无法使用系统分配的托管标识 ID 登录到 Azure
Cannot login to Azure with system assigned managed identity ID
我正在编写一个登录 Azure 的脚本,但我不想明确使用我的密码。因此,我打开了系统分配的托管身份:
现在在 shell 脚本中我这样做:
az login --identity --username xxx
'xxx' is the Object (principal) ID, on the screenshot
当我执行命令时,我得到了这个(用 'xxx' 替换了 ip 和 ID):
Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection.
Error detail: HTTPConnectionPool(host='XXX.XXX.XXX.XXX', port=XX): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&client_id=xxx (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x04B7DB08>:
Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))
编辑:没问题,当我在 Azure 门户上的 Cloud-Shell 中 运行 此命令时。
为什么我无法登录?我错过了什么吗?
系统分配的托管身份无法用于登录。它与您为其创建它的服务明确相关,并不意味着 re-use.
System-assigned. Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD. The identity is tied to the lifecycle of that service instance. When the resource is deleted, Azure automatically deletes the identity for you. By design, only that Azure resource can use this identity to request tokens from Azure AD.
这句话最重要的部分是最后一句话:
By design, only that Azure resource can use this identity to request tokens from Azure AD.
更多信息:What are managed identities for Azure resources?.
还有:
Can’t be shared.
It can only be associated with a single Azure resource.
编辑:
根据您的问题和下面的评论,您可能正在寻找 Service Principal。系统分配或用户分配的托管标识用于 Azure 资源。
Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication.
An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources.
有关服务主体的详细信息,请参阅Create an Azure service principal with the Azure CLI。
我正在编写一个登录 Azure 的脚本,但我不想明确使用我的密码。因此,我打开了系统分配的托管身份:
现在在 shell 脚本中我这样做:
az login --identity --username xxx
'xxx' is the Object (principal) ID, on the screenshot
当我执行命令时,我得到了这个(用 'xxx' 替换了 ip 和 ID):
Failed to connect to MSI. Please make sure MSI is configured correctly and check the network connection.
Error detail: HTTPConnectionPool(host='XXX.XXX.XXX.XXX', port=XX): Max retries exceeded with url: /metadata/identity/oauth2/token?resource=https%3A%2F%2Fmanagement.core.windows.net%2F&api-version=2018-02-01&client_id=xxx (Caused by NewConnectionError('<urllib3.connection.HTTPConnection object at 0x04B7DB08>:
Failed to establish a new connection: [WinError 10060] A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond'))
编辑:没问题,当我在 Azure 门户上的 Cloud-Shell 中 运行 此命令时。
为什么我无法登录?我错过了什么吗?
系统分配的托管身份无法用于登录。它与您为其创建它的服务明确相关,并不意味着 re-use.
System-assigned. Some Azure services allow you to enable a managed identity directly on a service instance. When you enable a system-assigned managed identity, an identity is created in Azure AD. The identity is tied to the lifecycle of that service instance. When the resource is deleted, Azure automatically deletes the identity for you. By design, only that Azure resource can use this identity to request tokens from Azure AD.
这句话最重要的部分是最后一句话:
By design, only that Azure resource can use this identity to request tokens from Azure AD.
更多信息:What are managed identities for Azure resources?.
还有:
Can’t be shared.
It can only be associated with a single Azure resource.
编辑:
根据您的问题和下面的评论,您可能正在寻找 Service Principal。系统分配或用户分配的托管标识用于 Azure 资源。
Managed identities provide an identity for applications to use when connecting to resources that support Azure AD authentication.
An Azure service principal is an identity created for use with applications, hosted services, and automated tools to access Azure resources.
有关服务主体的详细信息,请参阅Create an Azure service principal with the Azure CLI。