个人中心
gpt4 book ai didi

azure - "User Assigned Managed Identity"可以在本地使用吗?

转载 作者:行者123 更新时间:2023-12-02 05:53:00 24 4
gpt4 key购买 nike

我正在尝试使用 User Assigned Managed Identity在我们的一个应用程序中。我还阅读了 System Assigned Managed Identity and User Assigned Managed Identity 之间的差异.

我很清楚,系统分配的托管身份不能在本地使用,因为您要将身份分配给 Azure 资源。

但是我不清楚用户分配的托管身份是否可以在本地使用。我唯一能找到的是以下内容:

enter image description here

在我的场景中,我想从 Azure Key Vault 读取一些 secret 。我创建了一个用户分配的托管身份,并在 Key Vault 上配置了访问策略,以向该身份授予必要的权限。考虑到我正在使用此身份访问 Azure Key Vault(这是一种 Azure 资源),我的期望是,无论我的代码在何处运行(使用 JetBrains Rider 作为我的 IDE),它都应该可以工作。

但是当我尝试做类似的事情时:

var managedIdentityCredential = new ManagedIdentityCredential("managed-identity-id");
SecretClient secretClient = new(new Uri("https://mykeyvault.vault.azure.net/"), managedIdentityCredential);
KeyVaultSecret secret = await secretClient.GetSecretAsync(key);

我收到 Azure.Identity.CredentialUnavailableExceptionManagedIdentityCredential 身份验证不可用。当我在本地运行代码时,找不到托管身份端点错误消息:

Azure.Identity.CredentialUnavailableException: ManagedIdentityCredential authentication unavailable. No Managed Identity endpoint found.
   at Azure.Identity.ManagedIdentityClient.AuthenticateAsync(Boolean async, TokenRequestContext context, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.CredentialDiagnosticScope.FailWrapAndThrow(Exception ex)
   at Azure.Identity.ManagedIdentityCredential.GetTokenImplAsync(Boolean async, TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Identity.ManagedIdentityCredential.GetTokenAsync(TokenRequestContext requestContext, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.AuthenticateRequestAsync(HttpMessage message, Boolean async, AuthenticationChallenge challenge)
   at Azure.Security.KeyVault.ChallengeBasedAuthenticationPolicy.ProcessCoreAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.RetryPolicy.ProcessAsync(HttpMessage message, ReadOnlyMemory`1 pipeline, Boolean async)
   at Azure.Core.Pipeline.HttpPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync(Request request, CancellationToken cancellationToken)
   at Azure.Security.KeyVault.KeyVaultPipeline.SendRequestAsync[TResult](RequestMethod method, Func`1 resultFactory, CancellationToken cancellationToken, String[] path)
   at Azure.Security.KeyVault.Certificates.CertificateClient.GetCertificateAsync(String certificateName, CancellationToken cancellationToken)

对此的任何见解都将受到高度赞赏。

最佳答案

没有。本地环境中的 ManagedIdentityCredential 也不支持用户管理身份。

您应该使用DefaultAzureCredential使代码在本地环境中运行。

请参阅注释提示 here .

Note

The ManagedIdentityCredential works only in Azure environments ofservices that support managed identity authentication. It doesn't workin the local environment. Use DefaultAzureCredential for the codeto work in both local and Azure environments as it will fall back to afew authentication options including managed identity.

In case you want to use a user-asigned managed identity with theDefaultAzureCredential when deployed to Azure, specify theclientId.

关于azure - "User Assigned Managed Identity"可以在本地使用吗?,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/67845857/

24 4 0
文章推荐: Azure 数据工厂 : how to get new file location from @triggerBody(). 文件夹路径没有容器名称?
文章推荐: sql - 为什么(以及如何)使用master..spt_values拆分列?
文章推荐: c# - 什么是使用 Azurite 作为运行时存储帐户 (AzureWebJobsStorage)?
文章推荐: azure - Azcopy:使用 Azcopy 10 将文件复制到 Azure 文件共享
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com