英文:
HttpResponseError: This request is not authorized to perform this operation using this permission in Python Azure Function
问题
- Python 3.11 - Azure Function - Http 触发器
- 功能性 - (包使用 - Pandas、Numpy、dateutil),列出 blob
- IDE - VS Code
local.settings.json:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "<storage-acc-conn-str>",
"FUNCTIONS_WORKER_RUNTIME": "python"
}
}
init.py:
import logging
import azure.functions as func
import pandas as pd
import numpy as np
# 从 datetime 模块导入方法作为基础。
import datetime
# 从 dateutil 子类中导入多个方法。
from dateutil.relativedelta import *
from dateutil.easter import *
from dateutil.parser import *
from dateutil.rrule import *
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient
def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP 触发函数处理了一个请求。')
# Pandas 包的代码
info = np.array(['P','a','n','d','a','s'])
a = pd.Series(info)
print(a)
# 创建一些 datetime 对象
present_datetime = datetime.datetime.now()
print("当前 datetime:", present_datetime)
present_date = datetime.date.today()
print("当前日期:", present_date)
account_url = "https://<storageaccname>.blob.core.windows.net"
default_credential = DefaultAzureCredential()
# 创建 BlobServiceClient 对象
blob_service_client = BlobServiceClient(account_url, credential=default_credential)
container_client = blob_service_client.get_container_client("textfilescontainer")
print("\n列出 blobs...")
# 列出容器中的 blobs
blob_list = container_client.list_blobs()
for blob in blob_list:
print("\t" + blob.name)
return func.HttpResponse("Hello Hasher,这个 HTTP 触发函数成功执行了。")
requirements.txt:
azure-functions
numpy
pandas
python-dateutil
azure.storage.blob
azure.identity
分配给订阅和存储账户的角色:
结果:
有关详细输出,请使用 --verbose 标志运行 func。
[2023-06-06T08:04:10.811Z] 工作进程已启动并初始化。
[2023-06-06T08:04:12.391Z] 正在执行 'Functions.HttpTrigger1' (原因='通过主机 API 以编程方式调用此函数。',
Id=<alphanumericid)
[2023-06-06T08:04:12.462Z] 未找到环境配置。
[2023-06-06T08:04:12.462Z] Python HTTP 触发函数处理了一个请求。
[2023-06-06T08:04:12.462Z] ManagedIdentityCredential 将使用 IMDS
[2023-06-06T08:04:12.462Z] 请求 URL: 'http://ipaddr/metadata/identity/oauth2/token?api-version=REDACTED&resource=REDACTED' 请求方法: 'GET'
请求头:
'User-Agent': 'azsdk-python-identity/1.13.0 Python/3.11.3 (Windows-10-10.0.)'
请求中没有附加正文
[2023-06-06T08:04:15.368Z] 主机锁定租约已由实例 ID 'alphanumericid' 获取。
[2023-06-06T08:04:16.781Z] DefaultAzureCredential 从 AzurePowerShellCredential 获取了令牌
[2023-06-06T08:04:16.782Z] 请求 URL: 'https://storageaccountname.blob.core.windows.net/textfilescontainer?restype=REDACTED&comp=REDACTED'
请求方法: 'GET'
请求头:
'x-ms-version': 'REDACTED'
'Accept': 'application/xml'
'User-Agent': 'azsdk-python-storage-blob/12.16.0 Python/3.11.3 (Windows-10-10.0.
'x-ms-date': 'REDACTED'
'x-ms-client-request-id': 'alphanumericid'
'Authorization': 'REDACTED'
请求中没有附加正文
[2023-06-06T08:04:17.175Z] 响应状态: 403
响应头:
'Content-Length': '279'
'Content-Type': 'application/xml'
'Server': 'Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0'
'x-ms-request-id': 'alphanumericid'
'x-ms-client-request-id': 'alphanumericid'
'x-ms-version': 'REDACTED'
'x-ms-error-code': 'AuthorizationPermissionMismatch'
'Date': 'Tue, 06 Jun 2023 08:04:16 GMT'
[2023-06-06T08:04:17.232Z] 执行 'Functions.HttpTrigger1' (失败,Id=alphanumericid,持续时间=4852毫秒)
[2023-06-06T08:04:17.234Z] System.Private.CoreLib: 在执行函数时出现异常:Functions.HttpTrigger1。 System.Private.CoreLib: 结果:失败
异常:HttpResponseError:无权使用此权限执行此操作。
我尝试了这个SO 线程中提供的解决方案,但仍然不起作用。
是否有人能够确定我遗漏了什么?
英文:
- Python 3.11 - Azure Function - Http Trigger
- Functionality - (packages utilization - Pandas, Numpy, dateutil), Listing blobs
- IDE - VS Code
local.settings.json:
{
"IsEncrypted": false,
"Values": {
"AzureWebJobsStorage": "<storage-acc-conn-str>",
"FUNCTIONS_WORKER_RUNTIME": "python"
}
}
init.py:
import logging
import azure.functions as func
import pandas as pd
import numpy as np
# importing methods from the datetime module as a base.
import datetime
# importing several methods from the dateutil subclasses.
from dateutil.relativedelta import *
from dateutil.easter import *
from dateutil.parser import *
from dateutil.rrule import *
from azure.identity import DefaultAzureCredential
from azure.storage.blob import BlobServiceClient, BlobClient, ContainerClient
def main(req: func.HttpRequest) -> func.HttpResponse:
logging.info('Python HTTP trigger function processed a request.')
# Code for Pandas Package
info = np.array(['P','a','n','d','a','s'])
a = pd.Series(info)
print(a)
# Creating some datetime objects
present_datetime = datetime.datetime.now()
print("The Present datetime:", present_datetime)
present_date = datetime.date.today()
print("The Present date:", present_date)
account_url = "https://<storageaccname>.blob.core.windows.net"
default_credential = DefaultAzureCredential()
# Create the BlobServiceClient object
blob_service_client = BlobServiceClient(account_url, credential=default_credential)
container_client = blob_service_client.get_container_client("textfilescontainer")
print("\nListing blobs...")
# List the blobs in the container
blob_list = container_client.list_blobs()
for blob in blob_list:
print("\t" + blob.name)
return func.HttpResponse(f"Hello Hasher, This HTTP triggered function executed successfully.")
requirements.txt:
azure-functions
numpy
pandas
python-dateutil
azure.storage.blob
azure.identity
Role Assignments to the Subscription and Storage Account:
Result:
For detailed output, run func with --verbose flag.
[2023-06-06T08:04:10.811Z] Worker process started and initialized.
[2023-06-06T08:04:12.391Z] Executing 'Functions.HttpTrigger1' (Reason='This function was programmatically called via the host APIs.',
Id=<alphanumericid)
[2023-06-06T08:04:12.462Z] No environment configuration found.
[2023-06-06T08:04:12.462Z] Python HTTP trigger function processed a request.
[2023-06-06T08:04:12.462Z] ManagedIdentityCredential will use IMDS
[2023-06-06T08:04:12.462Z] Request URL: 'http://ipaddr/metadata/identity/oauth2/token?api-version=REDACTED&resource=REDACTED'Request method: 'GET'
Request headers:
'User-Agent': 'azsdk-python-identity/1.13.0 Python/3.11.3 (Windows-10-10.0.)'
No body was attached to the request
[2023-06-06T08:04:15.368Z] Host lock lease acquired by instance ID 'alphanumericid'.
[2023-06-06T08:04:16.781Z] DefaultAzureCredential acquired a token from AzurePowerShellCredential
[2023-06-06T08:04:16.782Z] Request URL: 'https://storageaccountname.blob.core.windows.net/textfilescontainer?restype=REDACTED&comp=REDACTED'
Request method: 'GET'
Request headers:
'x-ms-version': 'REDACTED'
'Accept': 'application/xml'
'User-Agent': 'azsdk-python-storage-blob/12.16.0 Python/3.11.3 (Windows-10-10.0.
'x-ms-date': 'REDACTED'
'x-ms-client-request-id': 'alphanumericid'
'Authorization': 'REDACTED'
No body was attached to the request
[2023-06-06T08:04:17.175Z] Response status: 403
Response headers:
'Content-Length': '279'
'Content-Type': 'application/xml'
'Server': 'Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0'
'x-ms-request-id': 'alphanumericid'
'x-ms-client-request-id': 'alphanumericid'
'x-ms-version': 'REDACTED'
'x-ms-error-code': 'AuthorizationPermissionMismatch'
'Date': 'Tue, 06 Jun 2023 08:04:16 GMT'
[2023-06-06T08:04:17.232Z] Executed 'Functions.HttpTrigger1' (Failed, Id=alphanumericid, Duration=4852ms)
[2023-06-06T08:04:17.234Z] System.Private.CoreLib: Exception while executing function: Functions.HttpTrigger1. System.Private.CoreLib: Result: Failure
Exception: HttpResponseError: This request is not authorized to perform this operation using this permission.
I tried the solution given in this SO Thread but still not working.
Could anyone identify what I'm missing?
答案1
得分: 0
请查看您使用的登录用户的用户主体名称,位于Azure Active Directory的用户列表中。
您必须使用在您的Azure AD域中创建的用户执行所有这些开发操作。例如:[userhasher@hashorg.onmicrosoft.com]。此UPN(用户主体名称)不应包含“#EXT”一词。
英文:
As you informed in the Comments that the user is Subscription Owner and performing the development operations with the same user, which will not work because that user is an external user.
Check the user principal names of the user you have logged in with, in the Azure Active directory > Users list.
You can and have to perform all these development operations with the user created in your Azure AD domain. For example: `[userhasher@hashorg.onmicrosoft.com]. This UPN (User Principal Name) shouldn't include #EXT word in it.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论