[英]Gdal connection to Azure Data Lake Storage (Gen 2) virtual file using AZURE_STORAGE_ACCESS_TOKEN
我想从gdal 版本 3.5访问我的 Azure 数据湖存储(第 2 代)文件,使用 AZURE_STORAGE_ACCESS_TOKEN 进行身份验证,如下所述: https://gdal.org/user/virtual_file_systems.html#sia
我们的组织存储帐户中未启用任何其他身份验证选项(AZURE_STORAGE_CONNECTION_STRING、AZURE_NO_SIGN_REQUEST=YES、AZURE_STORAGE_SAS_TOKEN...)
不知道为什么 oauth2 令牌调用 Azure 不起作用 - 请参阅https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow
url: https://login.microsoftonline.com/<TENANT_ID>/oauth2/token
headers: {'Content-Type': 'application/x-www-form-urlencoded', 'Accept': 'application/json'}数据请求: {'client_id': '<client_id>', 'resource': 'https://storage.azure.com/.default', 'client_secret': '[REDACTED]', 'grant_type': 'client_credentials'}
响应: {'token_type': 'Bearer', 'expires_in': '3599', 'ext_expires_in': '3599', 'expires_on': '1663774788', 'not_before': '1663770888', 'resource': '<azure_enterprise_app_id>', 'access_token': '<REDACTED>'}
原来您可以使用 MSAL(python SDK)设置 AZURE_STORAGE_ACCESS_TOKEN 参见https://github.com/AzureAD/microsoft-authentication-library-for-python
这有效:
from msal import ConfidentialClientApplication
def get_token():
app = ConfidentialClientApplication(
os.getenv("AZURE_SP_CLIENT_ID"),
authority="https://login.microsoftonline.com/mmcglobal.onmicrosoft.com",
client_credential=os.getenv("AZURE_SP_CLIENT_SECRET"),
)
result = app.acquire_token_for_client(scopes="https://storage.azure.com/.default")
if "access_token" in result:
# Call a protected API with the access token.
# print(result["token_type"])
print("Setting access token")
else:
print(result.get("error"))
print(result.get("error_description"))
print(result.get("correlation_id")) # You might need this when reporting a bug.
return result['access_token']
os.environ["AZURE_STORAGE_ACCOUNT"] = <account_name>
os.environ["AZURE_STORAGE_ACCESS_TOKEN"]=get_token()
现在我可以从 /vsiadls/ 加载文件
Azure Data Lake Storage Gen2访问令牌生成-“ AADSTS65001:用户或管理员未同意使用ID为ID的应用程序
[英]Azure Data Lake Storage Gen2 access token generation - "AADSTS65001: The user or administrator has not consented to use the application with ID
Azure Data Lake Storage Gen2的托管服务身份配置
[英]Managed Service Identity configuration for Azure Data Lake Storage Gen2
无法使用 azure-sdk-for-js 使用 Angular 访问 Azure Data Lake Gen2 的文件系统
[英]Unable to access FileSystem of Azure Data Lake Gen2 with Angular using azure-sdk-for-js
对 Azure Data Lake Storage Gen 2 的 REST API 调用不起作用。 给我错误“受众验证失败。受众不匹配”
[英]REST API call to Azure Data lake Storage Gen 2 not working. Giving me error "Audience validation failed. Audience did not match"
如何在 C# 中使用服务主体(clientId 和 clientSecret)为 Azure Data Lake Store(Gen-2)创建 SAS 令牌?
[英]How to create SAS token for Azure Data Lake Store (Gen-2) using service principals (clientId and clientSecret) in C#?
如何使用服务主体或 oauth2 通过 azure Active Directory 获取用于 azure 存储帐户访问的令牌?
[英]How to fetch token for azure storage account access via azure active directory using service principal or oauth2?
使用HttpClient的Azure Data Lake Store“未在'Authorization'标头中提供访问令牌”
[英]Azure Data Lake Store “The access token is not provided in the 'Authorization' header” using HttpClient
如何在浏览器上打开文件,而不是在本地下载存储在 Azure Data Lake Gen 2 中的文件
[英]How to open the file on browser instead of downloading in local that is stored in Azure Data lake Gen 2
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.