Azure Functions 中的凭据,传递一个凭据还是根据需要调用?

Credentials in Azure Functions, pass one credential around or call as needed?

我的持久功能应用程序中出现间歇性凭据问题。

ManagedIdentityCredential will use App Service managed identity

EnvironmentCredential.get_token failed: EnvironmentCredential authentication unavailable. Environment variables are not fully configured.

DefaultAzureCredential - EnvironmentCredential is unavailable

在每个 activity 中我调用 DefaultAzureCredential

# some activity function
from azure.identity import DefaultAzureCredential

credential = DefaultAzureCredential()

def my_func()...

在我的 orchestrator 中创建一个凭据,一次,然后将其传递到我的活动中会更好吗?我也在使用系统分配的标识,所以我应该使用 ManagedIdentityCredential 来避免经常检查 DefaultAzureCredential 吗?

from azure.identity import ManagedIdentityCredential
import azure.durable_functions as df


def orchestrator_function(context: df.DurableOrchestrationContext):
    
    # Create the credentials
    credentials = ManagedIdentityCredential()

    # Pass it to my activity instead of my activity creating its own
    activity = yield context.call_activity("my_activity", credentials)

Would it be better to create a credential in my orchestrator, once, and pass it around to my activities?

据我了解,如果你的Orchestrator function多次调用Activity function,最好在Orchestrator function中传递Credential;如果只调用一次,我认为在Activity function.

中创建一个Credential是一样的

I am also using system assigned identity, so should I use ManagedIdentityCredential instead to avoid the constant checks DefaultAzureCredential does?

如果使用System assigned identity,可以直接使用ManagedIdentityCredential,因为DefaultAzureCredential会检查多个身份,直到其中一个提供token。

为了更好的理解,可以参考这个official document.

EnvironmentCredential is unavailable 是由于 DefaultAzureRedential 未能从 EnvironmentCredential 请求令牌造成的,这是预期的结果。