[英]How to use Azure Key Vault Python SDK to add access policy?
[英]Python SDK unauthorized access to Key Vault
def auth_callback(server, resource, scope):
credentials = ServicePrincipalCredentials(
client_id = os.getenv('ARM_CLIENT_ID'),
secret = os.getenv('ARM_CLIENT_SECRET'),
tenant = os.getenv('ARM_TENANT_ID'),
resource = "https://vault.azure.net/"
)
token = credentials.token
return token['token_type'], token['access_token']
kv_client = KeyVaultClient(KeyVaultAuthentication(auth_callback))
secret = kv_client.get_secret("https://xxx.vault.azure.net/", "CLIENT-SECRET", KeyVaultId.version_none).value.encode()
完全相同的代码适用于2个不同的租户 (在第三个租户中无效)。 为应用程序服务主体授予了订阅的所有者权限(请确保),赋予了特定的秘密权限,尝试了所有权限,还尝试启用了高级权限(只是提示,我按下“ save
按钮),同时使用两者进行访问门户网站和Powershell(最终结果相同)。
我看到了这些:
以编程方式创建Azure KeyVault机密时,如何解决“不允许设置的操作”错误?
Azure密钥保管库:访问被拒绝
确切错误:
secret = kv_client.get_secret("https://xxx.vault.azure.net/", "CLIENT-SECRET", KeyVaultId.version_none).value.
File "/usr/local/lib/python3.6/site-packages/azure/keyvault/v7_0/key_vault_client.py", line 1846, in get_secret
raise models.KeyVaultErrorException(self._deserialize, response)
azure.keyvault.v7_0.models.key_vault_error_py3.KeyVaultErrorException: Operation returned an invalid status code 'Unauthorized'
看起来是这样的:
resource = "https://vault.azure.net/"
需要这样的:
resource = "https://vault.azure.net"
否则什么都行不通。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.