How to get all storage account name and their access key of Azure using Python

Question

i'm not able to read all the azure storage account name and therir key.

AZURE_TENANT_ID = '<string>'
AZURE_CLIENT_ID = '<string>'
AZURE_CLIENT_SECRET = '<string>'
AZURE_SUBSCRIPTION_ID = '<string>'
import os
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import (
     StorageAccountCreateParameters,
     StorageAccountUpdateParameters,
     Sku,
     SkuName,
     Kind
    )

subscription_id = AZURE_SUBSCRIPTION_ID # your Azure Subscription Id
credentials = ServicePrincipalCredentials(
client_id=AZURE_CLIENT_ID,
secret=AZURE_CLIENT_SECRET,
tenant=AZURE_TENANT_ID
)
resource_client = ResourceManagementClient(credentials, subscription_id)
storage_client = StorageManagementClient(credentials, subscription_id)
print(resource_client,storage_client)
# Retrieve the list of resource groups
for item in storage_client.storage_accounts.list():
    print_item(item)

and after this this code i get this bug

AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'

and while debugging i found that "storage_client.storage_accounts.list()" this statement return iterator object of azure.core.paging.ItemPaged class and it return the same object all the time

pls help me out

Answer 1

We have created the below python script to pull the list of storage accounts & their respective access keys under a particular subscription.

In the below code we have used the ClientSecretCredential libraries under azure.identity instead of ServicePrincipalCredentials which is a newer libraries to authenticate with token credentials based on the Azure documentation .

Here is the python Code:

AZURE_TENANT_ID  =  '<tenantid>'
AZURE_CLIENT_ID  =  '<clientid>'
AZURE_CLIENT_SECRET  =  '<clientsecret>'
AZURE_SUBSCRIPTION_ID  =  '<subscriptionid>'
    
import  os
from  azure.identity  import  ClientSecretCredential
from  azure.mgmt.resource  import  ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import  (StorageAccountCreateParameters,StorageAccountUpdateParameters,
Sku,SkuName,Kind)
    
subscription_id  =  AZURE_SUBSCRIPTION_ID  # your Azure Subscription Id
credentials  =  ClientSecretCredential(tenant_id=AZURE_TENANT_ID,client_id=AZURE_CLIENT_ID,client_secret=AZURE_CLIENT_SECRET)
resource_client  =  ResourceManagementClient(credentials,  subscription_id)
storage_client  = StorageManagementClient(credentials,  subscription_id)
    
# Retrieve the list of resource groups
resourcelist=resource_client.resource_groups.list()
for  item  in  resourcelist:
    for  item1  in  resource_client.resources.list_by_resource_group(item.name):
        if(item1.type=='Microsoft.Storage/storageAccounts'):
            storage_keys  =  storage_client.storage_accounts.list_keys(item.name,  item1.name)
            storage_keys  =  {v.key_name:  v.value for  v  in  storage_keys.keys}
            print(item.name,('\tKey 1: {}'.format(storage_keys['key1'])))
            print(item.name,('\tKey 2: {}'.format(storage_keys['key2'])))

Here is the Output screenshot for reference :

Note:

The service principal that you are using for authentication in the above code,needs to have RBAC role storage Account Contributor for the whole subscription.