters (this is just example)
    let info = await fetch('https://xxxxx/api/objects/' + data.id);

    this.setState({ data });
}

manifest.json

az ad app update --id e042ec79-34cd-498f-9d9f-123456781234 --app-roles @manifest.json

More info ine the documentation of azure cli

Azure广告应用-以编程方式更新清单

3 个答案: