python - Http响应错误: This request is not authorized to perform this operation using this permission in Python Azure Function

Question

• Python 3.11 - Azure 函数 - Http 触发器
• 功能 -(包利用 - Pandas、Numpy、dateutil)、列出 blob
• IDE - VS Code

local.settings.json:

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "<storage-acc-conn-str>",
    "FUNCTIONS_WORKER_RUNTIME": "python"
  }
}

init.py:

import logging
import azure.functions as func

import pandas as pd  
import numpy as np

# importing methods from the datetime module as a base.  
import datetime  
# importing several methods from the dateutil subclasses.  
from dateutil.relativedelta import *  
from dateutil.easter import *  
from dateutil.parser import *  
from dateutil.rrule import *

from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP trigger function processed a request.')
    # Code for Pandas Package
    info = np.array(['P','a','n','d','a','s'])  
    a = pd.Series(info)
    print(a)
    
    
    # Creating some datetime objects  
    present_datetime = datetime.datetime.now()  
    print("The Present datetime:", present_datetime)  
    present_date = datetime.date.today()  
    print("The Present date:", present_date)  
    
    account_url = "https://<storageaccname>.blob.core.windows.net"
    default_credential = DefaultAzureCredential()

    # Create the BlobServiceClient object
    blob_service_client = BlobServiceClient(account_url, credential=default_credential)
    container_client = blob_service_client.get_container_client("textfilescontainer")
    print("\nListing blobs...")

    # List the blobs in the container
    blob_list = container_client.list_blobs()
    for blob in blob_list:
        print("\t" + blob.name)
    
    
    
    return func.HttpResponse(f"Hello Hasher, This HTTP triggered function executed successfully.")

requirements.txt:

azure-functions
numpy
pandas
python-dateutil
azure.storage.blob
azure.identity

订阅和存储帐户的角色分配:

结果:

For detailed output, run func with --verbose flag.
[2023-06-06T08:04:10.811Z] Worker process started and initialized.
[2023-06-06T08:04:12.391Z] Executing 'Functions.HttpTrigger1' (Reason='This function was programmatically called via the host APIs.', 
Id=<alphanumericid)
[2023-06-06T08:04:12.462Z] No environment configuration found.
[2023-06-06T08:04:12.462Z] Python HTTP trigger function processed a request.
[2023-06-06T08:04:12.462Z] ManagedIdentityCredential will use IMDS
[2023-06-06T08:04:12.462Z] Request URL: 'http://ipaddr/metadata/identity/oauth2/token?api-version=REDACTED&resource=REDACTED'Request method: 'GET'
Request headers:
    'User-Agent': 'azsdk-python-identity/1.13.0 Python/3.11.3 (Windows-10-10.0.)'
No body was attached to the request
[2023-06-06T08:04:15.368Z] Host lock lease acquired by instance ID 'alphanumericid'.
[2023-06-06T08:04:16.781Z] DefaultAzureCredential acquired a token from AzurePowerShellCredential
[2023-06-06T08:04:16.782Z] Request URL: 'https://storageaccountname.blob.core.windows.net/textfilescontainer?restype=REDACTED&comp=REDACTED'  
Request method: 'GET'
Request headers:
    'x-ms-version': 'REDACTED'
    'Accept': 'application/xml'
    'User-Agent': 'azsdk-python-storage-blob/12.16.0 Python/3.11.3 (Windows-10-10.0.
    'x-ms-date': 'REDACTED'
    'x-ms-client-request-id': 'alphanumericid'
    'Authorization': 'REDACTED'
No body was attached to the request
[2023-06-06T08:04:17.175Z] Response status: 403
Response headers:
    'Content-Length': '279'
    'Content-Type': 'application/xml'
    'Server': 'Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0'
    'x-ms-request-id': 'alphanumericid'
    'x-ms-client-request-id': 'alphanumericid'
    'x-ms-version': 'REDACTED'
    'x-ms-error-code': 'AuthorizationPermissionMismatch'
    'Date': 'Tue, 06 Jun 2023 08:04:16 GMT'
[2023-06-06T08:04:17.232Z] Executed 'Functions.HttpTrigger1' (Failed, Id=alphanumericid, Duration=4852ms)
[2023-06-06T08:04:17.234Z] System.Private.CoreLib: Exception while executing function: Functions.HttpTrigger1. System.Private.CoreLib: Result: Failure
Exception: HttpResponseError: This request is not authorized to perform this operation using this permission.

我尝试了此 SO Thread 中给出的解决方案但仍然无法正常工作。

有人能确定我缺少什么吗？

Answer 1

正如您在评论中告知的那样，该用户是订阅所有者并使用同一用户执行开发操作，这将不起作用，因为该用户是外部用户。

在 Azure Active Directory > 用户列表中检查您登录所用用户的用户主体名称。

您可以而且必须使用在 Azure AD 域中创建的用户执行所有这些开发操作。例如:`[ [email protected] ]。此 UPN(用户主体名称)不应包含 #EXT 单词。