azure 未分配给资源的托管标识

我想使用Azure Python SDK执行各种VM操作，例如启动VM，释放它而无需手动登录步骤。为此，我必须使用用户分配的托管标识。所以我创建了一个Ubuntu VM，一个用户分配的托管身份。
用户分配的托管身份被分配为“虚拟机贡献者”角色，并根据门户链接到VM。我假设它仍然应该验证和访问虚拟机，即使我没有登录运行下面提到的代码。为了检查我是否使用az logout命令注销了cli，这时出现了以下错误。即使在登录时，错误仍然存在。
尝试使用DefaultAzureCredentials，但在注销时没有找到。

错误

ImdsCredential。get_token失败：ManagedIdentityCredential身份验证不可用。请求的标识尚未分配给此资源。ManagedIdentityCredential。get_token失败：ManagedIdentityCredential身份验证不可用。请求的标识尚未分配给此资源。追溯（最近一次调用）：文件“/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_credentials/imds。py”，第91行，in _request_token = self。_client.request_token（*scopes，header ={“Metadata”：“true”}）File“/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client。py”，第120行，在request_token token = self中。_process_response（response，request_time）文件“/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client。py”，第61行，in _process_response raise ClientAuthenticationError（azure.core.exceptions.ClientAuthenticationError：意外响应“'error'”：'invalid_request'，'error_description'：'Identity not found'}”内容：{“error”：“invalid_request”，“error_description”：“未找到标识”}

我关心的主要错误是

ManagedIdentityCredential。get_token失败：ManagedIdentityCredential身份验证不可用。请求的标识尚未分配给此资源。

操作代码：

import os 
from azure.mgmt.compute import ComputeManagementClient 
from azure.identity import ManagedIdentityCredential 

# Set subscription and resource group variables 
subscription_id = '' 
resource_group = '' 
client_id = '' 

# Set virtual machine name and new power state 
vm_name = 'additionalvm' 
new_power_state = 'begin_deallocate'  

# Authenticate with Azure using a managed identity 
credentials = ManagedIdentityCredential(client_id=client_id) 

# Create a ComputeManagementClient object 
compute_client = ComputeManagementClient(credentials, subscription_id) 

# Get the virtual machine 
vm = compute_client.virtual_machines.get(resource_group, vm_name) 

# Stop or start the virtual machine 
if new_power_state == 'begin_deallocate': 
   async_vm_stop = compute_client.virtual_machines.begin_deallocate(resource_group, vm_name)
   async_vm_stop.wait() 
   print(f"Virtual machine {vm_name} has been stopped.") 
elif new_power_state == 'begin_start': 
   async_vm_start = compute_client.virtual_machines.begin_start(resource_group, vm_name)
   async_vm_start.wait() 
   print(f"Virtual machine {vm_name} has been started.") 
else: 
   print(f"Invalid power state: {new_power_state}")

ManagedIdentityCredential。get_token失败：ManagedIdentityCredential身份验证不可用。请求的标识尚未分配给此资源。
本地环境下，ManagedIdentityCredential不支持User Managed Identity
如果在本地环境中运行代码，则必须使用DefaultAzureCredential。跟随艾伦Wu的Stack link
下面是使用DefaultAzureCredential停止或启动虚拟机的代码。

import os
from azure.mgmt.compute import ComputeManagementClient
from azure.identity import DefaultAzureCredential
subscription_id = ''
resource_group = 'Venkat-resource-group'
vm_name ='venkat-windows'
new_power_state = 'begin_deallocate'
credentials = DefaultAzureCredential()
compute_client = ComputeManagementClient(credentials, subscription_id)
vm = compute_client.virtual_machines.get(resource_group, vm_name)
if new_power_state == 'begin_deallocate':
async_vm_stop = compute_client.virtual_machines.begin_deallocate(resource_group, vm_name)
async_vm_stop.wait()
print(f"Virtual machine {vm_name} has been stopped.")
elif new_power_state == 'begin_start':
async_vm_start = compute_client.virtual_machines.begin_start(resource_group, vm_name)
async_vm_start.wait()
print(f"Virtual machine {vm_name} has been started.")
else:
print(f"Invalid power state: {new_power_state}")

输出：

Virtual machine venkat-windows has been stopped.

运行上述代码后，Azure VM解除分配成功

azure 未分配给资源的托管标识

1条答案

相关问题

热门标签

最新问答