如何使用python生成auth token并列出azure中的资源组?

xe55xuns  于 2023-09-29  发布在  Python
关注(0)|答案(1)|浏览(90)

我尝试了下面的代码:

from azure.identity import ClientSecretCredential
import requests

subscription_id = 'MYSUBID'
client_id = 'MYCLIENTID'
client_secret = 'MYSECRETVALUE'
tenant_id = 'MYTENANTID'

# Create a ClientSecretCredential object
credential = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

url = f"https://management.azure.com/subscriptions/{subscription_id}/resourcegroups?api-version=2021-04-01"
# Get an access token for the Azure Management API
access_token = credential.get_token("https://management.azure.com/.default")

# Make the GET request to retrieve a list of resource groups
headers = {
    "Authorization": f"Bearer {access_token}"
}

response = requests.get(url, headers=headers)

if response.status_code == 200:
    resource_groups = response.json()
    for rg in resource_groups['value']:
        print(rg['name'])
else:
    print(response.status_code, "-" ,response.text)

所以这段代码给了我下面的错误:
403 - {“error”:{“code”:“AuthorizationFailed”,“message”:“客户端'f89 e9744 - 3f 48 - 444 c-bf 6 f-525 d15974 a46'(对象ID为'f89 e9744 - 3f 48 - 444 c-bf 6 f-525 d15974 a46')没有执行操作'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/MYSUBID'的授权,或者作用域无效。如果最近授予了访问权限,请刷新您的凭据。"}}
但当我用这个网站列出它时https://learn.microsoft.com/en-us/rest/api/resources/resource-groups/list?tryIt=true&source=docs#code-try-0
它成功列出了资源组。然后我才知道不记名令牌和授权令牌是不同的。
帮助解决此问题。

dpiehjr4

dpiehjr41#

403 - {“error”:{“code”:“AuthorizationFailed”,“message”:“对象ID为'f89 e9744 - 3f 48 xxxx 5974 a46'的客户端'f89 e9744 - 3f 48 - 44 xxx'没有执行操作'Microsoft.Resources/subscribes/resourcegroups/read' over scope '/subscribes/MYSUBID'的授权,或者作用域无效。如果最近授予了访问权限,请刷新您的凭据。"}}
上面的错误告诉我们,您的应用程序没有适当的权限或角色来列出资源组。
要列出资源组,您需要**Reader**角色。您可以通过门户分配角色:

  • 进入Azure门户->订阅->访问控制(IAM)->添加->添加角色分配->搜索(读者角色)->选择成员(您的应用程序)->单击查看+分配。*

在分配角色之后,我使用下面的代码来获取资源组列表。

验证码:

from azure.identity import ClientSecretCredential
import requests

subscription_id = 'xxx'
client_id = 'xxx'
client_secret = 'xxxxx'
tenant_id = 'xxxx'

# Create a ClientSecretCredential object
credential = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

url = f"https://management.azure.com/subscriptions/{subscription_id}/resourcegroups?api-version=2021-04-01"
# Get an access token for the Azure Management API
access_token = credential.get_token("https://management.azure.com/.default").token

# Make the GET request to retrieve a list of resource groups
h1 = {
    "Authorization": f"Bearer {access_token}"
}
response = requests.get(url,headers=h1)

if response.status_code == 200:
    resource_groups = response.json()
    print(f"-----Resource Group Names------")
    for rg in resource_groups['value']:
        print(rg['name'])
else:
    print(response.status_code, "-" ,response.text)

输出:

参考:

Resource Groups - List - REST API (Azure Resource Management) | Microsoft Learn

相关问题