Python 无法使用系统分配的标识从Azure容器实例访问Azure Vault_Python_Azure_Azure Container Instances_Azure Managed Identity

Python 无法使用系统分配的标识从Azure容器实例访问Azure Vault

python azure

Python 无法使用系统分配的标识从Azure容器实例访问Azure Vault,python,azure,azure-container-instances,azure-managed-identity,Python,Azure,Azure Container Instances,Azure Managed Identity,我无法从部署到具有系统管理标识的专用网络中的Azure容器实例访问vault。如果我使用服务主体通过将环境变量传递给容器来访问vault，那么我的代码可以正常工作我的代码： import os from azure.keyvault.secrets import SecretClient from azure.identity import DefaultAzureCredential keyVaultName = 'XXXXXXX' KVUri = "https://" + keyVa

我无法从部署到具有系统管理标识的专用网络中的Azure容器实例访问vault。如果我使用服务主体通过将环境变量传递给容器来访问vault，那么我的代码可以正常工作

我的代码：

import os
from azure.keyvault.secrets import SecretClient
from azure.identity import DefaultAzureCredential

keyVaultName = 'XXXXXXX'
KVUri = "https://" + keyVaultName + ".vault.azure.net"

credential = DefaultAzureCredential()
client = SecretClient(vault_url=KVUri, credential=credential)

def secretVal(name):
    logging.debug("Retriving the secret from vault for %s", name)
    val = client.get_secret(name)
    return val.value

错误

2020-05-21:02:09:37,349 INFO     [_universal.py:412] Request URL: 'http://169.254.169.254/metadata/identity/oauth2/token'
2020-05-21:02:09:37,349 INFO     [_universal.py:413] Request method: 'GET'
2020-05-21:02:09:37,349 INFO     [_universal.py:414] Request headers:
2020-05-21:02:09:37,349 INFO     [_universal.py:417]     'Metadata': 'REDACTED'
2020-05-21:02:09:37,349 INFO     [_universal.py:417]     'User-Agent': 'azsdk-python-identity/1.3.1 Python/3.8.3 (Linux-4.15.0-1082-azure-x86_64-with-glibc2.2.5)'
2020-05-21:02:09:37,352 DEBUG    [connectionpool.py:226] Starting new HTTP connection (1): 169.254.169.254:80
Traceback (most recent call last):
  File "/usr/local/lib/python3.8/site-packages/azure/identity/_credentials/default.py", line 105, in get_token
    return super(DefaultAzureCredential, self).get_token(*scopes, **kwargs)
  File "/usr/local/lib/python3.8/site-packages/azure/identity/_credentials/chained.py", line 71, in get_token
    raise ClientAuthenticationError(message=error_message)
azure.core.exceptions.ClientAuthenticationError: No credential in this chain provided a token.
Attempted credentials:
        EnvironmentCredential: Incomplete environment configuration. See https://aka.ms/python-sdk-identity#environment-variables for expected environment variables
        ImdsCredential: IMDS endpoint unavailable

这个问题似乎与下面类似

在创建实例时，我尝试使用以下命令暂停元数据服务的代码。但它仍然不起作用

--命令行“/bin/bash-c'sleep 90；/usr/local/bin/python xxxx.py”

不幸的是，Azure容器实例的托管标识在虚拟网络中创建时不受支持。请参阅限制：

不能在部署到的容器组中使用托管标识虚拟网络

虚拟网络中的ACI是当前的预览版本。所有的限制都显示出来了。因此，当它在Vnet中时，使用服务主体进行身份验证，它类似于托管标识，只是以不同的样式显示。

似乎不支持在部署到专用网络的容器实例中使用托管标识？