commands

^

New-DbaAzAccessToken

Author Chrissy LeMaire (@cl), netnerds.net
Availability Windows, Linux, macOS

 

Synopsis

Simplifies the generation of Azure oauth2 tokens.

Description

Generates an oauth2 access token. Currently supports Managed Identities, Service Principals and IRenewableToken.

Want to know more about Access Tokens? This page explains it well: https://dzone.com/articles/using-managed-identity-to-securely-access-azure-re

Syntax

New-DbaAzAccessToken
    [-Type] <String>
    [[-Subtype] <String>]
    [[-Config] <Object>]
    [[-Credential] <PSCredential>]
    [[-Tenant] <String>]
    [[-Thumbprint] <String>]
    [[-Store] <String>]
    [-EnableException]
    [<CommonParameters>]

 

Examples

 

Example: 1
PS C:\> New-DbaAzAccessToken -Type ManagedIdentity

Returns a plain-text token for Managed Identities for SQL Azure Db.

Example: 2
PS C:\> $token = New-DbaAzAccessToken -Type ManagedIdentity -Subtype AzureSqlDb
PS C:\> $server = Connect-DbaInstance -SqlInstance myserver.database.windows.net -Database mydb -AccessToken $token -DisableException

Generates a token then uses it to connect to Azure SQL DB then connects to an Azure SQL Db

Example: 3
PS C:\> $token = New-DbaAzAccessToken -Type ServicePrincipal -Tenant whatup.onmicrosoft.com -Credential ee590f55-9b2b-55d4-8bca-38ab123db670
PS C:\> $server = Connect-DbaInstance -SqlInstance myserver.database.windows.net -Database mydb -AccessToken $token -DisableException
PS C:\> Invoke-DbaQuery -SqlInstance $server -Query "select 1 as test"

Generates a token then uses it to connect to Azure SQL DB then connects to an Azure SQL Db.
Once the connection is made, it is used to perform a test query.

Required Parameters

-Type

The type of request: ManagedIdentity ServicePrincipal RenewableServicePrincipal

Alias
Required True
Pipeline false
Default Value
Accepted Values ManagedIdentity,ServicePrincipal,RenewableServicePrincipal

Optional Parameters

-Subtype

The subtype. Options include: AzureSqlDb (default) ResourceManager DataLake EventHubs KeyVault ResourceManager ServiceBus Storage Read more here: https://docs.microsoft.com/en-us/azure/active-directory/managed-identities-azure-resources/tutorial-windows-vm-access-sql

Alias
Required False
Pipeline false
Default Value AzureSqlDb
Accepted Values AzureSqlDb,ResourceManager,DataLake,EventHubs,KeyVault,ResourceManager,ServiceBus,Storage
-Config

The hashtable or json configuration.

Alias
Required False
Pipeline false
Default Value
-Credential

When using the ServicePrincipal type, a Credential is required. The username is the App ID and Password is the App Password https://docs.microsoft.com/en-us/azure/active-directory/user-help/multi-factor-authentication-end-user-app-passwords

Alias
Required False
Pipeline false
Default Value
-Tenant

When using the ServicePrincipal or RenewableServicePrincipal types, a tenant name or ID is required. This field works with both.

Alias
Required False
Pipeline false
Default Value (Get-DbatoolsConfigValue -FullName 'azure.tenantid')
-Thumbprint

Thumbprint for connections to Azure MSI

Alias
Required False
Pipeline false
Default Value (Get-DbatoolsConfigValue -FullName 'azure.certificate.thumbprint')
-Store

Store where the Azure MSI certificate is stored

Alias
Required False
Pipeline false
Default Value (Get-DbatoolsConfigValue -FullName 'azure.certificate.store')
Accepted Values CurrentUser,LocalMachine
-EnableException

By default in most of our commands, when something goes wrong we try to catch it, interpret it and give you a friendly warning message. This command, however, gifts you with "sea of red" exceptions, by default, because it is useful for advanced scripting. Using this switch turns our "nice by default" feature on which makes errors into pretty warnings.

Alias
Required False
Pipeline false
Default Value False

 

Want to see the source code for this command? Check out New-DbaAzAccessToken on GitHub.
Want to see the Bill Of Health for this command? Check out New-DbaAzAccessToken.