Using the Azure REST API in PowerShell – ASM & ARM

This post covers using the Azure REST API in PowerShell.

First of you need to install the latest and greatest Azure PowerShell Module on your machine. Best place to do this is to install the good old fashioned MSI available from https://github.com/Azure/azure-powershell/releases

Once you have the latest Azure PowerShell Module on your machine, you’ll need to restart.

For the remainder of this post we will be focusing on the Rest API for Azure, the reference for the Azure Classic Rest API is here and the Rest API reference for Azure ARM is here.

The script below will have you Logon to (new) Azure from PowerShell only. Then the script can handle two separate Rest API calls:

  • Rest API call against Azure Classic
  • Rest API call against Azure ARM

The function for the Rest API auth will handle both Classic & ARM. Feel free to use the script below as a start to test yourself, it doesn’t change anything and only does a ‘GET’ for information.

# Logon to Azure ARM
$Azure = Get-AzureRmEnvironment 'AzureCloud'
$Env = LoginAzureRmAccount Environment $Azure Verbose
# Select Subscription
Select-AzureRmProfile Profile $Env
$Subscription = (Get-AzureRmSubscription | Out-GridView Title "Choose a Source Subscription …" PassThru)
# Select Subscription Function
Function Subscription {
Select-AzureRmProfile Profile $Env
Get-AzureRmSubscription SubscriptionName $Subscription.SubscriptionName | Select-AzureRmSubscription
}
Function RESTAPI-Auth {
# Load ADAL Azure AD Authentication Library Assemblies
Subscription
$adal = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
$adalforms = "${env:ProgramFiles(x86)}\Microsoft SDKs\Azure\PowerShell\ServiceManagement\Azure\Services\Microsoft.IdentityModel.Clients.ActiveDirectory.WindowsForms.dll"
$null = [System.Reflection.Assembly]::LoadFrom($adal)
$null = [System.Reflection.Assembly]::LoadFrom($adalforms)
$adTenant = $Subscription.TenantId
$global:SubscriptionID = $Subscription.SubscriptionId
# Client ID for Azure PowerShell
$clientId = "1950a258-227b-4e31-a9cf-717495945fc2"
# Set redirect URI for Azure PowerShell
$redirectUri = "urn:ietf:wg:oauth:2.0:oob"
# Set Resource URI to Azure Service Management API | @marckean
$resourceAppIdURIASM = "https://management.core.windows.net/"
$resourceAppIdURIARM = "https://management.azure.com/"
# Authenticate and Acquire Token
# Set Authority to Azure AD Tenant
$authority = "https://login.windows.net/$adTenant"
# Create Authentication Context tied to Azure AD Tenant
$authContext = New-Object "Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext" ArgumentList $authority
# Acquire token
$global:authResultASM = $authContext.AcquireToken($resourceAppIdURIASM, $clientId, $redirectUri, "Auto")
$global:authResultARM = $authContext.AcquireToken($resourceAppIdURIARM, $clientId, $redirectUri, "Auto")
}
Function ASM-StorageAPI ($SourceStorageAccountName) { # to get the source storage key
# Create Authorization Header
$authHeader = $global:authResultASM.CreateAuthorizationHeader()
# Set HTTP request headers to include Authorization header | @marckean
$requestHeader = @{
"x-ms-version" = "2014-10-01"; #'2014-10-01'
"Authorization" = $authHeader
}
$Uri = "https://management.core.windows.net/$SubscriptionID/services/storageservices/{0}/keys" -f $SourceStorageAccountName
$Global:SourceKey = Invoke-RestMethod Method Get Headers $requestheader Uri $Uri |
select ExpandProperty StorageService | select ExpandProperty StorageServiceKeys | select ExpandProperty primary
}
Function ARM-VMInfoAPI ($VMName, $RGName) { # to get the source storage key
# Create Authorization Header
$authHeader = $global:authResultARM.CreateAuthorizationHeader()
# Set HTTP request headers to include Authorization header | @marckean
$requestHeader = @{
"x-ms-version" = "2014-10-01"; #'2014-10-01'
"Authorization" = $authHeader
}
$Uri = "https://management.azure.com/subscriptions/{0}/resourceGroups/{1}/providers/Microsoft.Compute/virtualMachines/{2}?api-version={3}" `
-f $SubscriptionID, $RGName, $VMName, '2015-06-15'
$Global:VMInfo = Invoke-RestMethod Method Get Headers $requestheader Uri $uri
}
# Call the functions above
Subscription
RESTAPIAuth # To Logon to Rest and get an an auth key
##########################################################################################
####################### Rest API against Azure Classic ##########################
##########################################################################################
# Run Rest API call to get the Storage Key – only works for Classic Storage Accounts
ASMStorageAPI (Get-AzureRmResource | ? {$_.ResourceType -match 'ClassicStorage/storageAccounts'})[0].Name
# Display the Results
$Global:SourceKey
##########################################################################################
########################## Rest API against Azure ARM ###########################
##########################################################################################
# Run Rest API call to get the Storage Key
$Name = (Get-AzureRmResource | ? {$_.ResourceType -match 'Microsoft.Compute/virtualMachines'})[0].Name
$ResourceGroupName = (Get-AzureRmResource | ? {$_.ResourceType -match 'Microsoft.Compute/virtualMachines'})[0].ResourceGroupName
ARMVMInfoAPI $Name $ResourceGroupName
# Display the Results
$Global:VMInfo

By the way, if you want to run something similar in the Chrome plugin Postman, this article walks you through it.

To get the Authorisation code in the Article, from the PowerShell above, the following will give you what you need and send it direct to the clipboard

$global:authResultASM.CreateAuthorizationHeader() | scb
$global:authResultARM.CreateAuthorizationHeader() | scb

This is what the top of Postman should look like:

2016-09-08_1435

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s