HttpResponseError: 此请求未获授权以使用Python Azure Function中的此权限执行此操作

huangapple go评论108阅读模式
英文:

HttpResponseError: This request is not authorized to perform this operation using this permission in Python Azure Function

问题

  • Python 3.11 - Azure Function - Http 触发器
  • 功能性 - (包使用 - Pandas、Numpy、dateutil),列出 blob
  • IDE - VS Code

local.settings.json:

{
  "IsEncrypted": false,
  "Values": {
    "AzureWebJobsStorage": "<storage-acc-conn-str>",
    "FUNCTIONS_WORKER_RUNTIME": "python"
  }
}

init.py:

import logging
import azure.functions as func

import pandas as pd  
import numpy as np

# 从 datetime 模块导入方法作为基础。  
import datetime  
# 从 dateutil 子类中导入多个方法。  
from dateutil.relativedelta import *  
from dateutil.easter import *  
from dateutil.parser import *  
from dateutil.rrule import *

from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient

def main(req: func.HttpRequest) -> func.HttpResponse:
    logging.info('Python HTTP 触发函数处理了一个请求。')
    # Pandas 包的代码
    info = np.array(['P','a','n','d','a','s'])  
    a = pd.Series(info)
    print(a)
    
    # 创建一些 datetime 对象  
    present_datetime = datetime.datetime.now()  
    print("当前 datetime:", present_datetime)  
    present_date = datetime.date.today()  
    print("当前日期:", present_date)  
    
    account_url = "https://<storageaccname>.blob.core.windows.net"
    default_credential = DefaultAzureCredential()

    # 创建 BlobServiceClient 对象
    blob_service_client = BlobServiceClient(account_url, credential=default_credential)
    container_client = blob_service_client.get_container_client("textfilescontainer")
    print("\n列出 blobs...")

    # 列出容器中的 blobs
    blob_list = container_client.list_blobs()
    for blob in blob_list:
        print("\t" + blob.name)
    
    return func.HttpResponse("Hello Hasher,这个 HTTP 触发函数成功执行了。")

requirements.txt:

azure-functions
numpy
pandas
python-dateutil
azure.storage.blob
azure.identity

分配给订阅和存储账户的角色:

HttpResponseError: 此请求未获授权以使用Python Azure Function中的此权限执行此操作

结果:

有关详细输出,请使用 --verbose 标志运行 func。
[2023-06-06T08:04:10.811Z] 工作进程已启动并初始化。
[2023-06-06T08:04:12.391Z] 正在执行 'Functions.HttpTrigger1' (原因='通过主机 API 以编程方式调用此函数。', 
Id=<alphanumericid)
[2023-06-06T08:04:12.462Z] 未找到环境配置。
[2023-06-06T08:04:12.462Z] Python HTTP 触发函数处理了一个请求。
[2023-06-06T08:04:12.462Z] ManagedIdentityCredential 将使用 IMDS
[2023-06-06T08:04:12.462Z] 请求 URL: 'http://ipaddr/metadata/identity/oauth2/token?api-version=REDACTED&amp;resource=REDACTED' 请求方法: 'GET'
请求头:
    'User-Agent': 'azsdk-python-identity/1.13.0 Python/3.11.3 (Windows-10-10.0.)'
请求中没有附加正文
[2023-06-06T08:04:15.368Z] 主机锁定租约已由实例 ID 'alphanumericid' 获取。
[2023-06-06T08:04:16.781Z] DefaultAzureCredential 从 AzurePowerShellCredential 获取了令牌
[2023-06-06T08:04:16.782Z] 请求 URL: 'https://storageaccountname.blob.core.windows.net/textfilescontainer?restype=REDACTED&amp;comp=REDACTED'  
请求方法: 'GET'
请求头:
    'x-ms-version': 'REDACTED'
    'Accept': 'application/xml'
    'User-Agent': 'azsdk-python-storage-blob/12.16.0 Python/3.11.3 (Windows-10-10.0.
    'x-ms-date': 'REDACTED'
    'x-ms-client-request-id': 'alphanumericid'
    'Authorization': 'REDACTED'
请求中没有附加正文
[2023-06-06T08:04:17.175Z] 响应状态: 403
响应头:
    'Content-Length': '279'
    'Content-Type': 'application/xml'
    'Server': 'Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0'
    'x-ms-request-id': 'alphanumericid'
    'x-ms-client-request-id': 'alphanumericid'
    'x-ms-version': 'REDACTED'
    'x-ms-error-code': 'AuthorizationPermissionMismatch'
    'Date': 'Tue, 06 Jun 2023 08:04:16 GMT'
[2023-06-06T08:04:17.232Z] 执行 'Functions.HttpTrigger1' (失败,Id=alphanumericid,持续时间=4852毫秒)
[2023-06-06T08:04:17.234Z] System.Private.CoreLib: 在执行函数时出现异常:Functions.HttpTrigger1。 System.Private.CoreLib: 结果:失败
异常:HttpResponseError:无权使用此权限执行此操作。

我尝试了这个SO 线程中提供的解决方案,但仍然不起作用。

是否有人能够确定我遗漏了什么?

英文:
  • Python 3.11 - Azure Function - Http Trigger
  • Functionality - (packages utilization - Pandas, Numpy, dateutil), Listing blobs
  • IDE - VS Code

local.settings.json:

{
  &quot;IsEncrypted&quot;: false,
  &quot;Values&quot;: {
    &quot;AzureWebJobsStorage&quot;: &quot;&lt;storage-acc-conn-str&gt;&quot;,
    &quot;FUNCTIONS_WORKER_RUNTIME&quot;: &quot;python&quot;
  }
}

init.py:

import logging
import azure.functions as func

import pandas as pd  
import numpy as np

# importing methods from the datetime module as a base.  
import datetime  
# importing several methods from the dateutil subclasses.  
from dateutil.relativedelta import *  
from dateutil.easter import *  
from dateutil.parser import *  
from dateutil.rrule import *

from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient

def main(req: func.HttpRequest) -&gt; func.HttpResponse:
    logging.info(&#39;Python HTTP trigger function processed a request.&#39;)
    # Code for Pandas Package
    info = np.array([&#39;P&#39;,&#39;a&#39;,&#39;n&#39;,&#39;d&#39;,&#39;a&#39;,&#39;s&#39;])  
    a = pd.Series(info)
    print(a)
    
    
    # Creating some datetime objects  
    present_datetime = datetime.datetime.now()  
    print(&quot;The Present datetime:&quot;, present_datetime)  
    present_date = datetime.date.today()  
    print(&quot;The Present date:&quot;, present_date)  
    
    account_url = &quot;https://&lt;storageaccname&gt;.blob.core.windows.net&quot;
    default_credential = DefaultAzureCredential()

    # Create the BlobServiceClient object
    blob_service_client = BlobServiceClient(account_url, credential=default_credential)
    container_client = blob_service_client.get_container_client(&quot;textfilescontainer&quot;)
    print(&quot;\nListing blobs...&quot;)

    # List the blobs in the container
    blob_list = container_client.list_blobs()
    for blob in blob_list:
        print(&quot;\t&quot; + blob.name)
    
    
    
    return func.HttpResponse(f&quot;Hello Hasher, This HTTP triggered function executed successfully.&quot;)

requirements.txt:

azure-functions
numpy
pandas
python-dateutil
azure.storage.blob
azure.identity

Role Assignments to the Subscription and Storage Account:

HttpResponseError: 此请求未获授权以使用Python Azure Function中的此权限执行此操作

Result:

For detailed output, run func with --verbose flag.
[2023-06-06T08:04:10.811Z] Worker process started and initialized.
[2023-06-06T08:04:12.391Z] Executing &#39;Functions.HttpTrigger1&#39; (Reason=&#39;This function was programmatically called via the host APIs.&#39;, 
Id=&lt;alphanumericid)
[2023-06-06T08:04:12.462Z] No environment configuration found.
[2023-06-06T08:04:12.462Z] Python HTTP trigger function processed a request.
[2023-06-06T08:04:12.462Z] ManagedIdentityCredential will use IMDS
[2023-06-06T08:04:12.462Z] Request URL: &#39;http://ipaddr/metadata/identity/oauth2/token?api-version=REDACTED&amp;resource=REDACTED&#39;Request method: &#39;GET&#39;
Request headers:
    &#39;User-Agent&#39;: &#39;azsdk-python-identity/1.13.0 Python/3.11.3 (Windows-10-10.0.)&#39;
No body was attached to the request
[2023-06-06T08:04:15.368Z] Host lock lease acquired by instance ID &#39;alphanumericid&#39;.
[2023-06-06T08:04:16.781Z] DefaultAzureCredential acquired a token from AzurePowerShellCredential
[2023-06-06T08:04:16.782Z] Request URL: &#39;https://storageaccountname.blob.core.windows.net/textfilescontainer?restype=REDACTED&amp;comp=REDACTED&#39;  
Request method: &#39;GET&#39;
Request headers:
    &#39;x-ms-version&#39;: &#39;REDACTED&#39;
    &#39;Accept&#39;: &#39;application/xml&#39;
    &#39;User-Agent&#39;: &#39;azsdk-python-storage-blob/12.16.0 Python/3.11.3 (Windows-10-10.0.
    &#39;x-ms-date&#39;: &#39;REDACTED&#39;
    &#39;x-ms-client-request-id&#39;: &#39;alphanumericid&#39;
    &#39;Authorization&#39;: &#39;REDACTED&#39;
No body was attached to the request
[2023-06-06T08:04:17.175Z] Response status: 403
Response headers:
    &#39;Content-Length&#39;: &#39;279&#39;
    &#39;Content-Type&#39;: &#39;application/xml&#39;
    &#39;Server&#39;: &#39;Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0&#39;
    &#39;x-ms-request-id&#39;: &#39;alphanumericid&#39;
    &#39;x-ms-client-request-id&#39;: &#39;alphanumericid&#39;
    &#39;x-ms-version&#39;: &#39;REDACTED&#39;
    &#39;x-ms-error-code&#39;: &#39;AuthorizationPermissionMismatch&#39;
    &#39;Date&#39;: &#39;Tue, 06 Jun 2023 08:04:16 GMT&#39;
[2023-06-06T08:04:17.232Z] Executed &#39;Functions.HttpTrigger1&#39; (Failed, Id=alphanumericid, Duration=4852ms)
[2023-06-06T08:04:17.234Z] System.Private.CoreLib: Exception while executing function: Functions.HttpTrigger1. System.Private.CoreLib: Result: Failure
Exception: HttpResponseError: This request is not authorized to perform this operation using this permission.

I tried the solution given in this SO Thread but still not working.

Could anyone identify what I'm missing?

答案1

得分: 0

请查看您使用的登录用户的用户主体名称,位于Azure Active Directory的用户列表中。

您必须使用在您的Azure AD域中创建的用户执行所有这些开发操作。例如:[userhasher@hashorg.onmicrosoft.com]。此UPN(用户主体名称)不应包含“#EXT”一词。

英文:

HttpResponseError: 此请求未获授权以使用Python Azure Function中的此权限执行此操作

As you informed in the Comments that the user is Subscription Owner and performing the development operations with the same user, which will not work because that user is an external user.

Check the user principal names of the user you have logged in with, in the Azure Active directory > Users list.

You can and have to perform all these development operations with the user created in your Azure AD domain. For example: `[userhasher@hashorg.onmicrosoft.com]. This UPN (User Principal Name) shouldn't include #EXT word in it.

huangapple
  • 本文由 发表于 2023年6月6日 16:20:10
  • 转载请务必保留本文链接:https://go.coder-hub.com/76412683.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定