使用 REST API 调用创建、列出或删除用户分配托管标识Create, list, or delete a user-assigned managed identity using REST API calls

用户分配的托管标识是 Azure Active Directory 的预览版功能。User assigned managed identities are a preview feature of Azure Active Directory. 在开始之前,请确保已查看已知问题Make sure you review the known issues before you begin. 有关预览版的详细信息,请参阅 Azure 预览版补充使用条款For more information about previews, see Supplemental Terms of Use for Azure Previews.

Azure 资源托管标识使 Azure 服务能够向支持 Azure AD 身份验证的服务进行身份验证,而无需在代码中输入凭据。Managed identities for Azure resources provide Azure services the ability to authenticate to services that support Azure AD authentication, without needing credentials in your code.

本文介绍如何使用 CURL 创建、列出和删除用户分配托管标识以进行 REST API 调用。In this article, you learn how to create, list, and delete a user-assigned managed identity using CURL to make REST API calls.

先决条件Prerequisites

创建用户分配的托管标识Create a user-assigned managed identity

若要创建用户分配的托管标识,你的帐户需要托管标识参与者角色分配。To create a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

重要

创建用户分配标识时,只能使用字母数字字符(0-9、a-z、A-Z)、下划线 (_) 和连字符 (-)。When creating user assigned identities, only alphanumeric characters (0-9, a-z, A-Z), the underscore (_) and the hyphen (-) are supported. 另外,为了确保能够正常分配给 VM/VMSS,名称长度应该为 3 到 128 个字符。Additionally, the name should be atleast 3 characters and up to 128 characters in length for the assignment to VM/VMSS to work properly. 请关注后续更新。Check back for updates. 有关详细信息,请参阅 FAQ 和已知问题For more information, see FAQs and known issues.

curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroup
s/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>?api-version=2015-08-31-preview' -X PUT -d '{"loc
ation": "<LOCATION>"}' -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>"
PUT https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroup
s/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>?api-version=2015-08-31-preview HTTP/1.1

请求标头Request headers

请求标头Request header 说明Description
Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

请求正文Request body

名称Name 说明Description
locationlocation 必需。Required. 资源位置。Resource location.

列出用户分配的托管标识List user-assigned managed identities

若要列出/读取用户分配的托管标识,你的帐户需要托管标识操作员托管标识参与者角色分配。To list/read a user-assigned managed identity, your account needs the Managed Identity Operator or Managed Identity Contributor role assignment.

curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities?api-version=2015-08-31-preview' -H "Authorization: Bearer <ACCESS TOKEN>"
GET https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities?api-version=2015-08-31-preview HTTP/1.1
请求标头Request header 说明Description
Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

删除用户分配的托管标识Delete a user-assigned managed identity

若要删除用户分配的托管标识,你的帐户需要托管标识参与者角色分配。To delete a user-assigned managed identity, your account needs the Managed Identity Contributor role assignment.

备注

删除用户分配托管标识不会从将其分配到的任何资源中删除引用。Deleting a user-assigned managed identity will not remove the reference from any resource it was assigned to. 要使用 CURL 从 VM 中删除用户分配的托管标识,请参阅[从 Azure VM 中删除用户分配的标识](qs-configure-rest-vm.md#remove-a-user-assigned identity-from-an-azure-vm)。To remove a user-assigned managed identity from a VM using CURL see [Remove a user-assigned identity from an Azure VM](qs-configure-rest-vm.md#remove-a-user-assigned identity-from-an-azure-vm).

curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroup
s/<RESOURCE GROUP>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>?api-version=2015-08-31-preview' -X DELETE -H "Authorization: Bearer <ACCESS TOKEN>"
DELETE https://management.chinacloudapi.cn/subscriptions/80c696ff-5efa-4909-a64d-f1b616f423ca/resourceGroups/TestRG/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<USER ASSIGNED IDENTITY NAME>?api-version=2015-08-31-preview HTTP/1.1
请求标头Request header 说明Description
Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

后续步骤Next steps

要了解如何使用 CURL 将用户分配托管标识分配给 Azure VM/VMSS,请参阅使用 REST API 调用在 Azure VM 上配置 Azure 资源托管标识使用 REST API 调用在虚拟机规模集上配置 Azure 资源托管标识For information on how to assign a user-assigned managed identity to an Azure VM/VMSS using CURL see, Configure managed identities for Azure resources on an Azure VM using REST API calls and Configure managed identities for Azure resources on a virtual machine scale set using REST API calls.