如何使用服务主体和 Python SDK 对 Azure 进行身份验证？

Question

我目前正在尝试使用azure-mgmt-support MicrosoftSupport 客户端对 Azure 进行身份验证，并且收到以下错误：

AdalError: Get Token request returned http error: 400 and server response: {"error":"unauthorized_client","error_description":"AADSTS700016: Application with identifier 'xxx' was not found in the directory 'management.core.windows.net'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.

我已经仔细检查过，并且肯定使用了正确的client_id和tenant_id 。 我在这里想念什么？ 我的代码如下：

from azure.mgmt.support import MicrosoftSupport
from msrestazure.azure_active_directory import ServicePrincipalCredentials 

sub_id = 'xxx'
sp_creds = ServicePrincipalCredentials(client_id='xxx', secret='xxx')

SupportClient = MicrosoftSupport(sp_creds, sub_id)

Answer 1

经过短暂的步行并再次查看文档后，我发现了我的错误 - 我缺少ServicePrincipalCredentials tenant_id中的tenant_id。 从 SDK 规范或错误消息中看不出这是缺少的，因为唯一需要的变量是client_id和secret ，但是当我在文档中查看这个示例时，我意识到它丢失了（粘贴下面的代码以防万一文档页面更改）。

import os
from azure.mgmt.resource import SubscriptionClient
from azure.common.credentials import ServicePrincipalCredentials

# Retrieve the IDs and secret to use with ServicePrincipalCredentials
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
tenant_id = os.environ["AZURE_TENANT_ID"]
client_id = os.environ["AZURE_CLIENT_ID"]
client_secret = os.environ["AZURE_CLIENT_SECRET"]

credential = ServicePrincipalCredentials(tenant=tenant_id, client_id=client_id, secret=client_secret)

subscription_client = SubscriptionClient(credential)

subscription = next(subscription_client.subscriptions.list())
print(subscription.subscription_id)