开发者社区 开发与运维 文章 正文

【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法

2024-08-24 190
版权
版权声明:
本文内容由阿里云实名注册用户自发贡献,版权归原作者所有,阿里云开发者社区不拥有其著作权,亦不承担相应法律责任。具体规则请查看《 阿里云开发者社区用户服务协议》和 《阿里云开发者社区知识产权保护指引》。如果您发现本社区中有涉嫌抄袭的内容,填写 侵权投诉表单进行举报,一经查实,本社区将立刻删除涉嫌侵权内容。
简介: 【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法

问题描述

在使用Python SDK时候,登录到China Azure (Mooncake)并访问AlertsManagement资源时候,时常遇见  EnvironmentCredential: Authentication failed 的错误消息。

Python 代码:

from azure.identity import DefaultAzureCredential
from azure.mgmt.alertsmanagement import AlertsManagementClient
# Acquire a credential object using CLI-based authentication.
credential = DefaultAzureCredential()
subscription_id = "xxxx-xxxx-xxxx-xxxx-xxxx"
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
rules = alertClient.smart_detector_alert_rules.list()
for rule in rules:
    print("Rule Name: " + rule.name)

错误消息:

PS C:\LBWorkSpace\MyCode\46-alertrule-python> python getrule.py
DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900
Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10
Timestamp: 2022-01-27 12:09:35Z
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.
Traceback (most recent call last):
  File "C:\LBWorkSpace\MyCode\46-alertrule-python\getrule.py", line 15, in <module>
    for rule in rules:
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 129, in __next__
    return next(self._page_iterator)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 76, in __next__
    self._response = self._get_next(self.continuation_token)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 158, in send
    response = self.next.send(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 445, in send
    response = self.next.send(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 117, in send
    self.on_request(request)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 94, in on_request
    self._token = self._credential.get_token(*self._scopes)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\default.py", line 172, in get_token
    return super(DefaultAzureCredential, self).get_token(*scopes, **kwargs)
  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\chained.py", line 108, in get_token
    raise ClientAuthenticationError(message=message)
azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.
Attempted credentials:
        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.
Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900
Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10
Timestamp: 2022-01-27 12:09:35Z
To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

问题解决

从错误消息 https://management.azure.com 得知问题是由于 AlertsManagementClient 中使用的 Resource Principal 为默认值,并没有随着指定 base_url 而修改为

https://management.chinacloudapi.cn/ 。 可以通过在构造  AlertsManagementClient 对象时候,指定 credential_scopes 为 ["https://management.chinacloudapi.cn/.default"] 来缓解问题。

修改后的代码为:

# 修改前:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
# 修改后:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

PS: 当创建其他资源的Client对象,如果遇见相同的 Principal 问题,可以设定 credential_scopes 来解决问题。

完整可远行的代码为:

# Import the needed credential and management objects from the libraries.
from azure.identity import DefaultAzureCredential
from azure.mgmt.alertsmanagement import AlertsManagementClient
# Acquire a credential object using CLI-based authentication.
credential = DefaultAzureCredential()
subscription_id = "a9dc7515-7692-4316-9ad4-762f383eec10"
# # 修改前:
# alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")
# 修改后:
alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])
rules = alertClient.smart_detector_alert_rules.list()
for rule in rules:
    print("Rule Name: " + rule.name)

运行结果:

附录一:正确的 MonitorManagementClient 对象,来获取 metric_alerts 和 activity_log_alerts 获取Alert Rule代码

from azure.mgmt.monitor import MonitorManagementClient
from azure.identity import DefaultAzureCredential
from msrestazure.azure_cloud import AZURE_CHINA_CLOUD as CLOUD
import os
os.environ["SUBSCRIPTION_ID"] = "xxxxxxyour-subidxxxxxx"
os.environ["AZURE_TENANT_ID"] = "your tenant idxxxxx"
os.environ["AZURE_CLIENT_ID"]  = "client_id_sp"
os.environ["AZURE_CLIENT_SECRET"]  = "pw_sp"
subscription_id = os.environ["SUBSCRIPTION_ID"]
credential = DefaultAzureCredential(authority=CLOUD.endpoints.active_directory)
# create client
client1 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
#classic
my_alerts1 = client1.alert_rules.list_by_subscription()
for j in my_alerts1:
    print(j)
#log search alerts
client2 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
my_alerts2 = client2.scheduled_query_rules.list_by_subscription()
for j in my_alerts2:
    print(j)
#activity alerts
client3 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"],
    api_version="2017-04-01"
)
my_alerts3 = client3.activity_log_alerts.list_by_subscription_id()
for j in my_alerts3:
    print(j)
#metric alerts
client4 = MonitorManagementClient(
    credential,
    subscription_id,
    base_url=CLOUD.endpoints.resource_manager,
    credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"]
)
my_alerts4 = client4.metric_alerts.list_by_subscription()
for j in my_alerts4:
    print(j)

运行结果对比图:

 

 

参考资料

alertsmanagement Package https://docs.microsoft.com/en-us/python/api/azure-mgmt-alertsmanagement/azure.mgmt.alertsmanagement?view=azure-python

 

 

文章标签:
Python
开发工具
API
关键词:
Python sdk
python音视频终端 SDK
azure Python
Python https
azure音视频终端 SDK
路边两盏灯
目录
相关文章
路边两盏灯
|
11月前
|
SQL 自然语言处理 数据库
【Azure Developer】分享两段Python代码处理表格(CSV格式)数据 : 根据每列的内容生成SQL语句
本文介绍了使用Python Pandas处理数据收集任务中格式不统一的问题。针对两种情况:服务名对应多人拥有状态(1/0表示),以及服务名与人名重复列的情况,分别采用双层for循环和字典数据结构实现数据转换,最终生成Name对应的Services列表(逗号分隔)。此方法高效解决大量数据的人工处理难题,减少错误并提升效率。文中附带代码示例及执行结果截图,便于理解和实践。
路边两盏灯
288 4
路边两盏灯
|
6月前
|
JavaScript 前端开发 机器人
【Azure Bot Service】在中国区Azure上部署机器人的 Python 版配置
本文介绍了在中国区Azure上使用Python SDK配置Azure Bot Service时遇到的问题及解决方案,涵盖参数设置与适配器配置,适用于希望在Azure中国区部署Python机器人的开发者。
路边两盏灯
183 6
路边两盏灯
|
9月前
|
API 开发工具 网络架构
【Azure Service Bus】使用Python SDK创建Service Bus Namespace资源(中国区)
本文介绍了如何使用Python SDK创建Azure Service Bus Namespace资源。首先,通过Microsoft Entra ID注册应用获取Client ID、Client Secret和Tenant ID,完成中国区Azure认证。接着,初始化ServiceBusManagementClient对象,并调用`begin_create_or_update`方法创建资源。
路边两盏灯
204 29
小白学大数据
|
7月前
|
数据采集 Web App开发 iOS开发
解决Python爬虫访问HTTPS资源时Cookie超时问题
解决Python爬虫访问HTTPS资源时Cookie超时问题
小白学大数据
380 0
路边两盏灯
|
10月前
|
存储 监控 API
【Azure App Service】分享使用Python Code获取App Service的服务器日志记录管理配置信息
本文介绍了如何通过Python代码获取App Service中“Web服务器日志记录”的配置状态。借助`azure-mgmt-web` SDK,可通过初始化`WebSiteManagementClient`对象、调用`get_configuration`方法来查看`http_logging_enabled`的值,从而判断日志记录是否启用及存储方式(关闭、存储或文件系统)。示例代码详细展示了实现步骤,并附有执行结果与官方文档参考链接,帮助开发者快速定位和解决问题。
路边两盏灯
299 22
路边两盏灯
|
11月前
|
API 开发工具 Python
【Azure Service Bus】分享使用 Python Service Bus SDK 输出SDK内操作日志
使用 Python Service Bus SDK 输出SDK内操作日志
路边两盏灯
355 26
路边两盏灯
|
12月前
|
API 开发工具 Python
【Azure Developer】编写Python SDK代码实现从China Azure中VM Disk中创建磁盘快照Snapshot
本文介绍如何使用Python SDK为中国区微软云(China Azure)中的虚拟机磁盘创建快照。通过Azure Python SDK的Snapshot Class,指定`location`和`creation_data`参数,使用`Copy`选项从现有磁盘创建快照。代码示例展示了如何配置Default Azure Credential,并设置特定于中国区Azure的`base_url`和`credential_scopes`。参考资料包括官方文档和相关API说明。
路边两盏灯
218 1
路边两盏灯
|
JavaScript API C#
【Azure Developer】Python代码调用Graph API将外部用户添加到组,结果无效,也无错误信息
根据Graph API文档,在单个请求中将多个成员添加到组时,Python代码示例中的`members@odata.bind`被错误写为`members@odata_bind`,导致用户未成功添加。
路边两盏灯
181 10
卓伊凡
|
5月前
|
开发工具 Android开发
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
卓伊凡
666 11
X Android SDK file not found: adb.安卓开发常见问题-Android SDK 缺少 `adb`(Android Debug Bridge)-优雅草卓伊凡
卓伊凡
|
前端开发 Java Shell
【08】flutter完成屏幕适配-重建Android,增加GetX路由,屏幕适配,基础导航栏-多版本SDK以及gradle造成的关于fvm的使用(flutter version manage)-卓伊凡换人优雅草Alex-开发完整的社交APP-前端客户端开发+数据联调|以优雅草商业项目为例做开发-flutter开发-全流程-商业应用级实战开发-优雅草Alex
【08】flutter完成屏幕适配-重建Android,增加GetX路由,屏幕适配,基础导航栏-多版本SDK以及gradle造成的关于fvm的使用(flutter version manage)-卓伊凡换人优雅草Alex-开发完整的社交APP-前端客户端开发+数据联调|以优雅草商业项目为例做开发-flutter开发-全流程-商业应用级实战开发-优雅草Alex
卓伊凡
811 20
【08】flutter完成屏幕适配-重建Android,增加GetX路由,屏幕适配,基础导航栏-多版本SDK以及gradle造成的关于fvm的使用(flutter version manage)-卓伊凡换人优雅草Alex-开发完整的社交APP-前端客户端开发+数据联调|以优雅草商业项目为例做开发-flutter开发-全流程-商业应用级实战开发-优雅草Alex

热门文章

最新文章

  • 1
    如何使用Tunnel SDK上传/下载MaxCompute复杂类型数据
  • 2
    oss php sdk+laravel搭建图片处理静态网站
  • 3
    视频直播Android推流SDK初体验
  • 4
    Appium 移动端自动化 - Android SDK连接安卓手机,adb连接一加8手机USB调试实例演示,连接一加8手机不显示USB调试选项问题排查
  • 5
    Android 讯飞离线语音听写/离线语音识别SDK
  • 6
    Sentry-Go SDK 中文实践指南(二)
  • 7
    阿里云视觉智能开放平台(VIAPI)人脸属性识别Java SDK使用说明
  • 8
    使用vite打包libary模式打包sdk
  • 9
    手工编译Flex SDK 3.4的多国语言包
  • 10
    Android使用百度地图SDK获得当前设备位置所在的省、市
  • 1
    在GitLab CI中同步HTTPS仓库地址的yaml配置
    227
  • 2
    Dify部署全栈指南:AI从Ubuntu配置到HTTPS自动化的10倍秘籍
    1180
  • 3
    为什么经过IPSec隧道后HTTPS会访问不通?一次隧道环境下的实战分析
    491
  • 4
    识别这些API接口定义(http,https,api,RPC,webservice,Restful api ,OpenAPI)
    4244
  • 5
    求助!怎么上传第三方HTTPS证书?为什么我上传lets encrypt的证书显示私钥格式异常?
    148
  • 6
    HTTPS 的「秘钥交换 + 证书校验」全流程
    743
  • 7
    解决Python爬虫访问HTTPS资源时Cookie超时问题
    380
  • 8
    https 的加密过程
    2077
  • 9
    如何将Cloudflare HTTPS的SSL证书更换为Google签发的
    518
  • 10
    解决 git 报错 “fatal: unable to access ‘https://github.com/.../.git‘: Recv failure Connection was rese
    5413

    • 相关课程

    更多
  • Python Web开发基础
  • Python开发基础入门
  • Python常用数据科学库
  • Python网络爬虫实战
  • Python完全自学手册图文教程
  • Python基础快速入门实战教程

    • 相关电子书

    更多
  • From Python Scikit-Learn to Sc
  • Data Pre-Processing in Python:
  • 双剑合璧-Python和大数据计算平台的结合

    • 推荐镜像

    更多
  • python-release
    • 下一篇
    第五届伏魔挑战赛如约来袭,诚邀各路高手来战!