@@ -3,22 +3,40 @@ function Get-CIPPAzIdentityToken {
33 . SYNOPSIS
44 Get the Azure Identity token for Managed Identity
55 . DESCRIPTION
6- This function retrieves the Azure Identity token using the Managed Identity endpoint
6+ This function retrieves the Azure Identity token using the Managed Identity endpoint for the specified resource
7+ . PARAMETER ResourceUrl
8+ The Azure resource URL to get a token for. Defaults to 'https://management.azure.com/' for Azure Resource Manager.
9+
10+ Common resources:
11+ - https://management.azure.com/ (Azure Resource Manager - default)
12+ - https://vault.azure.net (Azure Key Vault)
13+ - https://api.loganalytics.io (Log Analytics / Application Insights)
14+ - https://storage.azure.com/ (Azure Storage)
715 . EXAMPLE
816 Get-CIPPAzIdentityToken
17+ Gets a token for Azure Resource Manager
18+ . EXAMPLE
19+ Get-CIPPAzIdentityToken -ResourceUrl 'https://vault.azure.net'
20+ Gets a token for Azure Key Vault
21+ . EXAMPLE
22+ Get-CIPPAzIdentityToken -ResourceUrl 'https://api.loganalytics.io'
23+ Gets a token for Log Analytics API
924 #>
1025 [CmdletBinding ()]
11- param ()
26+ param (
27+ [Parameter (Mandatory = $false )]
28+ [string ]$ResourceUrl = ' https://management.azure.com/'
29+ )
1230
1331 $Endpoint = $env: IDENTITY_ENDPOINT
1432 $Secret = $env: IDENTITY_HEADER
15- $ResourceURI = ' https://management.azure.com/'
1633
1734 if (-not $Endpoint -or -not $Secret ) {
1835 throw ' Managed Identity environment variables (IDENTITY_ENDPOINT/IDENTITY_HEADER) not found. Is Managed Identity enabled on the Function App?'
1936 }
2037
21- $TokenUri = " $ ( $Endpoint ) ?resource=$ ( $ResourceURI ) &api-version=2019-08-01"
38+ $EncodedResource = [System.Uri ]::EscapeDataString($ResourceUrl )
39+ $TokenUri = " $ ( $Endpoint ) ?resource=$EncodedResource &api-version=2019-08-01"
2240 $Headers = @ {
2341 ' X-IDENTITY-HEADER' = $Secret
2442 }
0 commit comments