问题描述
我正在尝试使用系统分配的Azure批管理身份访问Azure Key Vault。我在网上找到了一些代码,但是我不知道这是否可行,或者唯一的途径是证书路径。我已经为批次帐户启用了托管身份,并将其添加到密钥库中。但是,当我尝试从批处理池中的python sdk获取托管身份时,它将失败,并且无法与密钥库建立连接。
我尝试使用旧的azure-keyvault软件包(版本1.1.0)和较新的版本4.0。
这使用的是较旧的密钥库软件包,该软件包给出了HTTPRequest错误:
from azure.keyvault import keyvaultClient
from msrestazure.azure_active_directory import MSIAuthentication
credentials = MSIAuthentication(resource='https://vault.azure.net')
kvclient = keyvaultClient(credentials)
res = kvclient.get_secret("https://kv.vault.azure.net/","secret","").value
对于较新的azure keyvault软件包,我使用了以下方法:
import os
import cmd
from azure.keyvault.secrets import SecretClient
from azure.identity import ManagedIdentityCredential
keyvaultName = "kv"
KVUri = f"https://{keyvaultName}.vault.azure.net"
credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri,credential=credential)
secretName = "secret"
retrieved_secret = client.get_secret(secretName)
,但找不到ManagedIdentityCredential。这是错误的一部分:
SharedTokenCacheCredential.get_token Failed: Shared token cache unavailable
VisualStudioCodeCredential.get_token Failed: Failed to get Azure user details from Visual Studio Code.
AzureCliCredential.get_token Failed: Please run 'az login' to set up an account
DefaultAzureCredential Failed to retrieve a token from the included credentials.
Attempted credentials:
EnvironmentCredential: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.
ManagedIdentityCredential: ManagedIdentityCredential authentication unavailable. No identity has been assigned to this resource.
SharedTokenCacheCredential: Shared token cache unavailable
VisualStudioCodeCredential: Failed to get Azure user details from Visual Studio Code.
AzureCliCredential: Please run 'az login' to set up an account
Traceback (most recent call last):
File "<stdin>",line 1,in <module>
解决方法
当前不支持此方案。请阅读documentation,了解有关此功能的信息以及在文档底部解决该问题的特定常见问题解答项目。
另请参阅UserVoice request。