如何解决由于 AuthorizationPermissionMismatch,无法使用 python 对 ADLS 进行身份验证
我正在使用以下 python 身份验证脚本通过服务主体详细信息连接到 ADLS,但它不断抛出异常:azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
分配给我的角色是“存储 blob 数据所有者”,但不确定缺少什么?
Python 代码:
from azure.storage.filedatalake import DataLakeServiceClient
from azure.identity import ClientSecretCredential
TENANT_ID = 'XXXXXXXXXX'
CLIENT_ID = 'XXXXXXXXXX'
CLIENT_SECRET = 'XXXXXXXXXX'
STORAGE_ACCOUNT_NAME = 'XXXXXXXXXX'
credential = ClientSecretCredential(TENANT_ID,CLIENT_ID,CLIENT_SECRET)
service_client = DataLakeServiceClient(account_url="{}://{}.dfs.core.windows.net".format(
"https",STORAGE_ACCOUNT_NAME),credential=credential)
print(service_client.primary_endpoint) # Can see the primary endpoint.
file_system_client = service_client.get_file_system_client("my-container")
file_system_client.create_directory("test-dir") #Throwing the (AuthorizationPermissionMismatch) error.
print("test directory created.")
完整跟踪:
Traceback (most recent call last):
File "/home//lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py",line 200,in _create
return self._client.path.create(**options)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_generated/operations/_path_operations.py",line 248,in create
raise HttpResponseError(response=response,model=error)
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
RequestId:80605399-e01f-0038-2cd2-0a4210000000
Time:2021-02-24T17:25:49.0969802Z
During handling of the above exception,another exception occurred:
Traceback (most recent call last):
File "adls_client.py",line 30,in <module>
file_system_client.create_directory("test-dir")
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_file_system_client.py",line 540,in create_directory
directory_client.create_directory(metadata=metadata,**kwargs)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_data_lake_directory_client.py",line 160,in create_directory
return self._create('directory',metadata=metadata,**kwargs)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_path_client.py",line 202,in _create
process_storage_error(error)
File "/home/lib/python3.5/site-packages/azure/storage/filedatalake/_deserialize.py",line 150,in process_storage_error
raise error
azure.core.exceptions.HttpResponseError: (AuthorizationPermissionMismatch) This request is not authorized to perform this operation using this permission.
解决方法
我可以重现您的错误:
我很确定您的代码没有问题,而且 Storage blob data owner
是您的 AD 应用程序的正确 RBAC 角色。我想可能问题出在 RBAC 角色没有立即生效,需要等待一段时间。然后它应该可以工作了。
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。