我想要执行各种 VM 操作,例如启动 VM、取消分配它,而无需使用 Azure python SDK 进行手动登录步骤。为此,我必须使用用户分配的托管标识。因此,我创建了一个 Ubuntu VM,这是一个用户分配的托管身份。
用户分配的托管身份被分配为“虚拟机贡献者”角色,并根据门户链接到虚拟机。我假设即使我没有登录运行下面提到的代码,它仍然应该验证并访问虚拟机。为了检查我是否使用 az logout
命令注销了 cli,此时出现了以下错误。即使登录时错误仍然存在。
尝试使用 DefaultAzureCredentials,但在我注销时发现没有运气。
错误
ImdsCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource. Traceback (most recent call last): File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_credentials/imds.py", line 91, in _request_token token = self._client.request_token(*scopes, headers={"Metadata": "true"}) File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client.py", line 120, in request_token token = self._process_response(response, request_time) File "/home/sehajvm/.local/lib/python3.10/site-packages/azure/identity/_internal/managed_identity_client.py", line 61, in _process_response raise ClientAuthenticationError( azure.core.exceptions.ClientAuthenticationError: Unexpected response "{'error': 'invalid_request', 'error_description': 'Identity not found'}" Content: {"error":"invalid_request","error_description":"Identity not found"}
我担心的主要错误是
ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.
执行操作的代码:
import os
from azure.mgmt.compute import ComputeManagementClient
from azure.identity import ManagedIdentityCredential
# Set subscription and resource group variables
subscription_id = ''
resource_group = ''
client_id = ''
# Set virtual machine name and new power state
vm_name = 'additionalvm'
new_power_state = 'begin_deallocate'
# Authenticate with Azure using a managed identity
credentials = ManagedIdentityCredential(client_id=client_id)
# Create a ComputeManagementClient object
compute_client = ComputeManagementClient(credentials, subscription_id)
# Get the virtual machine
vm = compute_client.virtual_machines.get(resource_group, vm_name)
# Stop or start the virtual machine
if new_power_state == 'begin_deallocate':
async_vm_stop = compute_client.virtual_machines.begin_deallocate(resource_group, vm_name)
async_vm_stop.wait()
print(f"Virtual machine {vm_name} has been stopped.")
elif new_power_state == 'begin_start':
async_vm_start = compute_client.virtual_machines.begin_start(resource_group, vm_name)
async_vm_start.wait()
print(f"Virtual machine {vm_name} has been started.")
else:
print(f"Invalid power state: {new_power_state}")
最佳答案
ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable. The requested identity has not been assigned to this resource.
在本地环境中,ManagedIdentityCredential 不支持用户管理身份
您必须使用DefaultAzureCredential如果您在本地环境中运行代码。关注Stack link作者:吴艾伦
以下是使用 DefaultAzureCredential 停止或启动虚拟机的代码。
import os
from azure.mgmt.compute import ComputeManagementClient
from azure.identity import DefaultAzureCredential
subscription_id = ''
resource_group = 'Venkat-resource-group'
vm_name ='venkat-windows'
new_power_state = 'begin_deallocate'
credentials = DefaultAzureCredential()
compute_client = ComputeManagementClient(credentials, subscription_id)
vm = compute_client.virtual_machines.get(resource_group, vm_name)
if new_power_state == 'begin_deallocate':
async_vm_stop = compute_client.virtual_machines.begin_deallocate(resource_group, vm_name)
async_vm_stop.wait()
print(f"Virtual machine {vm_name} has been stopped.")
elif new_power_state == 'begin_start':
async_vm_start = compute_client.virtual_machines.begin_start(resource_group, vm_name)
async_vm_start.wait()
print(f"Virtual machine {vm_name} has been started.")
else:
print(f"Invalid power state: {new_power_state}")
输出:
Virtual machine venkat-windows has been stopped.
运行上述代码后,Azure VM 成功释放
关于azure - 托管身份未分配给资源,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76073973/