Compartir a través de

Multinube: Conectar a todas las regiones con las bibliotecas de Azure para Python

  • Artículo

Puede usar las bibliotecas de Azure para Python para conectarse a todas las regiones en las que Azure está disponible.

De forma predeterminada, las bibliotecas de Azure están configuradas para conectarse a la nube global de Azure.

Uso de constantes de nube soberana predefinidas

El módulo de la azure.identity biblioteca proporciona AzureAuthorityHosts constantes de nube soberana predefinidas:

  • AZURE_CHINA
  • AZURE_GOVERNMENT
  • AZURE_PUBLIC_CLOUD

Para usar una definición, importe la constante adecuada desde azure.identity.AzureAuthorityHosts y aplíquela al crear objetos de cliente.

Al usar DefaultAzureCredential, como se muestra en el ejemplo siguiente, puede especificar la nube mediante el valor adecuado de azure.identity.AzureAuthorityHosts.

import os
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient
from azure.identity import DefaultAzureCredential, AzureAuthorityHosts

authority = AzureAuthorityHosts.AZURE_CHINA
resource_manager = "https://management.chinacloudapi.cn"

# Set environment variable AZURE_SUBSCRIPTION_ID as well as environment variables
# for DefaultAzureCredential. For combinations of environment variables, see
# https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#environment-variables
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]

# When using sovereign domains (that is, any cloud other than AZURE_PUBLIC_CLOUD),
# you must use an authority with DefaultAzureCredential.
credential = DefaultAzureCredential(authority=authority)

resource_client = ResourceManagementClient(
    credential, subscription_id,
    base_url=resource_manager,
    credential_scopes=[resource_manager + "/.default"])

subscription_client = SubscriptionClient(
    credential,
    base_url=resource_manager,
    credential_scopes=[resource_manager + "/.default"])

Mediante su propia definición de nube

En el código siguiente, reemplace los valores de las authorityvariables , endpointy audience por los valores adecuados para la nube privada.

import os
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient
from azure.identity import DefaultAzureCredential
from azure.profiles import KnownProfiles

# Set environment variable AZURE_SUBSCRIPTION_ID as well as environment variables
# for DefaultAzureCredential. For combinations of environment variables, see
# https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#environment-variables
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]

authority = "<your authority>"
endpoint = "<your endpoint>"
audience = "<your audience>"

# When using a private cloud, you must use an authority with DefaultAzureCredential.
# The active_directory endpoint should be a URL like https://login.microsoftonline.com.
credential = DefaultAzureCredential(authority=authority)

resource_client = ResourceManagementClient(
    credential, subscription_id,
    base_url=endpoint,
    profile=KnownProfiles.v2019_03_01_hybrid,
    credential_scopes=[audience])

subscription_client = SubscriptionClient(
    credential,
    base_url=endpoint,
    profile=KnownProfiles.v2019_03_01_hybrid,
    credential_scopes=[audience])

Por ejemplo, para Azure Stack, puede usar el comando az cloud show cli para devolver los detalles de una nube registrada. En la salida siguiente se muestran los valores devueltos para la nube pública de Azure, pero la salida de una nube privada de Azure Stack debe ser similar.

{
  "endpoints": {
    "activeDirectory": "https://login.microsoftonline.com",
    "activeDirectoryDataLakeResourceId": "https://datalake.azure.net/",
    "activeDirectoryGraphResourceId": "https://graph.windows.net/",
    "activeDirectoryResourceId": "https://management.core.windows.net/",
    "appInsightsResourceId": "https://api.applicationinsights.io",
    "appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.azure.com/v2/track",
    "attestationResourceId": "https://attest.azure.net",
    "azmirrorStorageAccountResourceId": null,
    "batchResourceId": "https://batch.core.windows.net/",
    "gallery": "https://gallery.azure.com/",
    "logAnalyticsResourceId": "https://api.loganalytics.io",
    "management": "https://management.core.windows.net/",
    "mediaResourceId": "https://rest.media.azure.net",
    "microsoftGraphResourceId": "https://graph.microsoft.com/",
    "ossrdbmsResourceId": "https://ossrdbms-aad.database.windows.net",
    "portal": "https://portal.azure.com",
    "resourceManager": "https://management.azure.com/",
    "sqlManagement": "https://management.core.windows.net:8443/",
    "synapseAnalyticsResourceId": "https://dev.azuresynapse.net",
    "vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/arm-compute/quickstart-templates/aliases.json"
  },
  "isActive": true,
  "name": "AzureCloud",
  "profile": "latest",
  "suffixes": {
    "acrLoginServerEndpoint": ".azurecr.io",
    "attestationEndpoint": ".attest.azure.net",
    "azureDatalakeAnalyticsCatalogAndJobEndpoint": "azuredatalakeanalytics.net",
    "azureDatalakeStoreFileSystemEndpoint": "azuredatalakestore.net",
    "keyvaultDns": ".vault.azure.net",
    "mariadbServerEndpoint": ".mariadb.database.azure.com",
    "mhsmDns": ".managedhsm.azure.net",
    "mysqlServerEndpoint": ".mysql.database.azure.com",
    "postgresqlServerEndpoint": ".postgres.database.azure.com",
    "sqlServerHostname": ".database.windows.net",
    "storageEndpoint": "core.windows.net",
    "storageSyncEndpoint": "afs.azure.net",
    "synapseAnalyticsEndpoint": ".dev.azuresynapse.net"
  }
}

En el código anterior, puede establecer authority en el valor de la endpoints.activeDirectory propiedad , endpoint en el valor de la endpoints.resourceManager propiedad y audience en el valor de endpoints.activeDirectoryResourceId property + ".default".

Para más información, consulte Uso de la CLI de Azure con Azure Stack Hub y Obtención de información de autenticación para Azure Stack Hub.