使用 REST API 调用在虚拟机规模集上配置 Azure 资源的托管标识Configure managed identities for Azure resources on a virtual machine scale set using REST API calls

Azure 资源的托管标识是 Azure Active Directory 的一项功能。Managed identities for Azure resources is a feature of Azure Active Directory. 支持 Azure 资源的托管标识的每个 Azure 服务都受其自己的时间线限制。Each of the Azure services that support managed identities for Azure resources are subject to their own timeline. 在开始之前,请务必查看资源的托管标识的可用性状态以及已知问题Make sure you review the availability status of managed identities for your resource and known issues before you begin.

Azure 资源的托管标识在 Azure Active Directory 中为 Azure 服务提供了一个自动托管系统标识。Managed identities for Azure resources provides Azure services with an automatically managed system identity in Azure Active Directory. 此标识可用于通过支持 Azure AD 身份验证的任何服务的身份验证,这样就无需在代码中插入凭据了。You can use this identity to authenticate to any service that supports Azure AD authentication, without having credentials in your code.

本文介绍如何在虚拟机规模集上通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用来执行以下 Azure 资源的托管标识操作:In this article, using CURL to make calls to the Azure Resource Manager REST endpoint, you learn how to perform the following managed identities for Azure resources operations on an virtual machine scale set:

  • 在 Azure 虚拟机规模集上启用和禁用系统分配托管标识Enable and disable the system-assigned managed identity on an Azure virtual machine scale set
  • 在 Azure 虚拟机规模集上添加和删除用户分配托管标识Add and remove a user-assigned managed identity on an Azure virtual machine scale set

先决条件Prerequisites

系统分配的托管标识System-assigned managed identity

本节将介绍如何在虚拟机规模集上通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用来启用和禁用系统分配的托管标识。In this section, you learn how to enable and disable system-assigned managed identity on a virtual machine scale set using CURL to make calls to the Azure Resource Manager REST endpoint.

在创建虚拟机规模集的过程中启用系统分配的托管标识Enable system-assigned managed identity during creation of a virtual machine scale set

要创建启用了系统分配的托管标识的虚拟机规模集,则需要创建虚拟机规模集并检索访问令牌,以使用 CURL 通过系统分配的托管标识类型值对资源管理器终结点进行调用。To create a virtual machine scale set with system-assigned managed identity enabled, you need create a virtual machine scale set and retrieve an access token to use CURL to call the Resource Manager endpoint with the system-assigned managed identity type value.

  1. 使用 az group create,创建用于容纳和部署虚拟机规模集及其相关资源的资源组Create a resource group for containment and deployment of your virtual machine scale set and its related resources, using az group create. 如果已有要改用的资源组,可以跳过这一步:You can skip this step if you already have resource group you would like to use instead:

    az group create --name myResourceGroup --location chinanorth
    
  2. 为虚拟机规模集创建网络接口Create a network interface for your virtual machine scale set:

     az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
    
  3. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  4. 通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用,创建虚拟机规模集。Create a virtual machine scale set using CURL to call the Azure Resource Manager REST endpoint. 下面的示例在“myResourceGroup”中创建名为“myVMSS”的虚拟机规模集,该规模集具有系统分配的托管标识(请求正文中用值 "identity":{"type":"SystemAssigned"} 进行标识) 。The following example creates a virtual machine scale set named myVMSS in the myResourceGroup with a system-assigned managed identity, as identified in the request body by the value "identity":{"type":"SystemAssigned"}. 请将 <ACCESS TOKEN> 替换为上一步中请求持有者访问令牌和适合环境的 <SUBSCRIPTION ID> 值时收到的值。Replace <ACCESS TOKEN> with the value you received in the previous step when you requested a Bearer access token and the <SUBSCRIPTION ID> value as appropriate for your environment.

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PUT -d '{"sku":{"tier":"Standard","capacity":3,"name":"Standard_D1_v2"},"location":"chinanorth","identity":{"type":"SystemAssigned"},"properties":{"overprovision":true,"virtualMachineProfile":{"storageProfile":{"imageReference":{"sku":"2016-Datacenter","publisher":"MicrosoftWindowsServer","version":"latest","offer":"WindowsServer"},"osDisk":{"caching":"ReadWrite","managedDisk":{"storageAccountType":"Standard_LRS"},"createOption":"FromImage"}},"osProfile":{"computerNamePrefix":"myVMSS","adminUsername":"azureuser","adminPassword":"myPassword12"},"networkProfile":{"networkInterfaceConfigurations":[{"name":"myVMSS","properties":{"primary":true,"enableIPForwarding":true,"ipConfigurations":[{"name":"myVMSS","properties":{"subnet":{"id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"}}}]}}]}},"upgradePolicy":{"mode":"Manual"}}}' -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>"
    
    PUT https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "sku":{
           "tier":"Standard",
           "capacity":3,
           "name":"Standard_D1_v2"
        },
        "location":"chinanorth",
        "identity":{
           "type":"SystemAssigned"
        },
        "properties":{
           "overprovision":true,
           "virtualMachineProfile":{
              "storageProfile":{
                 "imageReference":{
                    "sku":"2016-Datacenter",
                    "publisher":"MicrosoftWindowsServer",
                    "version":"latest",
                    "offer":"WindowsServer"
                 },
                 "osDisk":{
                    "caching":"ReadWrite",
                    "managedDisk":{
                       "storageAccountType":"Standard_LRS"
                    },
                    "createOption":"FromImage"
                 }
              },
              "osProfile":{
                 "computerNamePrefix":"myVMSS",
                 "adminUsername":"azureuser",
                 "adminPassword":"myPassword12"
              },
              "networkProfile":{
                 "networkInterfaceConfigurations":[
                    {
                       "name":"myVMSS",
                       "properties":{
                          "primary":true,
                          "enableIPForwarding":true,
                          "ipConfigurations":[
                             {
                                "name":"myVMSS",
                                "properties":{
                                   "subnet":{
                                      "id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"
                                   }
                                }
                             }
                          ]
                       }
                    }
                 ]
              }
           },
           "upgradePolicy":{
              "mode":"Manual"
           }
        }
     }  
    

在现有虚拟机规模集上启用系统分配的托管标识Enable system-assigned managed identity on an existing virtual machine scale set

要在现有虚拟机规模集上启用系统分配的托管标识,需要获取访问令牌,然后使用 CURL 对资源管理器 REST 终结点进行调用以更新标识类型。To enable system-assigned managed identity on an existing virtual machine scale set, you need to acquire an access token and then use CURL to call the Resource Manager REST endpoint to update the identity type.

  1. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  2. 使用以下 CURL 命令对 Azure 资源管理器 REST 终结点进行调用,为名为“myVMSS”的虚拟机规模集启用系统分配的托管标识(在请求正文中用值 {"identity":{"type":"SystemAssigned"} 进行标识)。Use the following CURL command to call the Azure Resource Manager REST endpoint to enable system-assigned managed identity on your virtual machine scale set as identified in the request body by the value {"identity":{"type":"SystemAssigned"} for a virtual machine scale set named myVMSS. 请将 <ACCESS TOKEN> 替换为上一步中请求持有者访问令牌和适合环境的 <SUBSCRIPTION ID> 值时收到的值。Replace <ACCESS TOKEN> with the value you received in the previous step when you requested a Bearer access token and the <SUBSCRIPTION ID> value as appropriate for your environment.

    重要

    若要确保不删除用户分配给虚拟机规模集的任何现有托管标识,需要使用以下 CURL 命令列出用户分配的托管标识:curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>"To ensure you don't delete any existing user-assigned managed identities that are assigned to the virtual machine scale set, you need to list the user-assigned managed identities by using this CURL command: curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>". 如果具有用户分配给虚拟机规模集的任何标识(响应中用值 identity 进行标识),请跳过步骤 3,该步骤介绍了如何在虚拟机规模集上启用系统分配的托管标识的同时保留用户分配的托管标识。If you have any user-assigned managed identities assigned to the virtual machine scale set as identified in the identity value in the response, skip to step 3 that shows you how to retain user-assigned managed identities while enabling system-assigned managed identity on your virtual machine scale set.

     curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"SystemAssigned"}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned"
        }
     }
    
  3. 要在具有现有用户分配的托管标识的虚拟机规模集上启用系统分配的托管标识,需要将 SystemAssigned 添加到 type 值。To enable system-assigned managed identity on a virtual machine scale set with existing user-assigned managed identities, you need to add SystemAssigned to the type value.

    例如,如果虚拟机规模集具有用户分配给它的托管标识 ID1ID2,并且你希望向该虚拟机规模集添加系统分配的托管标识,请使用以下 CURL 调用。For example, if your virtual machine scale set has the user-assigned managed identities ID1 and ID2 assigned to it, and you would like to add system-assigned managed identity to the virtual machine scale set, use the following CURL call. <ACCESS TOKEN><SUBSCRIPTION ID> 替换为适合环境的值。Replace <ACCESS TOKEN> and <SUBSCRIPTION ID> with values appropriate to your environment.

    API 版本 2018-06-01 以字典格式将用户分配的托管标识存储在 userAssignedIdentities 值中,而 API 版本 2017-12-01 则以数组格式将托管标识存储在 identityIds 值中。API version 2018-06-01 stores user-assigned managed identities in the userAssignedIdentities value in a dictionary format as opposed to the identityIds value in an array format used in API version 2017-12-01.

    API 版本 2018-06-01API VERSION 2018-06-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"SystemAssigned,UserAssigned", "userAssignedIdentities":{"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{},"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":{}}}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned,UserAssigned",
           "userAssignedIdentities":{
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{
              },
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":{
    
              }
           }
        }
     }
    

    API 版本 2017-12-01API VERSION 2017-12-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01' -X PATCH -d '{"identity":{"type":"SystemAssigned,UserAssigned", "identityIds":["/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1","/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2"]}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned,UserAssigned",
           "identityIds":[
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1",
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2"
           ]
        }
     }
    

从虚拟机规模集中禁用系统分配的托管标识Disable system-assigned managed identity from a virtual machine scale set

要在现有虚拟机规模集上禁用系统分配的标识,需要获取访问令牌,然后使用 CURL 对资源管理器 REST 终结点进行调用以将标识类型更新为 NoneTo disable a system-assigned identity on an existing virtual machine scale set, you need to acquire an access token and then use CURL to call the Resource Manager REST endpoint to update the identity type to None.

  1. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  2. 通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用以禁用系统分配的托管标识,更新虚拟机规模集。Update the virtual machine scale set using CURL to call the Azure Resource Manager REST endpoint to disable system-assigned managed identity. 下面的示例从名为“myVMSS”的虚拟机规模集上禁用系统分配的托管标识(在请求正文中用值 {"identity":{"type":"None"}} 进行标识)。The following example disables system-assigned managed identity as identified in the request body by the value {"identity":{"type":"None"}} from a virtual machine scale set named myVMSS. 请将 <ACCESS TOKEN> 替换为上一步中请求持有者访问令牌和适合环境的 <SUBSCRIPTION ID> 值时收到的值。Replace <ACCESS TOKEN> with the value you received in the previous step when you requested a Bearer access token and the <SUBSCRIPTION ID> value as appropriate for your environment.

    重要

    若要确保不删除用户分配给虚拟机规模集的任何现有托管标识,需要使用以下 CURL 命令列出用户分配的托管标识:curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>"To ensure you don't delete any existing user-assigned managed identities that are assigned to the virtual machine scale set, you need to list the user-assigned managed identities by using this CURL command: curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>". 如果具有用户分配给虚拟机规模集的任何托管标识,请跳过步骤 3,该步骤介绍了如何在从虚拟机规模集中删除系统分配的托管标识的同时保留用户分配的托管标识。If you have any user-assigned managed identity assigned to the virtual machine scale set, skip to step 3 that shows you how retain the user-assigned managed identities while removing the system-assigned managed identity from your virtual machine scale set.

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"None"}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"None"
        }
     }
    

    如果使用的是 API 版本 2018-06-01,若要从具有用户分配的托管标识的虚拟机规模集中删除系统分配的托管标识,请从 {"identity":{"type:" "}} 值中删除 SystemAssigned,同时保留 UserAssigned 值和 userAssignedIdentities 字典值。To remove system-assigned managed identity from a virtual machine scale set that has user-assigned managed identities, remove SystemAssigned from the {"identity":{"type:" "}} value while keeping the UserAssigned value and the userAssignedIdentities dictionary values if you are using API version 2018-06-01. 如果使用的是 API 版本 2017-12-01 或早期版本,请保留 identityIds 数组。If you are using API version 2017-12-01 or earlier, keep the identityIds array.

用户分配的托管标识User-assigned managed identity

本节将介绍如何在 Azure 虚拟机规模集上通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用来添加和删除用户分配的托管标识。In this section, you learn how to add and remove user-assigned managed identity on a virtual machine scale set using CURL to make calls to the Azure Resource Manager REST endpoint.

在创建虚拟机规模集的过程中分配用户分配托管标识Assign a user-assigned managed identity during the creation of a virtual machine scale set

  1. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  2. 为虚拟机规模集创建网络接口Create a network interface for your virtual machine scale set:

     az network nic create -g myResourceGroup --vnet-name myVnet --subnet mySubnet -n myNic
    
  3. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  4. 按照此处的说明创建用户分配的托管标识:创建用户分配的托管标识Create a user-assigned managed identity using the instructions found here: Create a user-assigned managed identity.

  5. 通过使用 CURL 对 Azure 资源管理器 REST 终结点进行调用,创建虚拟机规模集。Create a virtual machine scale set using CURL to call the Azure Resource Manager REST endpoint. 下面的示例在资源组“myResourceGroup”中创建名为“myVMSS”的虚拟机规模集,该规模集具有用户分配的托管标识 ID1(请求正文中用值 "identity":{"type":"UserAssigned"} 进行标识) 。The following example creates a virtual machine scale set named myVMSS in the resource group myResourceGroup with a user-assigned managed identity ID1, as identified in the request body by the value "identity":{"type":"UserAssigned"}. 请将 <ACCESS TOKEN> 替换为上一步中请求持有者访问令牌和适合环境的 <SUBSCRIPTION ID> 值时收到的值。Replace <ACCESS TOKEN> with the value you received in the previous step when you requested a Bearer access token and the <SUBSCRIPTION ID> value as appropriate for your environment.

    API 版本 2018-06-01API VERSION 2018-06-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PUT -d '{"sku":{"tier":"Standard","capacity":3,"name":"Standard_D1_v2"},"location":"chinanorth","identity":{"type":"UserAssigned","userAssignedIdentities":{"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{}}},"properties":{"overprovision":true,"virtualMachineProfile":{"storageProfile":{"imageReference":{"sku":"2016-Datacenter","publisher":"MicrosoftWindowsServer","version":"latest","offer":"WindowsServer"},"osDisk":{"caching":"ReadWrite","managedDisk":{"storageAccountType":"Standard_LRS"},"createOption":"FromImage"}},"osProfile":{"computerNamePrefix":"myVMSS","adminUsername":"azureuser","adminPassword":"myPassword12"},"networkProfile":{"networkInterfaceConfigurations":[{"name":"myVMSS","properties":{"primary":true,"enableIPForwarding":true,"ipConfigurations":[{"name":"myVMSS","properties":{"subnet":{"id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"}}}]}}]}},"upgradePolicy":{"mode":"Manual"}}}' -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>"
    
    PUT https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "sku":{
           "tier":"Standard",
           "capacity":3,
           "name":"Standard_D1_v2"
        },
        "location":"chinanorth",
        "identity":{
           "type":"UserAssigned",
           "userAssignedIdentities":{
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{
    
              }
           }
        },
        "properties":{
           "overprovision":true,
           "virtualMachineProfile":{
              "storageProfile":{
                 "imageReference":{
                    "sku":"2016-Datacenter",
                    "publisher":"MicrosoftWindowsServer",
                    "version":"latest",
                    "offer":"WindowsServer"
                 },
                 "osDisk":{
                    "caching":"ReadWrite",
                    "managedDisk":{
                       "storageAccountType":"Standard_LRS"
                    },
                    "createOption":"FromImage"
                 }
              },
              "osProfile":{
                 "computerNamePrefix":"myVMSS",
                 "adminUsername":"azureuser",
                 "adminPassword":"myPassword12"
              },
              "networkProfile":{
                 "networkInterfaceConfigurations":[
                    {
                       "name":"myVMSS",
                       "properties":{
                          "primary":true,
                          "enableIPForwarding":true,
                          "ipConfigurations":[
                             {
                                "name":"myVMSS",
                                "properties":{
                                   "subnet":{
                                      "id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"
                                   }
                                }
                             }
                          ]
                       }
                    }
                 ]
              }
           },
           "upgradePolicy":{
              "mode":"Manual"
           }
        }
     }
    

    API 版本 2017-12-01API VERSION 2017-12-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01' -X PUT -d '{"sku":{"tier":"Standard","capacity":3,"name":"Standard_D1_v2"},"location":"chinanorth","identity":{"type":"UserAssigned","identityIds":["/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"]},"properties":{"overprovision":true,"virtualMachineProfile":{"storageProfile":{"imageReference":{"sku":"2016-Datacenter","publisher":"MicrosoftWindowsServer","version":"latest","offer":"WindowsServer"},"osDisk":{"caching":"ReadWrite","managedDisk":{"storageAccountType":"Standard_LRS"},"createOption":"FromImage"}},"osProfile":{"computerNamePrefix":"myVMSS","adminUsername":"azureuser","adminPassword":"myPassword12"},"networkProfile":{"networkInterfaceConfigurations":[{"name":"myVMSS","properties":{"primary":true,"enableIPForwarding":true,"ipConfigurations":[{"name":"myVMSS","properties":{"subnet":{"id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"}}}]}}]}},"upgradePolicy":{"mode":"Manual"}}}' -H "Content-Type: application/json" -H "Authorization: Bearer <ACCESS TOKEN>"
    
    PUT https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "sku":{
           "tier":"Standard",
           "capacity":3,
           "name":"Standard_D1_v2"
        },
        "location":"chinanorth",
        "identity":{
           "type":"UserAssigned",
           "identityIds":[
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"
           ]
        },
        "properties":{
           "overprovision":true,
           "virtualMachineProfile":{
              "storageProfile":{
                 "imageReference":{
                    "sku":"2016-Datacenter",
                    "publisher":"MicrosoftWindowsServer",
                    "version":"latest",
                    "offer":"WindowsServer"
                 },
                 "osDisk":{
                    "caching":"ReadWrite",
                    "managedDisk":{
                       "storageAccountType":"Standard_LRS"
                    },
                    "createOption":"FromImage"
                 }
              },
              "osProfile":{
                 "computerNamePrefix":"myVMSS",
                 "adminUsername":"azureuser",
                 "adminPassword":"myPassword12"
              },
              "networkProfile":{
                 "networkInterfaceConfigurations":[
                    {
                       "name":"myVMSS",
                       "properties":{
                          "primary":true,
                          "enableIPForwarding":true,
                          "ipConfigurations":[
                             {
                                "name":"myVMSS",
                                "properties":{
                                   "subnet":{
                                      "id":"/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Network/virtualNetworks/myVnet/subnets/mySubnet"
                                   }
                                }
                             }
                          ]
                       }
                    }
                 ]
              }
           },
           "upgradePolicy":{
              "mode":"Manual"
           }
        }
     }
    

将用户分配的托管标识分配到现有 Azure 虚拟机规模集Assign a user-assigned managed identity to an existing Azure virtual machine scale set

  1. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  2. 按照此处的说明创建用户分配的托管标识:创建用户分配的托管标识Create a user-assigned managed identity using the instructions found here, Create a user-assigned managed identity.

  3. 若要确保不删除用户或系统分配给虚拟机规模集的现有托管标识,需要使用以下 CURL 命令列出分配给虚拟机规模集的标识。To ensure you don't delete existing user or system-assigned managed identities that are assigned to the virtual machine scale set, you need to list the identity types assigned to the virtual machine scale set by using the following CURL command. 如果具有分配给虚拟机规模集的托管标识,则这些标识会在 identity 值中列出。If you have managed identities assigned to the virtual machine scale set, they are listed in the identity value.

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>"
    
    GET https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.
  4. 如果没有用户或系统分配给虚拟机规模集的任何托管标识,请使用以下 CURL 命令对 Azure 资源管理器 REST 终结点进行调用,以将第一个用户分配的托管标识分配给虚拟机规模集。If you don't have any user or system-assigned managed identities assigned to your virtual machine scale set, use the following CURL command to call the Azure Resource Manager REST endpoint to assign the first user-assigned managed identity to the virtual machine scale set. 如果具有用户或系统分配给虚拟机规模集的托管标识,请跳过步骤 5,该步骤介绍了如何将多个用户分配的托管标识添加到虚拟机规模集并同时保留系统分配的托管标识。If you have a user or system-assigned managed identity(s) assigned to the virtual machine scale set, skip to step 5 that shows you how to add multiple user-assigned managed identities to a virtual machine scale set while also maintaining the system-assigned managed identity.

    下面的示例将用户分配的托管标识 ID1 分配给 资源组“myResourceGroup”中名为“myVMSS”的虚拟机规模集 。The following example assigns a user-assigned managed identity, ID1 to a virtual machine scale set named myVMSS in the resource group myResourceGroup. 请将 <ACCESS TOKEN> 替换为上一步中请求持有者访问令牌和适合环境的 <SUBSCRIPTION ID> 值时收到的值。Replace <ACCESS TOKEN> with the value you received in the previous step when you requested a Bearer access token and the <SUBSCRIPTION ID> value as appropriate for your environment.

    API 版本 2018-06-01API VERSION 2018-06-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-12-01' -X PATCH -d '{"identity":{"type":"userAssigned", "userAssignedIdentities":{"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{}}}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"userAssigned",
           "userAssignedIdentities":{
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{
    
              }
           }
        }
     }
    

    API 版本 2017-12-01API VERSION 2017-12-01

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01' -X PATCH -d '{"identity":{"type":"userAssigned", "identityIds":["/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"]}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"userAssigned",
           "identityIds":[
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"
           ]
        }
     }
    
  5. 如果具有用户或系统分配给虚拟机规模集的现有托管标识,则:If you have an existing user-assigned or system-assigned managed identity assigned to your virtual machine scale set:

    API 版本 2018-06-01API VERSION 2018-06-01

    将用户分配的托管标识添加到 userAssignedIdentities 字典值。Add the user-assigned managed identity to the userAssignedIdentities dictionary value.

    例如,如果你具有当前分配给虚拟机规模的系统分配的托管标识和用户分配的托管标识 ID1 并希望将用户分配的托管标识 ID2 添加到该虚拟机规模,则:For example, if you have system-assigned managed identity and the user-assigned managed identity ID1 currently assigned to your virtual machine scale and would like to add the user-assigned managed identity ID2 to it:

    curl  'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"SystemAssigned, UserAssigned", "userAssignedIdentities":{"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{},"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":{}}}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned, UserAssigned",
           "userAssignedIdentities":{
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1":{
    
              },
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":{
    
              }
           }
        }
     }
    

    API 版本 2017-12-01API VERSION 2017-12-01

    identityIds 数组值中保留要保持的用户分配的托管标识,同时添加新的用户分配的托管标识。Retain the user-assigned managed identities you would like to keep in the identityIds array value while adding the new user-assigned managed identity.

    例如,如果你具有当前分配给虚拟机规模集的系统分配的标识和用户分配的托管标识 ID1 并希望将用户分配的托管标识 ID2 添加到该虚拟机规模集,则:For example, if you have system-assigned identity and the user-assigned managed identity ID1 currently assigned to your virtual machine scale set and would like to add the user-assigned managed identity ID2 to it:

    curl  'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01' -X PATCH -d '{"identity":{"type":"SystemAssigned, UserAssigned", "identityIds":["/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1","/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2"]}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned, UserAssigned",
           "identityIds":[
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1",
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2"
           ]
        }
     }
    

从虚拟机规模集中删除用户分配的托管标识Remove a user-assigned managed identity from a virtual machine scale set

  1. 检索持有者访问令牌,下一步在授权标头中将使用该令牌创建具有系统分配的托管标识的虚拟机规模集。Retrieve a Bearer access token, which you will use in the next step in the Authorization header to create your virtual machine scale set with a system-assigned managed identity.

    az account get-access-token
    
  2. 若要确保不删除任何现有用户分配的托管标识(希望保留在虚拟机规模集上)或不删除系统分配的托管标识,需要使用以下 CURL 命令列出这些托管标识:To ensure you don't delete any existing user-assigned managed identities that you would like to keep assigned to the virtual machine scale set or remove the system-assigned managed identity, you need to list the managed identities by using the following CURL command:

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01' -H "Authorization: Bearer <ACCESS TOKEN>" 
    
    GET https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Compute/virtualMachineScaleSets/<VMSS NAME>?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    如果具有分配给 VM 的托管标识,则这些标识会在 identity 值下列出。If you have managed identities assigned to the VM, they are listed in the response in the identity value.

    例如,如果你有分配给虚拟机规模集的用户分配的托管标识 ID1ID2,并且仅希望保持分配 ID1 并保留系统分配的托管标识:For example, if you have user-assigned managed identities ID1 and ID2 assigned to your virtual machine scale set, and you only want to keep ID1 assigned and retain the system-assigned managed identity:

    API 版本 2018-06-01API VERSION 2018-06-01

    null 添加到要删除的用户分配的托管标识:Add null to the user-assigned managed identity you would like to remove:

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"SystemAssigned, UserAssigned", "userAssignedIdentities":{"/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":null}}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned, UserAssigned",
           "userAssignedIdentities":{
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID2":null
           }
        }
     }
    

    API 版本 2017-12-01API VERSION 2017-12-01

    identityIds 数组中仅保留要保持的用户分配的托管标识:Retain only the user-assigned managed identity(s) you would like to keep in the identityIds array:

    curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01' -X PATCH -d '{"identity":{"type":"SystemAssigned,UserAssigned", "identityIds":["/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"]}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
    
    PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2017-12-01 HTTP/1.1
    

    请求标头Request headers

    请求标头Request header 说明Description
    Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
    授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

    请求正文Request body

     {
        "identity":{
           "type":"SystemAssigned,UserAssigned",
           "identityIds":[
              "/subscriptions/<SUBSCRIPTION ID>/resourcegroups/myResourceGroup/providers/Microsoft.ManagedIdentity/userAssignedIdentities/ID1"
           ]
        }
     }
    

如果虚拟机规模集同时具有系统分配的标识和用户分配的托管标识,则可使用以下命令切换为仅使用系统分配的托管标识,删除所有用户分配的托管标识:If your virtual machine scale set has both system-assigned and user-assigned managed identities, you can remove all the user-assigned managed identities by switching to use only system-assigned using the following command:

curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"SystemAssigned"}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1

请求标头Request headers

请求标头Request header 说明Description
Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

请求正文Request body

{
   "identity":{
      "type":"SystemAssigned"
   }
}

如果虚拟机规模集只具有用户分配的托管标识并希望删除所有这些标识,请使用以下命令:If your virtual machine scale set has only user-assigned managed identities and you would like to remove them all, use the following command:

curl 'https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01' -X PATCH -d '{"identity":{"type":"None"}}' -H "Content-Type: application/json" -H Authorization:"Bearer <ACCESS TOKEN>"
PATCH https://management.chinacloudapi.cn/subscriptions/<SUBSCRIPTION ID>/resourceGroups/myResourceGroup/providers/Microsoft.Compute/virtualMachineScaleSets/myVMSS?api-version=2018-06-01 HTTP/1.1

请求标头Request headers

请求标头Request header 说明Description
Content-TypeContent-Type 必需。Required. 设置为 application/jsonSet to application/json.
授权Authorization 必需。Required. 设置为有效的 Bearer 访问令牌。Set to a valid Bearer access token.

请求正文Request body

{
   "identity":{
      "type":"None"
   }
}

后续步骤Next steps

有关如何使用 REST 创建、列出或删除用户分配的托管标识,请参阅:For information on how to create, list, or delete user-assigned managed identities using REST see: