由于 AuthorizationPermissionMismatch,无法使用 python 对 ADLS 进行身份验证

【问题标题】:Unable to authenticate to ADLS using python due to AuthorizationPermissionMismatch由于 AuthorizationPermissionMismatch,无法使用 python 对 ADLS 进行身份验证
【发布时间】:2021-05-27 03:03:59
【问题描述】:

我正在使用下面的 python 身份验证脚本使用服务主体详细信息连接到 ADLS,但它一直抛出异常:azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.

分配给我的角色是“存储 blob 数据所有者”,但不确定缺少什么?

Python 代码:

from azure.storage.filedatalake import DataLakeServiceClient
from azure.identity import ClientSecretCredential

TENANT_ID = 'XXXXXXXXXX'
CLIENT_ID = 'XXXXXXXXXX'
CLIENT_SECRET = 'XXXXXXXXXX'
STORAGE_ACCOUNT_NAME = 'XXXXXXXXXX'

credential = ClientSecretCredential(TENANT_ID, CLIENT_ID, CLIENT_SECRET)
service_client = DataLakeServiceClient(account_url="{}://{}.dfs.core.windows.net".format(
        "https", STORAGE_ACCOUNT_NAME), credential=credential)
print(service_client.primary_endpoint) # Can see the primary endpoint. 
file_system_client = service_client.get_file_system_client("my-container")
file_system_client.create_directory("test-dir") #Throwing the (AuthorizationPermissionMismatch) error.
print("test directory created.")

完整跟踪:

Traceback (most recent call last):
  File "/home//lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py", line 200, in _create
    return self._client.path.create(**options)
  File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_generated/operations/_path_operations.py", line 248, in create
    raise HttpResponseError(response=response, model=error)
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
RequestId:80605399-e01f-0038-2cd2-0a4210000000
Time:2021-02-24T17:25:49.0969802Z

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "adls_client.py", line 30, in <module>
    file_system_client.create_directory("test-dir")
  File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_file_system_client.py", line 540, in create_directory
    directory_client.create_directory(metadata=metadata, **kwargs)
  File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_data_lake_directory_client.py", line 160, in create_directory
    return self._create('directory', metadata=metadata, **kwargs)
  File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py", line 202, in _create
    process_storage_error(error)
  File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_deserialize.py", line 150, in process_storage_error
    raise error
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.

【问题讨论】:

  • 你的代码没问题。但是RBAC角色不会立即生效,需要等待一段时间。一段时间后它应该工作。您现在可以重现您的错误吗?
  • 嗨,有更新吗?

标签: python authentication azure-storage azure-blob-storage azure-data-lake


【解决方案1】:

我可以重现你的错误:

我很确定您的代码没有问题,而且,Storage blob data owner 是您的 AD 应用程序的正确 RBAC 角色。我想可能问题出在RBAC角色没有立即生效,你需要等待一段时间。然后它应该可以工作了。

【讨论】:

    猜你喜欢
    • 1970-01-01
    • 2021-03-15
    • 2013-05-30
    • 1970-01-01
    • 1970-01-01
    • 2019-05-11
    • 1970-01-01
    • 1970-01-01
    • 2011-08-04
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode