我想读 databases/syncGroups 从api。
using Microsoft.Azure.Management.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent;
var credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(clientId, clientSecret, tenantId, AzureEnvironment.AzureGlobalCloud);
azure = Azure.Configure().Authenticate(credentials).WithSubscription(subscriptionId);
azure.SqlServers.SyncGroups.GetBySqlServer(resourceGroupName, serverName, databaseName, syncGroupName);
认证似乎是有效的,但当我调用 SyncGroups.GetBySqlServer 我得到
The client '***' with object id '***' does not have authorization to perform action 'Microsoft.Sql/servers/databases/syncGroups/read' over scope '/subscriptions/***/resourceGroups/***/providers/Microsoft.Sql/servers/***/databases/***/syncGroups/MyGroup' or the scope is invalid. If access was recently granted, please refresh your credentials.
在消息中,clientId和objectId它的ID是一样的,也是,clientId它不是我传递的那个。所以我不知道这是正常的还是也是我做错了什么。
我试着添加了 databases/syncGroups/read 对我 subscriptions/*** 角色。但它仍然得到同样的错误。
我还遗漏了什么?
我使用了错误的键。
我的做法是这样的
brew update && brew install azure-cli
az ad sp create-for-rbac --name MyApplicatinName
Changing "MyApplicatinName" to a valid URI of "http://MyApplicatinName", which is the required format used for service principal names
Creating a role assignment under the scope of "/subscriptions/***"
{
"appId": "***",
"displayName": "MyApplicatinName",
"name": "http://MyApplicatinName",
"password": "***",
"tenant": "***"
}
clientId = appId
clientSecret = password
var credentials = SdkContext.AzureCredentialsFactory.FromServicePrincipal(clientId, clientSecret, tenantId, AzureEnvironment.AzureGlobalCloud);
var auth = Azure.Configure().Authenticate(credentials);
azure = auth.WithSubscription(subscriptionId);
就这样吧!