【Azure Developer】Azure Automation 自动化账号生成的时候怎么生成连接 与证书 (Connection & Certificate)

Azure Automation ：The Azure Automation service provides a highly reliable and scalable workflow execution engine to automate frequently repeated management tasks. The processes are automated through runbooks, which are Windows PowerShell Workflows run in the Azure Automation execution engine. You can use this API to create, update, read, and delete automation resources, including runbooks and runbook jobs. In addition you can manage assets such as variables, schedules, Windows PowerShell modules, credentials, and certificates.

Azure 自动化服务提供了一个高度可靠和可扩展的工作流执行引擎，可以自动执行频繁重复的管理任务。 这些流程通过 runbook 自动完成，这些 runbook 是在 Azure 自动化执行引擎中运行的 Windows PowerShell 工作流。 可以使用此 API 来创建、更新、读取和删除自动化资源，包括 runbook 和 runbook 作业。 此外，还可以管理诸如变量、时间表、Windows PowerShell 模块、凭据和证书等资产。

Source ： https://docs.microsoft.com/en-us/rest/api/automation/

问题描述

自动化账号( Automation Account )生成的时候怎么生成连接( Connection)与证书( Certificate)?

问题回答

在中国区Azure中创建Connection时，需要修改为中国区的ARM Endpoint。比如Connection的Endpoint (终结点)应为：

https://management.chinacloudapi.cn
/subscriptions/<subscriptionid>
/resourceGroups/< resourceGroups >/providers/Microsoft.Automation
/automationAccounts/< automationAccounts name>
/connections/<connectionname>?api-version=2015-10-31

请求示例可参考：https://docs.microsoft.com/en-us/rest/api/automation/connection/create-or-update#create-or-update-connection

Sample Request

PUT https://management.chinacloudapi.cn/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Automation/automationAccounts
/myAutomationAccount28/connections/mysConnection?api-version=2015-10-31

Request Body

{
  "name": "mysConnection",
  "properties": {
    "description": "my description goes here",
    "connectionType": {
      "name": "Azure"
    },
    "fieldDefinitionValues": {
      "AutomationCertificateName": "mysCertificateName",
      "SubscriptionID": "subid"
    }
  }
}

Sample Response

• Status code:201

{
  "id": "/subscriptions/subid/resourceGroups/rg/providers/Microsoft.Automation/automationAccounts/myAutomationAccount28/connections/mysConnection",
  "name": "mysConnection",
  "properties": {
    "creationTime": "2017-03-27T07:52:29.29+00:00",
    "lastModifiedTime": "2017-03-27T07:52:29.29+00:00",
    "description": "my description goes here",
    "fieldDefinitionValues": {
      "AutomationCertificateName": "mysCertificateName",
      "SubscriptionID": "subid"
    },
    "connectionType": {
      "name": "Azure"
    }
  }
}

• Status code:200

{
  "id": null,
  "name": "mysConnection",
  "properties": {
    "creationTime": "2017-03-27T07:52:29.29+00:00",
    "lastModifiedTime": "2017-03-27T07:52:29.29+00:00",
    "description": "my description goes here",
    "fieldDefinitionValues": {
      "AutomationCertificateName": "mysCertificateName",
      "SubscriptionID": "subid"
    },
    "connectionType": {
      "name": "Azure"
    }
  }
}

对Automation Account创建证书，则和Connection接口相似。详情可见：https://docs.microsoft.com/en-us/rest/api/automation/certificate。

而如果是指在调用REST API时，需要在Header中携带 Authorization 值。基于Azure对授权的统一管理，需要在Azure AD中对客户端（REST API调用端）进行一个身份注册，然后可以在AAD中上传证书或者是通过密钥登录。

设置密钥(Secret)非常简单：打开Azure AD页面 --> 选择所注册的Applicaiton -->  选择“Certificates & secrets” -->  "New client secret"

而设置证书方式，与密钥在同一个页面，只是上传证书需注意：要上传带有私钥的证书，不能为公钥证书。否则，会遇见“ The private key is not present in the X.509 certificate ”错误。

参考资料

Automation REST API Reference: https://docs.microsoft.com/en-us/rest/api/automation/