Authenticating with Azure Resource Management APIs

-
I spent some time yesterday working with Azure Management REST APIs. One pain point I found, with minimal documentation, was how to authenticate to get the initial Bearer Token.

For this example, you will need a SPO client id and it's client secret. Going forward these will be called ClientId and ClientSecret. Please replace these with your own in the example. Additionally all of my code will be in Python for this example, however, we are just creating a body to get our token back. You should know how to do this in any language you choose to write with.

Lets Get Started:

For my example we will be authenticating and receiving a Bearer Token, then using that token to make a call to the Subscriptions portion of the Management API.

Required Information:

For this, in addition to the previously mentioned ClientId and ClientSecret you will need your Tenant ID and a Subscription ID. For my example I will be using obfuscated information.

Code:

import json
import requests

# Do not copy the below exactly. I have a file I'm getting the data from. You will want this info to come from a secure location
ClientId = data['ClientID']
ClientSecret = data['ClientSecret']
tenant_id = "12345678-1234-1234-1234-12345678"
subscription_id = "09876543-4321-4321-4321-09876543"
auth_uri = f"https://login.microsoftonline.com/{tenant_id}/oauth2/token"
call_uri = f"https://management.azure.com/subscriptions/{subscription_id}?api-version=2016-06-01"
This first section of code is just setting up the variables we will use going forward. From here we start building the body and call for our requests.
auth_body = {
    "client_id": ClientId,
    "client_secret": ClientSecret,
    "grant_type": "client_credentials",
    "resource": "https://management.azure.com/"
}

response = requests.post(auth_uri, data=auth_body) #This is the call to get the auth token using the body we built
data = response.json()
What we are doing here is creating a body for a POST request. This body contains our credentials, the grant type, and the resource type we want access to. In our case grant type is client_credentials because we are sending client credentials to get our Bearer Token. Resource is the management api.
We then store the data in a variable called data. The response we get has lots of additional data, but we just want the json.
From here we can use our token by building the bearer token line and then creating our authentication header.
bearer_token = f"Bearer {data['access_token']}"
auth_header = {
    "Content-Type": "application/json",
    "Authorization": bearer_token
}

call_resposne = requests.get(call_uri, headers=auth_header)
print(call_resposne.json())
We are creating a line for our auth_header called bearer_token. This must be in the format "Bearer <YOURTOKENHERE>" and this was my quick way of making sure that worked. We then create the auth_header. This lets the application know we want a JSON response and here is our Authorization Token.
Then we pass all of that into our call and print the response.

Popular posts from this blog

Cleaning up old branches from VS Code

-
What's up everyone? So recently I was changing branches in VS Code and clicked the button to list my branches and... Bah. Tons and tons of old deleted branches. After quite a bit of googling I found that cleaning them up isn't that quick or simple. So I have written a quick PowerShell script to clean this up on windows for me. My primary language at my job day to day is PowerShell so that's why it's what I chose to write it in that. This will remove any local branches and clean up any branches that have been deleted in the git system of your choice on your local system. I unfortunately don't have any screenshots due to cleaning it up before thinking that I should take some to show this in action. Code below: 1 2 3 4 5 6 7 8 9 10 $Branches = git branch foreach ( $Branch in $Branches ) { if ( $Branch -ne "* master" ) { $BranchName = $Branch .Replace( " " , "" ) Write-Host "Delet...
Read more

PowerShell and TeamCity build status output info.

-
After doing quite a bit of research on the subject, I found that there was not a lot of content in regards to how to handle a PowerShell build running in TeamCity and having it handle exits and errors correctly. Due to this lack of ability to find detailed information, I figured why not add a little bit here. Example of an Azure ARM Deployment with error handling in TeamCity: Yes, there are probably much better ways to handle this, but this is just a quick example of how we could write this. And no, it won't catch all issues with the deployment, but this is a work in progress. 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 $DeploymentSplat = @ { "Name" = "TestDBDeploy" "ResourceGroupName" = "my-awesome-resourcegroup" "Mode" = "Incremental" "TemplateParameterFile" = "C:\Path\To\Arm\Te...
Read more

How I stay organized

-
Image
Staying organized is never a one size fits all item for people. For me I have to use quite a few different pieces to keep everything together. The first piece is I read a book called  Time Management for System Administrators  (direct link to Amazon). Using some of the practices in this book, I was able to take a lot of chaos out of my last job. I worked for an MSP and every day was crazy. I started listing everything I needed to get done in a day. I used a giant white board and worked with my manager so that they could see what I was doing for the day at a glance. They would re-prioritize things with talking to me at times and we would all stay on the same page. The book talks about writing down all of your tasks and then ranking them. Since at times I would have different priorities than my manage, it was important for us to stay on the same page. A lot of times a good ticketing system would take care of this, but we didn't use our ticketing system for project work at the ...
Read more