问题描述

在使用Python SDK时候,登录到China Azure (Mooncake)并访问AlertsManagement资源时候,时常遇见  EnvironmentCredential: Authentication failed 的错误消息。

Python 代码:

from azure.identity import DefaultAzureCredential

from azure.mgmt.alertsmanagement import AlertsManagementClient

# Acquire a credential object using CLI-based authentication.

credential = DefaultAzureCredential()

subscription_id = "xxxx-xxxx-xxxx-xxxx-xxxx"

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

rules = alertClient.smart_detector_alert_rules.list()

for rule in rules:

    print("Rule Name: " + rule.name)

错误消息:

PS C:\LBWorkSpace\MyCode\46-alertrule-python> python getrule.py

DefaultAzureCredential failed to retrieve a token from the included credentials.

Attempted credentials:

        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10

Timestamp: 2022-01-27 12:09:35Z

To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

Traceback (most recent call last):

  File "C:\LBWorkSpace\MyCode\46-alertrule-python\getrule.py", line 15, in <module>

    for rule in rules:

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 129, in __next__

    return next(self._page_iterator)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\paging.py", line 76, in __next__

    self._response = self._get_next(self.continuation_token)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_redirect.py", line 158, in send

    response = self.next.send(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_retry.py", line 445, in send

    response = self.next.send(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 117, in send

    self.on_request(request)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\core\pipeline\policies\_authentication.py", line 94, in on_request

    self._token = self._credential.get_token(*self._scopes)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\default.py", line 172, in get_token

    return super(DefaultAzureCredential, self).get_token(*scopes, **kwargs)

  File "C:\Users\bulu\AppData\Local\Programs\Python\Python310\lib\site-packages\azure\identity\_credentials\chained.py", line 108, in get_token

    raise ClientAuthenticationError(message=message)

azure.core.exceptions.ClientAuthenticationError: DefaultAzureCredential failed to retrieve a token from the included credentials.

Attempted credentials:

        EnvironmentCredential: Authentication failed: AADSTS500011: The resource principal named https://management.azure.com was not found in the tenant named xxxx Mooncake. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Trace ID: xxxxxxxx-xxxx-xxxx-xxxx-9e130dbf7900

Correlation ID: xxxxxxxx-xxxx-xxxx-xxxx-46769c9e1e10

Timestamp: 2022-01-27 12:09:35Z

To mitigate this issue, please refer to the troubleshooting guidelines here at https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot.

问题解决

从错误消息 https://management.azure.com 得知问题是由于 AlertsManagementClient 中使用的 Resource Principal 为默认值,并没有随着指定 base_url 而修改为

https://management.chinacloudapi.cn/ 。 可以通过在构造  AlertsManagementClient 对象时候,指定 credential_scopes 为 ["https://management.chinacloudapi.cn/.default"] 来缓解问题。

修改后的代码为:

# 修改前:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

# 修改后:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

PS: 当创建其他资源的Client对象,如果遇见相同的 Principal 问题,可以设定 credential_scopes 来解决问题。

完整可远行的代码为:

# Import the needed credential and management objects from the libraries.

from azure.identity import DefaultAzureCredential

from azure.mgmt.alertsmanagement import AlertsManagementClient

# Acquire a credential object using CLI-based authentication.

credential = DefaultAzureCredential()

subscription_id = "a9dc7515-7692-4316-9ad4-762f383eec10"

# # 修改前:

# alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/")

# 修改后:

alertClient = AlertsManagementClient(credential,subscription_id,base_url="https://management.chinacloudapi.cn/",credential_scopes=["https://management.chinacloudapi.cn/.default"])

rules = alertClient.smart_detector_alert_rules.list()

for rule in rules:

    print("Rule Name: " + rule.name)

运行结果:

参考资料

alertsmanagement Package https://docs.microsoft.com/en-us/python/api/azure-mgmt-alertsmanagement/azure.mgmt.alertsmanagement?view=azure-python

 

【Azure Developer】使用 Azure Python SDK时,遇见 The resource principal named https://management.azure.com was not found in the tenant China Azure问题的解决办法的更多相关文章

  1. 【Azure Developer】使用 Python SDK连接Azure Storage Account, 计算Blob大小代码示例

    问题描述 在微软云环境中,使用python SDK连接存储账号(Storage Account)需要计算Blob大小?虽然Azure提供了一个专用工具Azure Storage Explorer可以统 ...

  2. VS2012与VS2015同时安装用VS2012创建MFC程序时弹出编译错误”fatal error C1083: 无法打开包括文件:“mprapidef.h”: No such file or directory”的解决办法

    在WIndows 7操作系统上同时安装VS2012与VS2015并用VS2012创建MFC程序时弹出编译错误”fatal error C1083: 无法打开包括文件:“mprapidef.h”: No ...

  3. 【Azure 环境】【Azure Developer】使用Python代码获取Azure 中的资源的Metrics定义及数据

    问题描述 使用Python SDK来获取Azure上的各种资源的Metrics的名称以及Metrics Data的示例 问题解答 通过 azure-monitor-query ,可以创建一个 metr ...

  4. 【Azure Developer】【Python 】使用 azure.identity 和 azure.common.credentials 获取Azure AD的Access Token的两种方式

    问题描述 使用Python代码,展示如何从Azure AD 中获取目标资源的 Access Token. 如要了解如何从AAD中获取 client id,client secret,tenant id ...

  5. 【Azure Developer】使用Java SDK代码创建Azure VM (包含设置NSG,及添加数据磁盘SSD)

    在参考Azure官方文档进行VM创建时,发现其中没有包含如何设置NSG的内容,以及如何在创建时就添加数据磁盘的代码(设置磁盘为SSD类型).本文的内容以"使用 Java 创建和管理 Azur ...

  6. 全网最详细的启动或格式化zkfc时出现java.net.NoRouteToHostException: No route to host ... Will not attempt to authenticate using SASL (unknown error)错误的解决办法(图文详解)

    不多说,直接上干货! 全网最详细的启动zkfc进程时,出现INFO zookeeper.ClientCnxn: Opening socket connection to server***/192.1 ...

  7. kafka启动时出现FATAL Fatal error during KafkaServer startup. Prepare to shutdown (kafka.server.KafkaServer) java.io.IOException: Permission denied错误解决办法(图文详解)

    首先,说明,我kafk的server.properties是 kafka的server.properties配置文件参考示范(图文详解)(多种方式) 问题详情 然后,我启动时,出现如下 [hadoop ...

  8. [经验总结] 在 windows 命令窗口中运行 python 脚本时提示 ModuleNotFoundError: No module named 'xxx'

    先给出的代码和目录结构 获取CPU代码如下: # -*- coding:utf-8 -*- ''' Created on Sep 10, 2018 @author: ''' import sys im ...

  9. 命令行执行python模块时提示ImportError: No module named xxx

    在pycharm中运行python文件没有问题,切换到cmd中是提示:ImportError: No module named xxx 原因: pycharm在运行时会把当前工程的所有文件夹路径都作为 ...

随机推荐

  1. 【Android开发】问答机器人,聊天类App的开发制作过程记录

    缘起 很久没写项目了,所以单纯的想练练手,正好看到有问答机器人的接口,想到之前也做过聊天项目,为什么不实验一下呢.当然也是简单调用接口的项目,并没有真正的完成问答的算法等等.业余项目,功能不齐全,只实 ...

  2. Elasticsearch核心技术(五):搜索API和搜索运行机制

    本文将从数据存储和搜索的角度简单分析Elasticsearch的搜索运行机制,主要涉及搜索API.搜索机制.存在问题和解决方案. 4.1 Search API Search API允许用户执行一个搜索 ...

  3. ImageNet2017文件下载

    ImageNet2017文件下载 文件说明 imagenet_object_localization.tar.gz包含训练集和验证集的图像数据和地面实况,以及测试集的图像数据. 图像注释以PASCAL ...

  4. [数据结构]链表LinkList

    目录 1.3 链表 1.3.1 头插法建立单链表 1.3.2 限制链表长度建立单链表 1.3.3 尾插法建立单链表 1.3.4 按序号查找单链表 1.3.5 按值查找单链表 1.3.6 链表的插入 1 ...

  5. [opencv]常用阵列操作函数总结

    /*=========================================================================*/ // 阵列操作 /*============ ...

  6. 按需引入element-ui报错

    按需引入element-ui报错 项目用的脚手架是 vue-cli 3 按照官方文档按需引入组件: https://element.eleme.cn/#/zh-CN/component/quickst ...

  7. Oracle中的基本数据类型

    一.Oracle 基本数据类型 1.字符数据类型 CHAR:存储固定长度的字符串,如果没有指定长度,默认为1个字节,如果数据长度没有达到指定的长度,则通过填充空格的方式来使其达到定义的长度(CHAR类 ...

  8. PostgreSQL相关知识概念

    本文主要介绍PostgreSQL数据库的一些重要知识点, 包括数据库.模式.表空间.用户/角色等概念和关系, 帮助用户理解PostgreSQL数据库的重要概念, 从而能够更好的使用PostgreSQL ...

  9. elasticsearch之警惕inner hits的性能问题

    一.inner hits简介 elasticsearch提供了nested数据类型来处理主子文档的问题,可以解决子文档字段被分裂平铺导致字段之间失去了整体的关联性: elasticsearch提供的i ...

  10. Ubuntu18.04编译Fuchsia

    编译环境 系统:Ubuntu 18.04.1 LTS 64-bit 内存:8 GiB CPU:Intel Core i5-4200M CPU @ 2.50GHz × 4 1.安装编译环境 sudo a ...