【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法

简介: 【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法

问题描述

在使用Python SDK时候,登录到China Azure (Mooncake)并访问AlertsManagement资源时候,时常遇见  EnvironmentCredential: Authentication failed 的错误消息。

Python 代码:

from azure.identity import DefaultAzureCredential
from azure.mgmt.alertsmanagement import AlertsManagementClient
# Acquire a credential object using CLI-based authentication.
credential = DefaultAzureCredential()
subscription_id = "xxxx-xxxx-xxxx-xxxx-xxxx"
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
rules = alertClient.smart_detector_alert_rules.list()
for rule in rules:
    print("Rule Name: " + rule.name)

错误消息:

PS C:\LBWorkSpace\MyCode\46-alertrule-python> python getrule.py
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900
Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10
Timestamp: 2022-01-27 12:09:35Z
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Traceback (most recent call last):
  File "C:\LBWorkSpace\MyCode\46-alertrule-python\getrule.py", line 15, in <module>
    for rule in rules:
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 129, in __next__
    return next(self._page_iterator)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 76, in __next__
    self._response = self._get_next(self.continuation_token)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 158, in send
    response = self.next.send(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 445, in send
    response = self.next.send(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 117, in send
    self.on_request(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 94, in on_request
    self._token = self._credential.get_token(*self._scopes)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\default.py", line 172, in get_token
    return super(DefaultAzureCredential, self).get_token(*scopes, **kwargs)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\chained.py", line 108, in get_token
    raise ClientAuthenticationError(message=message)
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900
Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10
Timestamp: 2022-01-27 12:09:35Z
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

问题解决

从错误消息 https://management.azure.com 得知问题是由于 AlertsManagementClient 中使用的 Resource Principal 为默认值,并没有随着指定 base_url 而修改为

https://management.chinacloudapi.cn/ 。 可以通过在构造  AlertsManagementClient 对象时候,指定 credential_scopes 为 ["https://management.chinacloudapi.cn/.default"] 来缓解问题。

修改后的代码为:

# 修改前:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
# 修改后:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

PS: 当创建其他资源的Client对象,如果遇见相同的 Principal 问题,可以设定 credential_scopes 来解决问题。

完整可远行的代码为:

# Import the needed credential and management objects from the libraries.
from azure.identity import DefaultAzureCredential
from azure.mgmt.alertsmanagement import AlertsManagementClient
# Acquire a credential object using CLI-based authentication.
credential = DefaultAzureCredential()
subscription_id = "a9dc7515-7692-4316-9ad4-762f383eec10"
# # 修改前:
# alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
# 修改后:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])
rules = alertClient.smart_detector_alert_rules.list()
for rule in rules:
    print("Rule Name: " + rule.name)

运行结果:

附录一:正确的 MonitorManagementClient 对象,来获取 metric_alerts 和 activity_log_alerts 获取Alert Rule代码

from azure.mgmt.monitor import MonitorManagementClient
from azure.identity import DefaultAzureCredential
from msrestazure.azure_cloud import AZURE_CHINA_CLOUD as CLOUD
import os
os.environ["SUBSCRIPTION_ID"] = "xxxxxxyour-subidxxxxxx"
os.environ["AZURE_TENANT_ID"] = "your tenant idxxxxx"
os.environ["AZURE_CLIENT_ID"]  = "client_id_sp"
os.environ["AZURE_CLIENT_SECRET"]  = "pw_sp"
subscription_id = os.environ["SUBSCRIPTION_ID"]
credential = DefaultAzureCredential(authority=CLOUD.endpoints.active_directory)
# create client
client1 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
#classic
my_alerts1 = client1.alert_rules.list_by_subscription()
for j in my_alerts1:
    print(j)
#log search alerts
client2 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
my_alerts2 = client2.scheduled_query_rules.list_by_subscription()
for j in my_alerts2:
    print(j)
#activity alerts
client3 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"],
    api_version="2017-04-01"
)
my_alerts3 = client3.activity_log_alerts.list_by_subscription_id()
for j in my_alerts3:
    print(j)
#metric alerts
client4 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
my_alerts4 = client4.metric_alerts.list_by_subscription()
for j in my_alerts4:
    print(j)

运行结果对比图:

 

 

参考资料

alertsmanagement Package https://docs.microsoft.com/en-us/python/api/azure-mgmt-alertsmanagement/azure.mgmt.alertsmanagement?view=azure-python

 

 

相关文章
|
25天前
|
开发工具 Android开发
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
279 11
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
|
5月前
|
API 开发工具 网络架构
【Azure Service Bus】使用Python SDK创建Service Bus Namespace资源(中国区)
本文介绍了如何使用Python SDK创建Azure Service Bus Namespace资源。首先,通过Microsoft Entra ID注册应用获取Client ID、Client Secret和Tenant ID,完成中国区Azure认证。接着,初始化ServiceBusManagementClient对象,并调用`begin_create_or_update`方法创建资源。
121 29
|
存储 人工智能 开发工具
AI助理化繁为简,速取代码参数——使用python SDK 处理OSS存储的图片
只需要通过向AI助理提问的方式输入您的需求,即可瞬间获得核心流程代码及参数,缩短学习路径、提升开发效率。
1694 5
AI助理化繁为简,速取代码参数——使用python SDK 处理OSS存储的图片
|
7月前
|
API 开发工具 Python
|
6月前
|
人工智能 API 开发工具
【AI大模型】使用Python调用DeepSeek的API,原来SDK是调用这个,绝对的一分钟上手和使用
本文详细介绍了如何使用Python调用DeepSeek的API,从申请API-Key到实现代码层对话,手把手教你快速上手。DeepSeek作为领先的AI大模型,提供免费体验机会,帮助开发者探索其语言生成能力。通过简单示例代码与自定义界面开发,展示了API的实际应用,让对接过程在一分钟内轻松完成,为项目开发带来更多可能。
|
8月前
|
API 开发工具 Python
【Azure Developer】编写Python SDK代码实现从China Azure中VM Disk中创建磁盘快照Snapshot
本文介绍如何使用Python SDK为中国区微软云(China Azure)中的虚拟机磁盘创建快照。通过Azure Python SDK的Snapshot Class,指定`location`和`creation_data`参数,使用`Copy`选项从现有磁盘创建快照。代码示例展示了如何配置Default Azure Credential,并设置特定于中国区Azure的`base_url`和`credential_scopes`。参考资料包括官方文档和相关API说明。
109 1
|
10月前
|
弹性计算 安全 开发工具
灵码评测-阿里云提供的ECS python3 sdk做安全组管理
批量变更阿里云ECS安全组策略(批量变更)
|
Kubernetes API 开发工具
【Azure Developer】通过SDK(for python)获取Azure服务生命周期信息
需要通过Python SDK获取Azure服务的一些通知信息,如:K8S版本需要更新到指定的版本,Azure服务的维护通知,服务处于不健康状态时的通知,及相关的操作建议等内容。
138 18
|
数据采集 开发工具 Python
海康威视工业相机SDK+Python+PyQt开发数据采集系统(支持软件触发、编码器触发)
该系统基于海康威视工业相机SDK,使用Python与PyQt开发,支持Gige与USB相机设备的搜索及双相机同时显示。系统提供软件触发与编码器触发模式,并可在数据采集过程中实时保存图像。此外,用户可以调节曝光时间和增益,并进行信息输入,这些信息将被保存至配置文件以便下次自动加载。参数调节与实时预览等功能进一步增强了系统的实用性。
1232 1
|
API 开发工具 网络架构
【Azure Developer】使用Python SDK去Azure Container Instance服务的Execute命令的疑问解释
【Azure Developer】使用Python SDK去Azure Container Instance服务的Execute命令的疑问解释
【Azure Developer】使用Python SDK去Azure Container Instance服务的Execute命令的疑问解释

热门文章

最新文章