有没有办法获得如下凭据:
通过他们提供的python脚本和API? 我需要在VM上运行的脚本获取公共IP地址
from azure.mgmt.network import NetworkManagementClient
from azure.common.credentials import ServicePrincipalCredentials
import sys
resource_group_name = sys.argv[1]
public_ip_name = sys.argv[2]
client_id = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
client_secret = 'XXX/XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
tenant_id = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
subscription_id = 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'
credentials = ServicePrincipalCredentials(client_id=client_id,secret=client_secret,tenant=tenant_id)
network_client = NetworkManagementClient(credentials, subscription_id)
result_get = network_client.public_ip_addresses.get(resource_group_name, public_ip_name, )
print result_get.ip_address
现在我将资源组名称和公共IP名称作为参数传递,但也需要自动化
答案 0 :(得分:0)
对于前四个,您应该在VM上启用MSI,它将是自动的:
资源组名称和PublicIP名称将特定于您的应用程序。您可以使用带有MSI身份验证的“azure-mgmt-resource”获取所有现有资源组的列表,然后使用带有MSI身份验证的“azure-mgmt-network”获取所有PublicIP的列表。如果列出它们是可能的,那么是的,您根本不需要任何参数。
答案 1 :(得分:0)
好的我启用了MSI
做到了这个:
from azure.mgmt.network import NetworkManagementClient
from azure.common.credentials import ServicePrincipalCredentials
from azure.common.credentials import get_azure_cli_credentials
from azure.common.cloud import get_cli_active_cloud
import sys
#Script takes two arguments resource_group_name and public_ip_name and returns public IP of VM
def _get_azure_cli_credentials():
credentials, subscription_id = get_azure_cli_credentials()
cloud_environment = get_cli_active_cloud()
cli_credentials = {
'credentials': credentials,
'subscription_id': subscription_id,
'cloud_environment': cloud_environment
}
#print credentials
#print subscription_id
print cloud_environment
print cli_credentials
有了它,我明白了:
{'endpoints': {'active_directory': 'https://login.microsoftonline.com',
'active_directory_data_lake_resource_id': 'https://datalake.azure.net/',
'active_directory_graph_resource_id': 'https://graph.windows.net/',
'active_directory_resource_id': 'https://management.core.windows.net/',
'batch_resource_id': 'https://batch.core.windows.net/',
'gallery': 'https://gallery.azure.com/',
'management': 'https://management.core.windows.net/',
'resource_manager': 'https://management.azure.com/',
'sql_management': 'https://management.core.windows.net:8443/',
'vm_image_alias_doc': 'https://raw.githubusercontent.com/Azure/azure-rest-api-specs/master/arm-compute/quickstart-templates/aliases.json'},
'is_active': True,
'name': 'AzureCloud',
'profile': 'latest',
'suffixes': {'azure_datalake_analytics_catalog_and_job_endpoint': 'azuredatalakeanalytics.net',
'azure_datalake_store_file_system_endpoint': 'azuredatalakestore.net',
'keyvault_dns': '.vault.azure.net',
'sql_server_hostname': '.database.windows.net',
'storage_endpoint': 'core.windows.net'}}
{'credentials': <azure.cli.core.adal_authentication.AdalAuthentication object at 0x7f54884bac10>, 'subscription_id': 'XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX', 'cloud_environment': <azure.cli.core.cloud.Cloud object at 0x7f54884ba410>}
subscription_id匹配我暂时硬编码的那个,但我应该在哪里搜索其余的?
我也试过这个:
from subprocess import call
import os
import subprocess
import requests
A=subprocess.Popen("curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F' -H Metadata:true", shell=True, stdout=subprocess.PIPE).stdout.read()
print "Printing A..."
print A
B=A.split(",")
C=B[0].split("\",\"")
D=C[0].split("\":\"")
token=D[1][0:len(D[1])-1]
print token
C=B[1].split("\",\"")
D=C[0].split("\":\"")
client_id=D[1][0:len(D[1])-1]
print client_id
它会返回huuge标记和一些client_id,但它不匹配
最后我尝试了CLI 2.0
az account list
返回&#34; id&#34;匹配硬编码的subscription_id和&#34; tenantId&#34;匹配硬编码的tenant_id