python - 由于 AuthorizationPermissionMismatch,无法使用 python 对 ADLS 进行身份验证
问题描述
我正在使用下面的 python 身份验证脚本使用服务主体详细信息连接到 ADLS,但它不断抛出异常:azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
分配给我的角色是“存储 blob 数据所有者”,但不确定缺少什么?
蟒蛇代码:
from azure.storage.filedatalake import DataLakeServiceClient
from azure.identity import ClientSecretCredential
TENANT_ID = 'XXXXXXXXXX'
CLIENT_ID = 'XXXXXXXXXX'
CLIENT_SECRET = 'XXXXXXXXXX'
STORAGE_ACCOUNT_NAME = 'XXXXXXXXXX'
credential = ClientSecretCredential(TENANT_ID, CLIENT_ID, CLIENT_SECRET)
service_client = DataLakeServiceClient(account_url="{}://{}.dfs.core.windows.net".format(
"https", STORAGE_ACCOUNT_NAME), credential=credential)
print(service_client.primary_endpoint) # Can see the primary endpoint.
file_system_client = service_client.get_file_system_client("my-container")
file_system_client.create_directory("test-dir") #Throwing the (AuthorizationPermissionMismatch) error.
print("test directory created.")
完整的跟踪:
Traceback (most recent call last):
File "/home//lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py", line 200, in _create
return self._client.path.create(**options)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_generated/operations/_path_operations.py", line 248, in create
raise HttpResponseError(response=response, model=error)
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
RequestId:80605399-e01f-0038-2cd2-0a4210000000
Time:2021-02-24T17:25:49.0969802Z
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "adls_client.py", line 30, in <module>
file_system_client.create_directory("test-dir")
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_file_system_client.py", line 540, in create_directory
directory_client.create_directory(metadata=metadata, **kwargs)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_data_lake_directory_client.py", line 160, in create_directory
return self._create('directory', metadata=metadata, **kwargs)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py", line 202, in _create
process_storage_error(error)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_deserialize.py", line 150, in process_storage_error
raise error
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
解决方案
我可以重现您的错误:
我很确定您的代码没有问题,并且Storage blob data owner是您的 AD 应用程序的正确 RBAC 角色。我想可能问题出在RBAC角色没有立即生效,你需要等待一段时间。然后它应该工作。
推荐阅读
- react-native - 安装 react-native-async-storage 后开玩笑测试失败
- asp.net-core - log4net 日志消息不包含方法名称
- c# - 我的代码有什么问题:“用 C# 中的剪裁器库用线段(主题)剪裁多边形(椭圆点)”
- prestashop - 订单确认非常慢
- continuous-integration - 从 GitLab CI/CD 自动部署后如何安装依赖项
- android - 如何从代码更改滑动按钮的状态?
- ruby-on-rails - 跳过 ActiveAdmin 中特定收集操作的身份验证
- ionic4 - 如何在 ionic 中使用 Mapbox-gl-geocoder
- mysql - 使用 power shell 执行 mysql 转储
- javascript - 默认情况下折叠 HTML 表格行