如何重置为 Azure 中的系统托管标识创建的服务主体的密码?
How to reset the password of the Service Principal created for the System Managed Identity in Azure?
我使用系统托管标识创建了一个 Azure 容器注册表。我知道如何检查为其创建的服务主体:
C:\> az ad sp show --id 4***8
{
"accountEnabled": "True",
"alternativeNames": [
"isExplicit=False",
"/subscriptions/d***8/resourcegroups/VictorTestRG/providers/Microsoft.ContainerRegistry/registries/victorTestContainerRegistry"
],
"appId": "7***6",
"displayName": "victorTestContainerRegistry",
"keyCredentials": [...],
"objectId": "4***8",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/2***b/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"servicePrincipalNames": [
"7***6",
"https://identity.azure.net/o***F/p***="
],
"servicePrincipalType": "ManagedIdentity"
}
(为简洁起见,我删除了某些值并省略了具有 null 或 [] 值的字段)
现在我想重置此服务委托人的凭据,但以下 none 对我有用:
C:\> az ad sp credential reset --name 4***8
Resource '4***8' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "7***6"
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name victorTestContainerRegistry
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "https://identity.azure.net/o***F/p***="
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\>
那么,如何重置系统管理身份的凭据?
正如 Thomas 评论的那样,您不管理凭据。
使用托管身份的目的是摆脱这种管理。
系统会自动轮换后台身份使用的证书。
您不需要对此做任何事情。
我使用系统托管标识创建了一个 Azure 容器注册表。我知道如何检查为其创建的服务主体:
C:\> az ad sp show --id 4***8
{
"accountEnabled": "True",
"alternativeNames": [
"isExplicit=False",
"/subscriptions/d***8/resourcegroups/VictorTestRG/providers/Microsoft.ContainerRegistry/registries/victorTestContainerRegistry"
],
"appId": "7***6",
"displayName": "victorTestContainerRegistry",
"keyCredentials": [...],
"objectId": "4***8",
"objectType": "ServicePrincipal",
"odata.metadata": "https://graph.windows.net/2***b/$metadata#directoryObjects/@Element",
"odata.type": "Microsoft.DirectoryServices.ServicePrincipal",
"servicePrincipalNames": [
"7***6",
"https://identity.azure.net/o***F/p***="
],
"servicePrincipalType": "ManagedIdentity"
}
(为简洁起见,我删除了某些值并省略了具有 null 或 [] 值的字段)
现在我想重置此服务委托人的凭据,但以下 none 对我有用:
C:\> az ad sp credential reset --name 4***8
Resource '4***8' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "7***6"
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name victorTestContainerRegistry
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\> az ad sp credential reset --name "https://identity.azure.net/o***F/p***="
Resource '7***6' does not exist or one of its queried reference-property objects are not present.
C:\>
那么,如何重置系统管理身份的凭据?
正如 Thomas 评论的那样,您不管理凭据。 使用托管身份的目的是摆脱这种管理。
系统会自动轮换后台身份使用的证书。 您不需要对此做任何事情。