英文:
Does Azure trial version support , REST api for event query?
问题
我已经创建了Azure的试用账户(默认目录)。
用于身份验证的端点-1如下,在身份验证后,当我尝试使用下面的REST API访问Azure的活动日志时,出现了以下错误:
错误:{ "error": { "code":"AuthorizationFailed","message":"客户端'52822c14-3f4a-4273-ad38-b1c746f1fbd9'的对象ID'52822c14-3f4a-4273-ad38-b1c746f1fbd9'无权执行动作'microsoft.insights/eventtypes/values/read'在范围'/subscriptions/0b618ac0-b3e7-49f3-9205-07660b77252d'上,或者范围无效。如果最近授予了访问权限,请刷新您的凭据。" } }
身份验证URL(端点-1):https://login.windows.net/****************/oauth2/token
活动日志API(端点-2):https://management.azure.com/subscriptions/*******************/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2020-01-01T20:00:00Z'
英文:
I have created trail account with Azure (Default directory).
For authentication I'm using the below endpoint-1 ,after authentication when I was trying for an access for activity logs of Azure using REST API mentioned below endpoint-2.
So I'm getting an error :
ERROR : { "error": { "code": "AuthorizationFailed", "message": "The client '52822c14-3f4a-4273-ad38-b1c746f1fbd9' with object id '52822c14-3f4a-4273-ad38-b1c746f1fbd9' does not have authorization to perform action 'microsoft.insights/eventtypes/values/read' over scope '/subscriptions/0b618ac0-b3e7-49f3-9205-07660b77252d' or the scope is invalid. If access was recently granted, please refresh your credentials." } }
Auth URL(endpoint-1) : https://login.windows.net/****************/oauth2/token
ActivityLog API (endpoint-2) : https://management.azure.com/subscriptions/*******************/providers/microsoft.insights/eventtypes/management/values?api-version=2015-04-01&$filter=eventTimestamp ge '2020-01-01T20:00:00Z'
答案1
得分: 0
根据您的异常信息,很明显您的应用程序:52822c14-3f4a-4273-ad38-b1c746f1fbd9
没有权限来拉取您的Azure订阅的活动日志。我也在我的环境中复现了这个问题。
要解决这个问题,您应该分配一个适当的Azure订阅角色,该角色具有拉取日志的权限。例如,如果您只想使用这个应用程序来拉取日志,您可以在Azure门户上为它分配"Reader"角色:
(插入第一个图片链接)
(插入第二个图片链接)
完成这一步后,获取一个新的访问令牌,然后您就可以拉取您所需的日志:
(插入第三个图片链接)
如果您有任何进一步的疑虑,请随时告诉我。
英文:
Based on your exception info, it is obvious that your app: 52822c14-3f4a-4273-ad38-b1c746f1fbd9
has no permission to pull activity logs of your Azure subscription. I can repro this issue on my side too.
To solve this issue, you should assign a proper Azure subscription Role which has permission to pull logs. For instance, if you just want to pull logs using this app , you can assign Reader Role to it on Azure portal:
With this step is done, get a new access token and you can pull the logs you need :
If you have any further concerns , pls feel free to let me know .
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论