Python azure.identity 中 AADCredentials 的替代方案
Alternative to AADCredentials in Python azure.identity
我之前使用过 Azure Python SDK 模块 AADCredentials 对来自 azure-mgmt-resource 的 SubscriptionClient 等客户端进行身份验证。随着 azure-identity 的推出,我发现我无法将 AADCredentials 与 azure-identity 客户端(例如 SecretClient)一起使用来访问 KeyVault。
简而言之,我试图找出一种方法,使用外部生成的身份验证令牌为服务主体创建一个 SecretClient 可以使用的凭证,而无需重写 AADCredentials 来添加 get_token 方法
例如
from azure.keyvault.secrets import SecretClient
from msrestazure.azure_active_directory import AADTokenCredentials
token={'tokenType':'Bearer','accessToken':'BLAH'}
client_id='123'
cred=AADTokenCredentials(cred,client_id=client_id)
secret_client=SecretClient(vault_url=vault_url, credential=creds)
#Errors with 'AADTokenCredentials has no attribute 'get_token'
retrieved_secret=secret_client.get_secret('secretname')
我正在尝试这样做,以便 Python 无法访问服务主体证书,因此无法将其与密码一起复制到其他地方。
如有任何想法,我们将不胜感激
azure-identity 不包含等效的凭据,但有一个示例演示了如何编写执行相同操作的自定义凭据(来自 custom credentials sample):
from azure.core.credentials import AccessToken
class StaticTokenCredential(object):
"""Authenticates with a previously acquired access token
Note that an access token is valid only for certain resources and eventually expires.
This credential is therefore quite limited. An application using it must ensure
the token is valid and contains all claims required by any service client given an
instance of this credential.
"""
def __init__(self, access_token):
# type: (Union[str, AccessToken]) -> None
if isinstance(access_token, AccessToken):
self._token = access_token
else:
# Setting expires_on in the past causes Azure SDK clients to call
# get_token every time they need a token. You could adapt this class
# to use the token's actual expires_on value, if you know it.
self._token = AccessToken(token=access_token, expires_on=0)
def get_token(self, *scopes, **kwargs):
# type: (*str, **Any) -> AccessToken
return self._token
我之前使用过 Azure Python SDK 模块 AADCredentials 对来自 azure-mgmt-resource 的 SubscriptionClient 等客户端进行身份验证。随着 azure-identity 的推出,我发现我无法将 AADCredentials 与 azure-identity 客户端(例如 SecretClient)一起使用来访问 KeyVault。 简而言之,我试图找出一种方法,使用外部生成的身份验证令牌为服务主体创建一个 SecretClient 可以使用的凭证,而无需重写 AADCredentials 来添加 get_token 方法 例如
from azure.keyvault.secrets import SecretClient
from msrestazure.azure_active_directory import AADTokenCredentials
token={'tokenType':'Bearer','accessToken':'BLAH'}
client_id='123'
cred=AADTokenCredentials(cred,client_id=client_id)
secret_client=SecretClient(vault_url=vault_url, credential=creds)
#Errors with 'AADTokenCredentials has no attribute 'get_token'
retrieved_secret=secret_client.get_secret('secretname')
我正在尝试这样做,以便 Python 无法访问服务主体证书,因此无法将其与密码一起复制到其他地方。
如有任何想法,我们将不胜感激
azure-identity 不包含等效的凭据,但有一个示例演示了如何编写执行相同操作的自定义凭据(来自 custom credentials sample):
from azure.core.credentials import AccessToken
class StaticTokenCredential(object):
"""Authenticates with a previously acquired access token
Note that an access token is valid only for certain resources and eventually expires.
This credential is therefore quite limited. An application using it must ensure
the token is valid and contains all claims required by any service client given an
instance of this credential.
"""
def __init__(self, access_token):
# type: (Union[str, AccessToken]) -> None
if isinstance(access_token, AccessToken):
self._token = access_token
else:
# Setting expires_on in the past causes Azure SDK clients to call
# get_token every time they need a token. You could adapt this class
# to use the token's actual expires_on value, if you know it.
self._token = AccessToken(token=access_token, expires_on=0)
def get_token(self, *scopes, **kwargs):
# type: (*str, **Any) -> AccessToken
return self._token