Using Azure Resource Management REST API in PowerShell
The Azure Resource Manager PowerShell module has a subset of functionality that the resource management REST API offers.
Specifically, the ARM PowerShell module does not include cmdlets to get the resource provider information. Also, note that the ARM REST API requests must be authenticated using Azure Active Directory (AD). This article shows you how to authenticate to Azure AD using PowerShell and access the REST APIs.
Before you can start using ARM REST API in PowerShell, you need to first create an AD application and give permissions to access the service management API. These steps are detailed in the MSDN article http://msdn.microsoft.com/en-us/library/azure/dn790557.aspx.
We also need the Microsoft.IdentityModel.Clients.ActiveDirectory .NET assembly for creating an access token. This is the Azure Active Directory Authentication library. This can be downloaded from NuGet.org. We can do this using the nuget.exe. The following code snippet shows how to use nuget.exe.
Invoke-WebRequest -Uri 'https://oneget.org/nuget-anycpu-2.8.3.6.exe' -OutFile "${env:Temp}\nuget.exe"
Start-Process -FilePath "${env:Temp}\nuget.exe" -ArgumentList 'install Microsoft.IdentityModel.Clients.ActiveDirectory' -WorkingDirectory $env:Temp
Add-Type -Path "${env:Temp}\Microsoft.IdentityModel.Clients.ActiveDirectory.2.13.112191810\lib\net45\Microsoft.IdentityModel.Clients.ActiveDirectory.dll"
Once we have the assembly loaded, we can use the AuthenticationContext and then acquire a token for the REST API access. Before we proceed, we need the tenant ID, client ID of the application you created earlier and your Azure subscription ID. The client ID can be obtained from the application dashboard.
The tenant ID can be retrieved by running the Get-AzureAccount cmdlet.
The following script shows how to build the necessary authorization header for the REST API access.
$tenantId = 'tenant-id'
$clientId = 'client-id'
$subscriptionId = 'subscription-id'
$authUrl = "https://login.windows.net/${tenantId}"
$AuthContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]$authUrl
$result = $AuthContext.AcquireToken("https://management.core.windows.net/",
$clientId,
[Uri]"https://localhost",
[Microsoft.IdentityModel.Clients.ActiveDirectory.PromptBehavior]::Auto)
$authHeader = @{
'Content-Type'='application\json'
'Authorization'=$result.CreateAuthorizationHeader()
}
In the above snippet, the AcquireToken method gives us the access tokens. The [Uri]”https://localhost” needs to be replaced with whatever you mentioned during the creation of application. When the AcquireToken method is executed, you may be prompted for the sign-in details as required.
From the AcquireToken method output, we generate the required authorization header for accessing the REST API.
List all Azure Resource Providers
The REST API for listing all resource providers is https://management.azure.com/subscriptions/{subscription-id}/providers?$skiptoken={skiptoken}&api-version={api-version}.
We can use the Invoke-RestMethod cmdlet to access this REST endpoint. We need to use the $authHeader created above with this cmdlet.
$allProviders = (Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers?api-version=2014-04-01-preview" -Headers $authHeader -Method Get -Verbose).Value
Get Resource Provider Details
The REST API for getting details about a resource provider is https://management.azure.com/subscriptions/{subscription-id}/providers/{resource-provider-namespace}?api-version={api-version}.
$computeProvider = (Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers/Microsoft.classicCompute?api-version=2014-04-01-preview" -Headers $authHeader -Method Get -Verbose)
What we have seen so far is only GET requests using the Invoke-RestMethod cmdlet. Some REST API endpoints require POST method. One example we will see now is to register the subscription with a specific resource provider.
In the output showing a list of all providers, you see that my subscription is not registered with the Microsoft.Search resource provider. Let us see how we complete this registration using REST API in PowerShell.
Invoke-RestMethod -Uri "https://management.azure.com/subscriptions/${subscriptionId}/providers/Microsoft.Search/register?api-version=2014-04-01-preview" -Method Post -Headers $authHeader -Verbose
Once the registration is complete, you can see that in the all provider output.
This is it. I hope you find this helpful! More on the Azure Resource Manager in future posts. Stay tuned.
Share on: