我尝试了下面的代码:
from azure.identity import ClientSecretCredential
import requests
subscription_id = 'MYSUBID'
client_id = 'MYCLIENTID'
client_secret = 'MYSECRETVALUE'
tenant_id = 'MYTENANTID'
# Create a ClientSecretCredential object
credential = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
url = f"https://management.azure.com/subscriptions/{subscription_id}/resourcegroups?api-version=2021-04-01"
# Get an access token for the Azure Management API
access_token = credential.get_token("https://management.azure.com/.default")
# Make the GET request to retrieve a list of resource groups
headers = {
"Authorization": f"Bearer {access_token}"
}
response = requests.get(url, headers=headers)
if response.status_code == 200:
resource_groups = response.json()
for rg in resource_groups['value']:
print(rg['name'])
else:
print(response.status_code, "-" ,response.text)
所以这段代码给了我下面的错误:
403 - {“error”:{“code”:“AuthorizationFailed”,“message”:“客户端'f89 e9744 - 3f 48 - 444 c-bf 6 f-525 d15974 a46'(对象ID为'f89 e9744 - 3f 48 - 444 c-bf 6 f-525 d15974 a46')没有执行操作'Microsoft.Resources/subscriptions/resourcegroups/read' over scope '/subscriptions/MYSUBID'的授权,或者作用域无效。如果最近授予了访问权限,请刷新您的凭据。"}}
但当我用这个网站列出它时https://learn.microsoft.com/en-us/rest/api/resources/resource-groups/list?tryIt=true&source=docs#code-try-0
它成功列出了资源组。然后我才知道不记名令牌和授权令牌是不同的。
帮助解决此问题。
1条答案
按热度按时间dpiehjr41#
403 - {“error”:{“code”:“AuthorizationFailed”,“message”:“对象ID为'f89 e9744 - 3f 48 xxxx 5974 a46'的客户端'f89 e9744 - 3f 48 - 44 xxx'没有执行操作'Microsoft.Resources/subscribes/resourcegroups/read' over scope '/subscribes/MYSUBID'的授权,或者作用域无效。如果最近授予了访问权限,请刷新您的凭据。"}}
上面的错误告诉我们,您的应用程序没有适当的权限或角色来列出资源组。
要列出资源组,您需要**
Reader
**角色。您可以通过门户分配角色:在分配角色之后,我使用下面的代码来获取资源组列表。
验证码:
输出:
参考:
Resource Groups - List - REST API (Azure Resource Management) | Microsoft Learn