I wrote a few PowerShell functions a couple of years ago to build a bearer token out of an active session. I needed to make calls in scripts here and there and nothing native was available. This is now things of the past if you are open to use Azure CLI.
There is finally something!
Searching for a new way to perform native calls at the command line to Azure Management REST APIs, I stumble upon an issue on GitHub. To discover at the end of the issue that it is now implemented and in preview in Azure CLI!
Requirements
You'll need to update to Azure CLI version 2.0.67+
Usage
From the Azure CLI help you'll get the following if you type az rest --help
.
Command
az rest : Invoke a custom request.
This command is in preview. It may be changed/removed in a future release. Arguments
--method -m [Required] : HTTP request method. Allowed values: delete, get, head, options,
patch, post, put. Default: get.
--uri -u [Required] : Request uri. For uri without host, CLI will assume
"https://management.azure.com/". Common tokens will also be
replaced with real values including "{subscriptionId}".
--body -b : Request body.
--headers : Space-separated headers in KEY=VALUE format or JSON string. Use
@{file} to load from a file.
--output-file : Save response payload to a file.
--resource : Resource url for which CLI should acquire a token in order to
access the service. The token will be placed in the
"Authorization" header. By default, CLI can figure this out based
on "--url" argument, unless you use ones not in the list of "az
cloud show --query endpoints".
--skip-authorization-header : Do not auto append "Authorization" header.
--uri-parameters : Space-separated queries in KEY=VALUE format or JSON string. Use
@{file} to load from a file.
Global Arguments
--debug : Increase logging verbosity to show all debug logs.
--help -h : Show this help message and exit.
--output -o : Output format. Allowed values: json, jsonc, none, table, tsv,
yaml. Default: json.
--query : JMESPath query string. See http://jmespath.org/ for more
information and examples.
--subscription : Name or ID of subscription. You can configure the default
subscription using `az account set -s NAME_OR_ID`.
--verbose : Increase logging verbosity. Use --debug for full debug logs.
Examples
Get Audit log through Microsoft Graph
az rest --method get --uri https://graph.microsoft.com/beta/auditLogs/directoryAudits
Update a Azure Active Directory Graph User's display name
az rest --method patch --uri
"https://graph.microsoft.com/v1.0/users/johndoe@azuresdkteam.onmicrosoft.com" --body
"{\"displayName\": \"jondoe2\"}"
Here is an invocation I made using az rest
to call the Azure Policy REST API to extract non-compliant data:
az rest --method post --uri "https://management.azure.com/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.PolicyInsights/policyStates/latest/queryResults?api-version=2018-04-04&$filter=policyAssignmentId eq '/providers/Microsoft.Management/managementGroups/{managementGroupName}/providers/Microsoft.Authorization/policyAssignments/3132643538114acc900af638'"
Conclusion
The days of having to extract and manipulate bearer tokens are pretty much gone if you are willing to use a little bit of Azure CLI.