应用程序功能:进行身份验证以获取工作空间?

时间:2020-08-20 19:37:24

标签: azure-functions

在azure函数应用中,当我执行 ws = Workspace.get(name = ...,subscription_id = ...,resource_group = ...)时,我收到消息“无法加载或解析文件/home/.azure/azureProfile.json。它将被默认设置覆盖。”,然后是“执行交互式身份验证。请按照终端上的说明...,我必须输入代码在新的浏览器窗口中,我也尝试使用此方法来强制进行身份验证: auth = InteractiveLoginAuthentication(tenant_id。”) ws = Workspace.get(name = ...,subscription_id = ...,resource_group = ...,auth = auth) 但这不是更好。 有人知道如何正确处理身份验证吗?

感谢您的帮助。

1 个答案:

答案 0 :(得分:0)

Azure功能不是交互式服务。因此,我们无法使用InteractiveLoginAuthentication完成身份验证。我建议您使用服务主体身份验证或MSI身份验证来完成身份验证

  • 服务主体身份验证
  1. 创建服务主体
az ad sp create-for-rbac --sdk-auth --name <app name> --skip-assignment

enter image description here

  1. 获取sp的对象ID 
az ad sp show --id <the sp clientId> --query objectId

enter image description here

  1. 允许SP访问您的Azure Machine Learning工作区
az extension add -n azure-cli-ml
az ml workspace share -w your-workspace-name -g your-resource-group-name --user your-sp-object-id --role owner
  1. 代码
import logging
import azure.functions as func
from azureml.core.authentication import ServicePrincipalAuthentication
from azureml.core.workspace import Workspace

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    tenant_id="72f98****d011db47" # tenantID
    service_principal_id="8e23844****3278" # clientId
    service_principal_password="G4YUf9****ZXK-a3npU" # clientSecret
    subscription_id = "b83c1****b83a074c23f"
    resource_group = "v-wenxu-chinacxp"
    workspace_name="test"
    sp = ServicePrincipalAuthentication(tenant_id=tenant_id, # tenantID
                                        service_principal_id=service_principal_id, # clientId
                                        service_principal_password=service_principal_password) # clientSecret

    ws =Workspace.get(name=workspace_name, resource_group=resource_group, subscription_id=subscription_id, auth=sp)
    
    return func.HttpResponse(ws.location)
  • MSI身份验证

  1. Enable MSI for Azure function

    1. 允许MSI访问您的Azure Machine Learning工作区
az extension add -n azure-cli-ml
az ml workspace share -w your-workspace-name -g your-resource-group-name --user your-MSI-object-id --role owner
  1. 代码
import logging
import azure.functions as func
from azureml.core.workspace import Workspace
from azureml.core.authentication import MsiAuthentication

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    
    subscription_id = "b83c1****b83a074c23f"
    resource_group = "v-wenxu-chinacxp"
    workspace_name="test"
    msi_auth=MsiAuthentication()

    ws =Workspace.get(name=workspace_name, resource_group=resource_group, subscription_id=subscription_id, auth=msi_auth)
    
    return func.HttpResponse(ws.location)

有关更多详细信息,请参阅herehere

相关问题
最新问题