我正在尝试使用ARM模板将资源部署到Azure China。我有为 Azure 执行此操作的代码,现在我正在针对 Azure 中国进行调整,我相信我应该执行的唯一更改是
更改凭证中的授权主机
self.credentials = DefaultAzureCredential(authority = AzureAuthorityHosts.AZURE_CHINA)
更改客户端中的管理 URL。
endpoints = get_cloud_from_metadata_endpoint(os.environ.get("ARM_ENDPOINT"))
self.client = ResourceManagementClient(self.credentials, self.subscriptionId, base_url=endpoints.endpoints.resource_manager)
下面是我正在使用的代码
Python代码:
def __init__(self, subscriptionId, resourceGroup):
self.logger = Logger("Azure China Connection")
self.logger.info("Retrieving the list of available endpoint")
# ARM_ENDPOINT = https://management.chinacloudapi.cn
endpoints = get_cloud_from_metadata_endpoint(os.environ.get("ARM_ENDPOINT"))
self.subscriptionId = subscriptionId
self.resourceGroup = resourceGroup
self.credentials = DefaultAzureCredential(authority = AzureAuthorityHosts.AZURE_CHINA)
self.logger.info("Creating a client for deploying resources on subscription {}".format(self.subscriptionId))
self.client = ResourceManagementClient(self.credentials, self.subscriptionId,
# endpoints.endpoints.resource_manager = https://management.chinacloudapi.cn
base_url=endpoints.endpoints.resource_manager)
self.logger.success("Client was successfully created")
def deploy(self, template, parameters):
resources = ""
for resource in template.get("resources"):
resources += "\n\t {}".format(resource.get("type"))
self.logger.info("The following resources: {}\nwill be deployed".format(resources))
deploymentProperties = DeploymentProperties(
mode = DeploymentMode.incremental,
template = template,
parameters = parameters.get("parameters")
)
self.logger.info("Attempting deploy operation")
deployment = self.client.deployments.begin_create_or_update(
self.resourceGroup,
uuid7(),
Deployment(properties=deploymentProperties)
) # Error occurs here
self.logger.success("Resources deployment successfully triggered")
return deployment.result()
load_dotenv()
connection = new AzureChinaConnection(os.environ.get("AZURE_SUBSCRIPTION_ID"), os.environ.get("AZURE_RESOURCE_GROUP"))
deployment = self.connection.deploy(template.json(), parameter.json())
**Message=**DefaultAzureCredential 未能从 包括凭据。 尝试的凭据: 环境凭据: 身份验证失败: AADSTS500011: 名为的资源主体 在名为 EY 的租户中找不到https://management.azure.com 中国。如果应用程序尚未安装,则可能会发生这种情况 租户的管理员或经租户中任何用户同意 租户。您可能将身份验证请求发送到了错误的地址 租户。 跟踪 ID: ace63d66-af4b-4457-b6c9-6ce050e34700 相关 ID: d85942a5-35fb-493f-8eef-ee9fe1f64b7f 时间戳: 2022-09-29 19:44:47Z 要缓解此问题,请参阅故障排除指南 这里在 https://aka.ms/azsdk/python/identity/defaultazurecredential/troubleshoot。
根据错误消息,我似乎指向了错误的端点https://management.azure.com而不是https://management.chinacloudapi.cn。那么问题来了,我应该在哪里设置呢?
我认为它已经在 __init__ 中完成了
self.client = ResourceManagementClient(self.credentials, self.subscriptionId,
# endpoints.endpoints.resource_manager = https://management.chinacloudapi.cn
base_url=endpoints.endpoints.resource_manager)
但似乎还不够。
经过一番努力,终于找到了解决办法。似乎没有列出资源管理器客户端的所有属性: https://learn.microsoft.com/en-us/python/api/azure-mgmt-resource/azure.mgmt.resource.resources.resourcemanagementclient?view=azure-python
有一个名为 credential_scopes 的属性,应设置该属性以进行更改
credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"])
所以函数看起来像
def __init__(self, subscriptionId, resourceGroup):
self.subscriptionId = subscriptionId
self.resourceGroup = resourceGroup
self.credentials = DefaultAzureCredential()
self.logger.info("Creating a client for deploying resources on subscription {}".format(self.subscriptionId))
self.client = ResourceManagementClient(self.credentials, self.subscriptionId,
base_url=CLOUD.endpoints.resource_manager,
credential_scopes=[CLOUD.endpoints.resource_manager + "/.default"])
subscription_id = os.getenv("AZURE_SUBSCRIPTION_ID")
credential = DefaultAzureCredential()
resource_client = ResourceManagementClient(credential, subscription_id, base_url='https://management.chinacloudapi.cn', credential_scopes=["https://management.chinacloudapi.cn/.default"])
web_client = WebSiteManagementClient(credential, subscription_id, base_url='https://management.chinacloudapi.cn', credential_scopes=["https://management.chinacloudapi.cn/.default"])