powershell - Azure Datalake Gen1 到 Azure 分析服务的服务到服务身份验证失败
问题描述
我正在使用 Azure 数据湖 Gen1 和 Azure 分析服务。我正在使用 Azure 数据湖连接授权我的 Azure 分析服务数据模型。
对于此活动,Microsoft 维护了一个文档。我遵循同样的方式。基于本文档的理论,我创建了一个 PowerShell 脚本,它执行并带来 access_token。当我获得 access_token 时,我更新 Azure Analysis Services 数据模型连接部分的 XMLA 并部署它。
我曾尝试使用最终用户身份验证机制来实现它,但这不起作用。
当我部署和处理相同的模型时,它工作正常,但是当我在 1 小时后处理时,它给了我以下错误。
Failed to save modifications to the server. Error returned: '<pii>The credentials provided cannot be used for the DataLake source. (Source at https://mydatalake.azuredatalakestore.net/.)</pii>. The exception was raised by the IDbCommand interface.
Technical Details:
RootActivityId: 46646584-7ccb-4946-a38c-b91c1963e82c
Date (UTC): 9/13/2021 7:53:10 PM
<pii>The credentials provided cannot be used for the DataLake source. (Source at https://mydatalake.azuredatalakestore.net/.)</pii>. The exception was raised by the IDbCommand interface.
<pii>The credentials provided cannot be used for the DataLake source. (Source at https://mydatalake.azuredatalakestore.net/.)</pii>. The exception was raised by the IDbCommand interface.
The command has been canceled.. The exception was raised by the IDbCommand interface.
'.
我的 PowerShell 代码
$dataModelsList = "MY-DM-Cost-Test"
$datalakeName= 'mydatalakename'
$aasName= 'asazure://aspaaseastus2.asazure.windows.net/myaasname'
$password = ConvertTo-SecureString -String "lajsdfkjjfdakasjdfhjkud&98asdllfkf" -AsPlainText -Force
$credential = New-Object System.Management.Automation.PSCredential("xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",$password)
Connect-AzAccount -Credential $credential -Tenant $tenantID -ServicePrincipal
$authUrl = "https://login.windows.net/" + $tenantID + "/oauth2/token/"
$body = @{
"resource" = "https://management.azure.com/";
"grant_type" = "client_credentials";
"client_id" = "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
"client_secret" = "lajsdfkjjfdakasjdfhjkud&98asdllfkf"
}
$adlsToken = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body
$date = Get-Date -Format r
$password = ConvertTo-SecureString -String $secretKey -AsPlainText -Force
$credentials = New-Object System.Management.Automation.PSCredential($ClientID,$password)
Connect-AzAccount -Credential $credentials -Tenant $tenantID
for($f = 0; $f -lt $dataModelsList.Count; $f++)
{
if($dataModelsList.Count -eq 1)
{
$AASDatabaseName = $dataModelsList
}
else
{
$AASDatabaseName = $dataModelsList[$f]
}
Write-Output "Refreshing $AASDatabaseName data model ..."
$updateDataSource = '
{
"createOrReplace": {
"object": {
"database": "'+$AASDatabaseName+'",
"dataSource": "DataLake/https://'+$datalakeName+' azuredatalakestore net/",
},
"dataSource": {
"type": "structured",
"name": "DataLake/https://'+$datalakeName+' azuredatalakestore net/",
"connectionDetails": {
"protocol": "data-lake-store",
"address": {
"url": "https://' + $datalakeName + '.azuredatalakestore.net"
}
},
"options": {
"pageSize": 999999999
},
"credential": {
"DataSourceKind": "DataLake",
"AuthenticationKind": "OAuth2",
"Expires": "'+$date+'",
"RefreshToken":"'+$adlsToken.access_token+'",
"token_type": "Bearer",
"scope": "user_impersonation",
"ext_expires_in": "'+$adlsToken.ext_expires_in+'",
"expires_on": "'+$adlsToken.expires_on+'",
"not_before": "'+$adlsToken.not_before+'",
"resource": "https://management.azure.com",
"AccessToken":"'+$adlsToken.access_token+'"
}
}
}
}'
$result = Invoke-ASCmd -Server $AASServerName -Database $AASDatabaseName -Query $updateDataSource -Credential $credentials #-ServicePrincipal
}
上面的代码在响应之后返回。
token_type : Bearer
expires_in : 3599
ext_expires_in : 3599
expires_on : 1631542903
not_before : 1631539003
resource : https://management.azure.com/
access_token : eyxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xx.xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxx
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
据我了解,我的数据模型在 1 小时后无法刷新,因为我没有得到刷新令牌作为响应,所以在可能的帮助下,我可以获得新的访问令牌。但这对我来说只是一个想象的想法。
请帮助我了解为什么我的 Azure Analysis Services 数据模型在一小时后无法处理,然后使用上述脚本刷新凭据。
解决方案
您的令牌即将到期,这并不是一个真正的大问题,因为您可以测试您的令牌是否有效,如果不是,则获取一个新的。因此,令牌响应expires_on
中有一个属性,即 1970-01-01T0:0:0Z UTC 之后的秒数,表示令牌何时到期。因此,我们可以通过以下方式简单地对此进行测试:
If(([datetime]::UtcNow - [datetime]'01/01/1970 00:00:00Z').totalseconds -gt $adlsToken.expires_on){ $adlsToken = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body }
现在我们只是在你引用访问令牌之前把它放好,你应该已经准备好了。
Write-Output "Refreshing $AASDatabaseName data model ..."
If(([datetime]::UtcNow - [datetime]'01/01/1970 00:00:00Z').totalseconds -gt $adlsToken.expires_on){ $adlsToken = Invoke-RestMethod -Uri $authUrl –Method POST -Body $body }
$updateDataSource = '
推荐阅读
- reactjs - 此 ReactJs 示例中如何使用此变量
- c# - 如何将值存储在列表或数组中并将所有值绑定到数据表然后gridview
- typescript - TypeScript 根据接口检查推断类型
- google-bigquery - 无法将 CSV 文件更新为 BQR
- c# - 无法在 Visual Studio 中添加项目引用
- javascript - webpack/babel:在包之间共享变量的最佳方式是什么?
- c - 可以在嵌入式系统固件中使用位域吗?
- regex - 将 ls 的结果通过管道传输到 Powershell 中的命令,使用正则表达式捕获
- swift - CircleImage 在选择器中选择一个选项并添加到列表后不断改变颜色
- javascript - “this”关键字未定义