Archer Archer - 4 months ago 22
Powershell Question

Azure Powershell to check resource names

Random generated resource names can be rejected by Azure. Is there any Powershell cmdlet to check those names?

I know there is a Test-AzureName. But it only works with a limited type of resources. Not enough for my use case. (Storage, SQL, DNS, Public IP)

And I know there is this REST-API. But when I call it through Invoke-RestMethod, it returns an error: {"error":{"code":"AuthenticationFailed","message":"Authentication failed. The 'Authorization' header is missing."}}

I'm not very good at Powershell, can someone point me out Azure Powershell cmdlet to do such a task or help me to get the REST-API work?

Thanks!

Answer

The Invoke-RestMethod with "Check resource name" REST API is good enough for your case. But, you need to do some preparation.

First, You need to create an Active Directory application.

  1. Login to your Azure Accout in the Classic Portal.
  2. Select Active Directory from the left pane, can click your default Directory.
  3. Click Application, and click Add in the bottom pane.
  4. You should create a WEB APPLICATION AND/OR WEB API. For NAME, SIGN-ON URL, and APP ID URI, enter anything suitable because it doesn't matter in this case. I enter "https://localhost" for SIGN-ON URL and APP ID URI when testing.
  5. Click OK to create.
  6. After the Creation, click CONFIGURE of your application. Scroll down to the Keys section and select how long you would like your password to be valid.
  7. Save and get the key for your client. In this page, you can get your client id and key. Copy and save them somewhere else, because you will need them later.
  8. In the Configure Page, under the permissions to other applications, click Add application.
  9. Select Windows Azure Service Management API, and click OK to Add.
  10. Add the Access Azure Service Management as organization users (preview) delegated permission to the service management API.
  11. Save the change.

For more information about this, see Create Active Directory application and service principal using portal

the following script will give you proper headers for the REST API.

try{
    $subscription = Get-AzureRmSubscription
}
catch{
    Login-AzureRmAccount
    $subscription = Get-AzureRmSubscription
}

$tenantId = $subscription.TenantId

#these are the client id and key you get from the above steps.
$clientId = "<your client id>"
$key = "<your key>"

$authUrl = "https://login.windows.net/${tenantId}"
$AuthContext = [Microsoft.IdentityModel.Clients.ActiveDirectory.AuthenticationContext]$authUrl

$cred = New-Object Microsoft.IdentityModel.Clients.ActiveDirectory.ClientCredential $clientId,$key
$result = $AuthContext.AcquireToken("https://management.core.windows.net/",$cred)
$authHeader = @{
'Content-Type'='application/json'
'Authorization'=$result.CreateAuthorizationHeader()
}

$URI = "https://management.azure.com/providers/microsoft.resources/checkresourcename?api-version=2014-01-01"
Invoke-RestMethod -Uri $URI -Method POST -Headers $authHeader -Body "{'Name':'<the name you want to test>','Type':'<the resource type you want to test>'}"
Comments