在Azure函数中使用Azure Fluent SDK时,如何使用托管服务标识创建azure对象?
[英]When using the Azure Fluent SDK in an Azure Function how can I create an azure object using a Managed Service Identity?
问题描述
I am writing an Azure function which will update an Azure DNS zone. 
我正在编写一个Azure功能,它将更新Azure DNS区域。 The function has a Managed Service Identity (MSI) attached to it. 该功能附加了托管服务标识(MSI)。
I am able to use the non-fluent SDK to read the current records in the DNS zone. 我能够使用非流畅的SDK来读取DNS区域中的当前记录。 However when I try and do the same thing using the fluent libraries I get the following error: 但是当我尝试使用流畅的库做同样的事情时,我得到以下错误:
[07/11/2018 14:36:37] Executed 'Function1' (Failed,Id=8d34472e-956a-4ff3-a1b1-16ea6186934a)
[07/11/2018 14:36:37] System.Private.CoreLib: Exception while executing function: Function1.Microsoft.Azure.Management.ResourceManager.Fluent: Value cannot be null.
[07/11/2018 14:36:37] Parameter name: MSI_ENDPOINT.
So that I can easily test the difference between the two libraries, I have put together a test function. 这样我就可以轻松测试两个库之间的区别,我已经把测试函数放在一起了。
using System;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Azure.WebJobs;
using Microsoft.Azure.WebJobs.Extensions.Http;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Logging;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Services.AppAuthentication;
using Microsoft.Rest;
using Microsoft.Azure.Management.Dns;
using Microsoft.Azure.Management.ResourceManager.Fluent.Core;
namespace UpdateDNS
{
public static class Function1
{
[FunctionName("Function1")]
public static async Task<IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", Route = "{subscription}/{rg_name}/{zone_name}/{lib}")] HttpRequest req,
string subscription,
string rg_name,
string zone_name,
string lib,
ILogger log)
{
log.LogInformation("C# HTTP trigger function processed a request.");
int count = 0;
dynamic records;
// determine the lib to use to get the dns data
switch (lib)
{
case "fluent":
AzureCredentialsFactory factory = new AzureCredentialsFactory();
MSILoginInformation msi = new MSILoginInformation(MSIResourceType.AppService);
AzureCredentials msiCred = factory.FromMSI(msi, AzureEnvironment.AzureGlobalCloud);
var azureAuth = Azure.Configure().WithLogLevel(HttpLoggingDelegatingHandler.Level.BodyAndHeaders).Authenticate(msiCred);
// set the subscription to work with
var azure = azureAuth.WithSubscription(subscription);
var dnszone = azure.DnsZones.GetByResourceGroup(rg_name, zone_name);
records = dnszone.ListRecordSets();
break;
default:
// get the token from the managed service identity
AzureServiceTokenProvider token_provider = new AzureServiceTokenProvider();
string token = await token_provider.GetAccessTokenAsync("https://management.azure.com");
TokenCredentials token_creds = new TokenCredentials(token);
// create the dns client
DnsManagementClient client = new DnsManagementClient(token_creds);
client.SubscriptionId = subscription;
records = client.RecordSets.ListAllByDnsZone(rg_name, zone_name);
break;
}
foreach (var record in records)
{
Console.WriteLine(record.Name);
count++;
}
return new OkObjectResult($"Records: {count}");
}
}
}
This is an HTTP triggered Azure function and allows the subscription, resource group and DNS zone to be passed in as parameters as well as the library to use. 这是一个HTTP触发的Azure功能,允许将订阅,资源组和DNS区域作为参数以及要使用的库传递。
So in order to test the non-fluent libs I can call the following: 因此,为了测试非流畅的库,我可以调用以下内容:
http://localhost:7071/api/ee65837a-8b52-4fed-9820-f2eb0bb11baf/my_rg/my_zone/stable HTTP://本地主机:7071 / API / ee65837a-8b52-4fed-9820-f2eb0bb11baf / my_rg / my_zone /稳定
This will return something like: 这将返回如下内容:
Records: 3
However if I try and run the same query but using the fluent libs I get the error as shown above: 但是,如果我尝试运行相同的查询但使用流畅的库,我会收到如上所示的错误:
http://localhost:7071/api/ee65837a-8b52-4fed-9820-f2eb0bb11baf/my_rg/my_zone/fluent HTTP://本地主机:7071 / API / ee65837a-8b52-4fed-9820-f2eb0bb11baf / my_rg / my_zone /流利
Am I missing a parameter that needs to be passed in? 我错过了需要传入的参数吗? I am not sure where the 'MSI_ENDPOINT' would be set and what it should be set to. 我不确定'MSI_ENDPOINT'的设置位置以及应该设置的位置。 My feeling is that this should be done for me. 我的感觉是应该为我做这件事。
The versions of the libraries that are in use are: 正在使用的库的版本是:
Microsoft.Azure.Management.DNS 3.0.1
Microsoft.Azure.Management.Fluent 1.17.0
Microsoft.Azure.Services.AppAuthentication 1.0.3
I am running this locally within Visual Studio which is logged into an account with the appropriate access to Azure. 我在Visual Studio中本地运行它,该帐户登录到具有对Azure的适当访问权限的帐户。
1 个解决方案
解决方案1
2 已采纳 2018-11-08 08:55:59
I am running this locally within Visual Studio which is logged into an account with the appropriate access to Azure.
You don't have Manage Service Identity on your local machine so you could not work well with the first method in local. 您在本地计算机上没有“管理服务标识”,因此无法使用本地第一种方法。 As junnas said, you could use Azure Services Authentication Extension with AzureServiceTokenProvider which retrieves your account to access to Azure. 正如junnas所说,您可以将Azure Services Authentication Extension与AzureServiceTokenProvider一起AzureServiceTokenProvider ,后者会检索您的帐户以访问Azure。
For more details, you could refer to this article . 有关更多详细信息,请参阅此文章 。
So, firstly you need to do is go to you yourappname.scm.azurewebsites.net and select Environment to check if there is MSI_ENDPOINT variable in it. 所以,首先你需要做的是找你yourappname.scm.azurewebsites.net并选择Environment来检查其中是否有MSI_ENDPOINT变量。 Which means you have set up MSI successfully. 这意味着您已成功设置MSI。
Secondly, publish the function to Azure and it will work fine. 其次,将功能发布到Azure,它将正常工作。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.