问题描述

在使用Python SDK时候,登录到China Azure (Mooncake)并访问AlertsManagement资源时候,时常遇见  EnvironmentCredential: Authentication failed 的错误消息。

Python 代码:

from azure.identity import DefaultAzureCredential

from azure.mgmt.alertsmanagement import AlertsManagementClient

# Acquire a credential object using CLI-based authentication.

credential = DefaultAzureCredential()

subscription_id = "xxxx-xxxx-xxxx-xxxx-xxxx"

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

rules = alertClient.smart_detector_alert_rules.list()

for rule in rules:

    print("Rule Name: " + rule.name)

错误消息:

PS C:\LBWorkSpace\MyCode\46-alertrule-python> python getrule.py

DefaultAzureCredential failed to retrieve a token from the included credentials.

Attempted credentials:

        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10

Timestamp: 2022-01-27 12:09:35Z

To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

Traceback (most recent call last):

  File "C:\LBWorkSpace\MyCode\46-alertrule-python\getrule.py", line 15, in <module>

    for rule in rules:

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 129, in __next__

    return next(self._page_iterator)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 76, in __next__

    self._response = self._get_next(self.continuation_token)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 158, in send

    response = self.next.send(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 445, in send

    response = self.next.send(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 117, in send

    self.on_request(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 94, in on_request

    self._token = self._credential.get_token(*self._scopes)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\default.py", line 172, in get_token

    return super(DefaultAzureCredential, self).get_token(*scopes, **kwargs)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\chained.py", line 108, in get_token

    raise ClientAuthenticationError(message=message)

azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.

Attempted credentials:

        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10

Timestamp: 2022-01-27 12:09:35Z

To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

问题解决

从错误消息 https://management.azure.com 得知问题是由于 AlertsManagementClient 中使用的 Resource Principal 为默认值,并没有随着指定 base_url 而修改为

https://management.chinacloudapi.cn/ 。 可以通过在构造  AlertsManagementClient 对象时候,指定 credential_scopes 为 ["https://management.chinacloudapi.cn/.default"] 来缓解问题。

修改后的代码为:

# 修改前:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

# 修改后:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

PS: 当创建其他资源的Client对象,如果遇见相同的 Principal 问题,可以设定 credential_scopes 来解决问题。

完整可远行的代码为:

# Import the needed credential and management objects from the libraries.

from azure.identity import DefaultAzureCredential

from azure.mgmt.alertsmanagement import AlertsManagementClient

# Acquire a credential object using CLI-based authentication.

credential = DefaultAzureCredential()

subscription_id = "a9dc7515-7692-4316-9ad4-762f383eec10"

# # 修改前:

# alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

# 修改后:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

rules = alertClient.smart_detector_alert_rules.list()

for rule in rules:

    print("Rule Name: " + rule.name)

运行结果:

参考资料

alertsmanagement Package https://docs.microsoft.com/en-us/python/api/azure-mgmt-alertsmanagement/azure.mgmt.alertsmanagement?view=azure-python

 

【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法的更多相关文章

  1. 【Azure Developer】使用 Python SDK连接Azure Storage Account, 计算Blob大小代码示例

    问题描述 在微软云环境中,使用python SDK连接存储账号(Storage Account)需要计算Blob大小?虽然Azure提供了一个专用工具Azure Storage Explorer可以统 ...

  2. VS2012与VS2015同时安装用VS2012创建MFC程序时弹出编译错误”fatal error C1083: 无法打开包括文件:“mprapidef.h”: No such file or directory”的解决办法

    在WIndows 7操作系统上同时安装VS2012与VS2015并用VS2012创建MFC程序时弹出编译错误”fatal error C1083: 无法打开包括文件:“mprapidef.h”: No ...

  3. 【Azure 环境】【Azure Developer】使用Python代码获取Azure 中的资源的Metrics定义及数据

    问题描述 使用Python SDK来获取Azure上的各种资源的Metrics的名称以及Metrics Data的示例 问题解答 通过 azure-monitor-query ,可以创建一个 metr ...

  4. 【Azure Developer】【Python 】使用 azure.identity 和 azure.common.credentials 获取Azure AD的Access Token的两种方式

    问题描述 使用Python代码,展示如何从Azure AD 中获取目标资源的 Access Token. 如要了解如何从AAD中获取 client id,client secret,tenant id ...

  5. 【Azure Developer】使用Java SDK代码创建Azure VM (包含设置NSG,及添加数据磁盘SSD)

    在参考Azure官方文档进行VM创建时,发现其中没有包含如何设置NSG的内容,以及如何在创建时就添加数据磁盘的代码(设置磁盘为SSD类型).本文的内容以"使用 Java 创建和管理 Azur ...

  6. 全网最详细的启动或格式化zkfc时出现java.net.NoRouteToHostException: No route to host ... Will not attempt to authenticate using SASL (unknown error)错误的解决办法(图文详解)

    不多说,直接上干货! 全网最详细的启动zkfc进程时,出现INFO zookeeper.ClientCnxn: Opening socket connection to server***/192.1 ...

  7. kafka启动时出现FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) java.io.IOException: Permission denied错误解决办法(图文详解)

    首先,说明,我kafk的server.properties是 kafka的server.properties配置文件参考示范(图文详解)(多种方式) 问题详情 然后,我启动时,出现如下 [hadoop ...

  8. [经验总结] 在 windows 命令窗口中运行 python 脚本时提示 ModuleNotFoundError: No module named 'xxx'

    先给出的代码和目录结构 获取CPU代码如下: # -*- coding:utf-8 -*- ''' Created on Sep 10, 2018 @author: ''' import sys im ...

  9. 命令行执行python模块时提示ImportError: No module named xxx

    在pycharm中运行python文件没有问题,切换到cmd中是提示:ImportError: No module named xxx 原因: pycharm在运行时会把当前工程的所有文件夹路径都作为 ...

随机推荐

  1. 设计模式学习——JAVA动态代理原理分析

    一.JDK动态代理执行过程 上一篇我们讲了JDK动态代理的简单使用,今天我们就来研究一下它的原理. 首先我们回忆下上一篇的代码: public class Main { public static v ...

  2. 分布式系统(二)——GFS

    分布式存储系统的难点 在存储系统中,为了获得巨大的性能加成,一个很自然的想法就是采用分片(sharding),将数据分割存储到多台服务器上,这样获得了更大的存储容量,而且可以并行地从多台服务器读取数据 ...

  3. Linux_Vmtools的重安装与设置共享文件夹

    前置准备 已经安装了Linux的Vm虚拟机 2. 虚拟机上已经安装gcc 重装Vmtools Part1 用root账号登录Linux 弹出原来cd Vm菜单栏 - 虚拟机(M) - 重新安装VmWa ...

  4. Java初学者作业——定义一个计算器类, 实现计算器类中加、 减、 乘、 除的运算方法, 每个方法能够接收2个参数。

    返回本章节 返回作业目录 需求说明: 定义一个计算器类, 实现计算器类中加. 减. 乘. 除的运算方法, 每个方法能够接收2个参数. 实现思路: 定义计算器类. 定义计算器类中加.减.乘.除的方法. ...

  5. JS运行三部曲(预编译)

    JS运行的三个步骤: 语法分析 预编译 解释执行 语法分析:通俗来说就是通篇检查你的代码有没有语法错误,有语法错误的话,程序是不会执行的 解释执行:也就是程序读一句执行一句 最重点的也就是预编译了,那 ...

  6. 【】Hadoop生态圈介绍

    Technorati 标记: hadoop,生态圈,ecosystem,yarn,spark,入门 1. hadoop 生态概况 Hadoop是一个由Apache基金会所开发的分布式系统基础架构. 用 ...

  7. rocksdb代码解析-db.h

    总 这篇是对rocksdb整体功能的分析,主要着眼点是db.h文件,对rocksdb进行代码解析,若想以整体的方式了解其功能,首先就应该解析db.h文件.对于rocksdb的db.h文件来说,且不论前 ...

  8. 集合不安全之 ArrayList及其三种解决方案【CopyOnWriteArrayList 、synchronizedList、Vector 】

    @ 目录 一.前言 二.为什么线程不安全 三.解决方案一CopyOnWriteArrayList (推荐,读多写少场景) 四.Collections.synchronizedList(加锁) 五.Ve ...

  9. SpringBoot 之 静态资源路径、显示首页、错误页

    静态资源路径 静态资源支持放在以下路径中,访问优先级从上到下: classpath:/META-INF/resources/ classpath:/resources/ classpath:/stat ...

  10. nginx worker_cpu_affinity使用方法

    Nginx默认没有开启利用多核CPU,我们可以通过增加worker_cpu_affinity配置参数来充分利用多核CPU.CPU是任务处理,计算最关键的资源,CPU核越多,性能就越好. 配置Nginx ...