gpt4 book ai didi

python - 从 Azure 函数获取托管身份访问 token 时出错

转载 作者:行者123 更新时间:2023-12-02 23:16:50 26 4
gpt4 key购买 nike

我在从 Function App 检索 Azure 托管标识访问 token 时遇到问题。该函数获取一个 token ,然后使用该 token 作为密码访问 Mysql 数据库。

我从函数中得到了这个响应:

9103 (HY000):验证访问 token 时发生错误。请获取新 token 并重试。

代码:

import logging
import mysql.connector
import requests
import azure.functions as func


def main(req: func.HttpRequest) -> func.HttpResponse:

def get_access_token():

URL = "http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=<client_id>"
headers = {"Metadata":"true"}

try:
req = requests.get(URL, headers=headers)
except Exception as e:
print(str(e))
return str(e)
else:
password = req.json()["access_token"]

return password

def get_mysql_connection(password):
"""
Get a Mysql Connection.
"""
try:
con = mysql.connector.connect(

host='<host>.mysql.database.azure.com',
user='<user>@<db>',
password=password,
database = 'materials_db',
auth_plugin='mysql_clear_password'
)
except Exception as e:

print(str(e))
return str(e)

else:
return "Connected to DB!"

password = get_access_token()

return func.HttpResponse(get_mysql_connection(password))

使用我的托管身份在虚拟机上运行此代码的修改版本是可行的。似乎不允许功能应用程序获取访问 token 。任何帮助将不胜感激。

注意:我之前已以 AzureAD 管理员身份登录到数据库,并创建了具有该数据库所有权限的用户。

编辑:不再调用虚拟机端点。

def get_access_token():

identity_endpoint = os.environ["IDENTITY_ENDPOINT"] # Env var provided by Azure. Local to service doing the requesting.
identity_header = os.environ["IDENTITY_HEADER"] # Env var provided by Azure. Local to service doing the requesting.
api_version = "2019-08-01" # "2018-02-01" #"2019-03-01" #"2019-08-01"
CLIENT_ID = "<client_id>"
resource_requested = "https%3A%2F%2Fossrdbms-aad.database.windows.net"
# resource_requested = "https://ossrdbms-aad.database.windows.net"


URL = f"{identity_endpoint}?api-version={api_version}&resource={resource_requested}&client_id={CLIENT_ID}"
headers = {"X-IDENTITY-HEADER":identity_header}

try:
req = requests.get(URL, headers=headers)
except Exception as e:
print(str(e))
return str(e)
else:
try:
password = req.json()["access_token"]
except:
password = str(req.text)

return password

但现在我收到此错误:

{"error":{"code":"UnsupportedApiVersion","message":"The HTTP resource that matches the request URI 'http://localhost:8081/msi/token?api-version=2019-08-01&resource=https%3A%2F%2Fossrdbms-aad.database.windows.net&client_id=<client_idxxxxx>' does not support the API version '2019-08-01'.","innerError":null}}

经检查,这似乎是一个普遍错误。即使这不是根本问题,也会传播此错误消息。在 Github 中多次注明。

我的端点现在正确吗?

最佳答案

对于此问题,是由于您请求访问 token 的端点错误造成的。我们可以在azure VM中使用端点http://169.254.169.254/metadata/identity.....,但如果在azure function中我们就不能使用它。

在azure函数中,我们需要从环境中获取IDENTITY_ENDPOINT

identity_endpoint = os.environ["IDENTITY_ENDPOINT"]

端点如下:

http://127.0.0.1:xxxxx/MSI/token/

可以引用这个tutorial关于它,你还可以在教程中找到 python 代码示例。 enter image description here

在我的函数代码中,我还添加了在 token_auth_uri 中创建的托管身份的客户端 ID,但我不确定这里是否需要 client_id (就我而言,我使用用户分配的身份,但不使用系统分配的身份。

token_auth_uri = f"{identity_endpoint}?resource={resource_uri}&api-version=2019-08-01&client_id={client_id}"

更新:

#r "Newtonsoft.Json"

using System.Net;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Primitives;
using Newtonsoft.Json;

public static async Task<IActionResult> Run(HttpRequest req, ILogger log)
{
string resource="https://ossrdbms-aad.database.windows.net";
string clientId="xxxxxxxx";
log.LogInformation("C# HTTP trigger function processed a request.");
HttpWebRequest request = (HttpWebRequest)WebRequest.Create(String.Format("{0}/?resource={1}&api-version=2019-08-01&client_id={2}", Environment.GetEnvironmentVariable("IDENTITY_ENDPOINT"), resource,clientId));
request.Headers["X-IDENTITY-HEADER"] = Environment.GetEnvironmentVariable("IDENTITY_HEADER");
request.Method = "GET";

HttpWebResponse response = (HttpWebResponse)request.GetResponse();
StreamReader streamResponse = new StreamReader(response.GetResponseStream());
string stringResponse = streamResponse.ReadToEnd();
log.LogInformation("test:"+stringResponse);

string name = req.Query["name"];

string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
dynamic data = JsonConvert.DeserializeObject(requestBody);
name = name ?? data?.name;

return name != null
? (ActionResult)new OkObjectResult($"Hello, {name}")
: new BadRequestObjectResult("Please pass a name on the query string or in the request body");
}

关于python - 从 Azure 函数获取托管身份访问 token 时出错,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/62455511/

26 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com