如何使用 Python 获取 Azure 的所有存储帐户名称及其访问密钥

Question

我无法读取所有 azure 存储帐户名称和密钥。

AZURE_TENANT_ID = '<string>'
AZURE_CLIENT_ID = '<string>'
AZURE_CLIENT_SECRET = '<string>'
AZURE_SUBSCRIPTION_ID = '<string>'
import os
from azure.common.credentials import ServicePrincipalCredentials
from azure.mgmt.resource import ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import (
     StorageAccountCreateParameters,
     StorageAccountUpdateParameters,
     Sku,
     SkuName,
     Kind
    )

subscription_id = AZURE_SUBSCRIPTION_ID # your Azure Subscription Id
credentials = ServicePrincipalCredentials(
client_id=AZURE_CLIENT_ID,
secret=AZURE_CLIENT_SECRET,
tenant=AZURE_TENANT_ID
)
resource_client = ResourceManagementClient(credentials, subscription_id)
storage_client = StorageManagementClient(credentials, subscription_id)
print(resource_client,storage_client)
# Retrieve the list of resource groups
for item in storage_client.storage_accounts.list():
    print_item(item)

在这段代码之后我得到了这个错误

AttributeError: 'ServicePrincipalCredentials' object has no attribute 'get_token'

在调试时我发现“storage_client.storage_accounts.list()”这个语句返回 azure.core.paging.ItemPaged 类的迭代器对象并且它一直返回相同的对象

请帮帮我

Answer 1

我们创建了以下 python 脚本来提取特定订阅下的存储帐户列表及其各自的访问密钥。

在下面的代码中，我们使用了azure.identity 下的ClientSecretCredential 库，而不是 ServicePrincipalCredentials，后者是一个较新的库，用于使用基于Azure documentation 的令牌凭据进行身份验证。

这是python代码：

AZURE_TENANT_ID  =  '<tenantid>'
AZURE_CLIENT_ID  =  '<clientid>'
AZURE_CLIENT_SECRET  =  '<clientsecret>'
AZURE_SUBSCRIPTION_ID  =  '<subscriptionid>'
    
import  os
from  azure.identity  import  ClientSecretCredential
from  azure.mgmt.resource  import  ResourceManagementClient
from azure.mgmt.storage import StorageManagementClient
from azure.mgmt.storage.models import  (StorageAccountCreateParameters,StorageAccountUpdateParameters,
Sku,SkuName,Kind)
    
subscription_id  =  AZURE_SUBSCRIPTION_ID  # your Azure Subscription Id
credentials  =  ClientSecretCredential(tenant_id=AZURE_TENANT_ID,client_id=AZURE_CLIENT_ID,client_secret=AZURE_CLIENT_SECRET)
resource_client  =  ResourceManagementClient(credentials,  subscription_id)
storage_client  = StorageManagementClient(credentials,  subscription_id)
    
# Retrieve the list of resource groups
resourcelist=resource_client.resource_groups.list()
for  item  in  resourcelist:
    for  item1  in  resource_client.resources.list_by_resource_group(item.name):
        if(item1.type=='Microsoft.Storage/storageAccounts'):
            storage_keys  =  storage_client.storage_accounts.list_keys(item.name,  item1.name)
            storage_keys  =  {v.key_name:  v.value for  v  in  storage_keys.keys}
            print(item.name,('\tKey 1: {}'.format(storage_keys['key1'])))
            print(item.name,('\tKey 2: {}'.format(storage_keys['key2'])))

这是输出截图供参考：

注意：

您在上述代码中用于身份验证的服务主体需要具有整个订阅的 RBAC 角色storage Account Contributor。