Azure CDN - 通过资源管理自定义域 SSL API

Azure CDN - Custom Domain SSL via Resource Management API

使用最新的Azure Powershell SDK, but still can't seem to create Custom SSL Domains for CDNs in Azure via API Management。我们有数百个子域要创建,并且需要能够编写此任务的创建脚本以实现未来的可扩展性。

有谁知道自 SDK has no support? We are using the New-AzureRmCdnCustomDomain commandlet.

以来如何通过 REST API 切换此标志

更新: AzureRM 6.13.0 模块和新的 Az 模块(包括 Az.Cdn)现在支持使用 cmdlet。请参阅 Enable-AzureCdnCustomDomain (AzureRM.Cdn) 或 Enable-AzCdnCustomDomain (Az.Cdn)


用于启用自定义域 HTTPS 的 REST API 记录在 docs.microsoft.com

Enable Custom Https

Enable https delivery of the custom domain.

POST /subscriptions/{subscriptionId}/resourceGroups/{resourceGroupName}/providers/Microsoft.Cdn/profiles/{profileName}/endpoints/{endpointName}/customDomains/{customDomainName}/enableCustomHttps?api-version=2017-10-12

在使用 Azure REST API 之前,您需要获得 an access token:

Generating access token using PowerShell:

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}

The response contains an access token, information about how long that token is valid, and information about what resource you can use that token for. The access token you received in the previous HTTP call must be passed in for all request to the Resource Manager API. You pass it as a header value named "Authorization" with the value "Bearer YOUR_ACCESS_TOKEN". Notice the space between "Bearer" and your access token.

通过在 Azure AD 中创建应用程序注册来检索客户端 ID,并在创建的应用程序注册的密钥部分生成客户端密钥。这可以组合成这样的解决方案:

$subscriptionId = "..."
$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

$Token = Invoke-RestMethod -Uri https://login.microsoftonline.com/<TenantID>/oauth2/token?api-version=1.0 -Method Post -Body @{
    "grant_type" = "client_credentials"
    "resource" = "https://management.core.windows.net/"
    "client_id" = "<application id>"
    "client_secret" = "<password you selected for authentication>"
}

$header = @{
     "Authorization"= "Bearer $($Token.access_token)"
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2016-10-02"

如果您不需要自动执行脚本,您可以使用此修改后的示例(基于 Source). It requires AzureRM-模块,可以使用Install-Module AzureRM:

Function Login-AzureRESTApi {

    Import-Module AzureRM.Profile

    # Load ADAL Azure AD Authentication Library Assemblies
    $modulepath = Split-Path (Get-Module -Name AzureRM.Profile).Path
    $adal = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
    $adalforms = "$modulepath\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
    $null = [System.Reflection.Assembly]::LoadFrom($adal)
    $null = [System.Reflection.Assembly]::LoadFrom($adalforms)

    # Login to Azure
    $Env = Login-AzureRmAccount

    # Select Subscription
    $Subscription = (Get-AzureRmSubscription | Out-GridView -Title "Choose a subscription ..." -PassThru)
    $adTenant = $Subscription.TenantId
    $global:SubscriptionID = $Subscription.SubscriptionId

    # Client ID for Azure PowerShell
    $clientId = "1950a258-227b-4e31-a9cf-717495945fc2"

    # Set redirect URI for Azure PowerShell
    $redirectUri = "urn:ietf:wg:oauth:2.0:oob"

    # Set Resource URI to Azure Service Management API | @marckean
    $resourceAppIdURIASM = "https://management.core.windows.net/"
    $resourceAppIdURIARM = "https://management.azure.com/"

    # Set Authority to Azure AD Tenant
    $authority = "https://login.windows.net/$adTenant"

    # Create Authentication Context tied to Azure AD Tenant
    $authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" -ArgumentList $authority

    # Acquire token
    $global:authResultASM = $authContext.AcquireToken($resourceAppIdURIASM, $clientId, $redirectUri, "Auto")
    $global:authResultARM = $authContext.AcquireToken($resourceAppIdURIARM, $clientId, $redirectUri, "Auto")

} 

$resourceGroupName = "..."
$profileName = "..."
$endpointName = "..."
$customDomainName = ".."

Login-AzureRESTApi

#Reuse selected subscription from login
$Subscription = $global:subscriptionId

$header = @{
     "Authorization"= $global:authResultARM.CreateAuthorizationHeader()
 }

Invoke-RestMethod -Method Post -Headers $header -Uri "https://management.azure.com/subscriptions/$subscriptionId/resourceGroups/$resourceGroupName/providers/Microsoft.Cdn/profiles/$profileName/endpoints/$endpointName/customDomains/$customDomainName/enableCustomHttps?api-version=2017-10-12"