此頁面顯示支援的驗證方法和用戶端,並顯示可讓您使用服務連接器將 Azure Cosmos DB for Apache Cassandra 連線至其他雲端服務的範例程式碼。 在未使用服務連接器的情況下,您仍可透過其他程式設計語言連線至 Azure Cosmos DB for Cassandra。 此頁面也顯示您在建立服務連線時取得的預設環境變數名稱和值 (或 Spring Boot 設定)。
支援的計算服務
服務連接器可用來將下列計算服務連線至 Azure Cosmos DB for Apache Cassandra:
- Azure App Service
- Azure 容器應用程式
- Azure Functions
- Azure Kubernetes Service (AKS)
- Azure Spring Apps
支援的驗證類型和用戶端類型
下表說明使用服務連接器將計算服務連線至 Azure Cosmos DB for Apache Cassandra 時,支援哪些用戶端類型和驗證方法的組合。 「是」表示支援的組合,而「否」則表示不支援。
| 用戶端類型 |
系統指派的受控識別 |
使用者指派的受控識別 |
祕密 / 連接字串 |
服務主體 |
| .NET |
Yes |
.是 |
.是 |
Yes |
| Go |
Yes |
.是 |
.是 |
Yes |
| Java |
Yes |
.是 |
.是 |
Yes |
| Java - Spring Boot |
No |
無 |
.是 |
No |
| Node.js |
Yes |
.是 |
.是 |
Yes |
| Python |
Yes |
.是 |
.是 |
Yes |
| 無 |
Yes |
.是 |
.是 |
Yes |
此表指出表中所有用戶端類型和驗證方法的組合均受支援,但 Java - Spring Boot 用戶端類型 (其僅支援秘密/連接字串方法) 除外。 所有其他用戶端類型都可以使用任何驗證方法,使用服務連接器連線至 Azure Cosmos DB for Apache Cassandra。
預設環境變數名稱或應用程式屬性和範例程式碼
根據連線的驗證類型和用戶端類型,參考下表中的連線詳細資料和範例程式碼,將計算服務連線至 Azure Cosmos DB for Apache Cassandra。 如需命名慣例的詳細資訊,請參閱服務連接器內部一文。
系統指派的受控識別
| 預設環境變數名稱 |
描述 |
範例值 |
| AZURE_COSMOS_LISTKEYURL |
要取得連接字串的 URL |
https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15 |
| AZURE_COSMOS_SCOPE |
您的受控識別範圍 |
https://management.azure.com/.default |
| AZURE_COSMOS_RESOURCEENDPOINT |
您的資源端點 |
https://<Azure-Cosmos-DB-account>.documents.azure.com:443/ |
| AZURE_COSMOS_CONTACTPOINT |
Azure Cosmos DB for Apache Cassandra 連絡點 |
<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com |
| AZURE_COSMOS_PORT |
Cassandra 連線連接埠 |
10350 |
| AZURE_COSMOS_KEYSPACE |
Cassandra Keyspace |
<keyspace> |
| AZURE_COSMOS_USERNAME |
Cassandra 使用者名稱 |
<username> |
範例指令碼
請參閱下列步驟和程式碼,使用系統指派的受控識別連線至 Azure Cosmos DB for Cassandra。
安裝相依性
dotnet add package CassandraCSharpDriver --version 3.19.3
dotnet add package Azure.Identity
使用用戶端程式庫 Azure.Identity 取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
using Azure.Identity;
public class Program
{
public static async Task Main()
{
var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// var tokenProvider = new DefaultAzureCredential();
// For user-assigned identity.
// var tokenProvider = new DefaultAzureCredential(
// new DefaultAzureCredentialOptions
// {
// ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// }
// );
// For service principal.
// var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
// var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
// Acquire the access token.
AccessToken accessToken = await tokenProvider.GetTokenAsync(
new TokenRequestContext(scopes: new string[]{ scope }));
// Get the password.
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
var response = await httpClient.POSTAsync(listKeyUrl);
var responseBody = await response.Content.ReadAsStringAsync();
var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
var password = keys["primaryMasterKey"];
// Connect to Azure Cosmos DB for Cassandra
var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
Cluster cluster = Cluster
.Builder()
.WithCredentials(userName, password)
.WithPort(cassandraPort)
.AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
ISession session = await cluster.ConnectAsync();
}
public static bool ValidateServerCertificate
(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
}
在您的 pom.xml 中新增下列相依性:
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-core</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-query-builder</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>com.datastax.cassandra</groupId>
<artifactId>cassandra-driver-extras</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.5</version>
</dependency>
使用 azure-identity,取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
import com.azure.identity.*;
import com.azure.core.credential.*;
import java.net.http.*;
import java.net.URI;
int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
String listKeyUrl = System.getenv("AZURE_COSMOS_LISTKEYURL");
String scope = System.getenv("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
// For user assigned managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
// .managedIdentityClientId(System.getenv("AZURE_COSMOS_CLIENTID"))
// .build();
// For service principal.
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
// .clientId(System.getenv("<AZURE_COSMOS_CLIENTID>"))
// .clientSecret(System.getenv("<AZURE_COSMOS_CLIENTSECRET>"))
// .tenantId(System.getenv("<AZURE_COSMOS_TENANTID>"))
// .build();
// Get the access token.
AccessToken accessToken = defaultCredential.getToken(new TokenRequestContext().addScopes(new String[]{ scope })).block();
String token = accessToken.getToken();
// Get the password.
HttpClient client = HttpClient.newBuilder().build();
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(listKeyUrl))
.header("Authorization", "Bearer " + token)
.POST()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONParser parser = new JSONParser();
JSONObject responseBody = parser.parse(response.body());
String cassandraPassword = responseBody.get("primaryMasterKey");
// Connect to Azure Cosmos DB for Cassandra
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
.addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
.withAuthCredentials(cassandraUsername, cassandraPassword).build();
安裝相依性
pip install Cassandra-driver
pip install pyopenssl
pip install azure-identity
使用 azure-identity 向受控識別或服務主體進行驗證,並向 AZURE_COSMOS_LISTKEYURL 傳送要求以取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
import requests
from azure.identity import ManagedIdentityCredential, ClientSecretCredential
username = os.getenv('AZURE_COSMOS_USERNAME')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
listKeyUrl = os.getenv('AZURE_COSMOS_LISTKEYURL')
scope = os.getenv('AZURE_COSMOS_SCOPE')
# Uncomment the following lines corresponding to the authentication type you want to use.
# For system-assigned managed identity
# cred = ManagedIdentityCredential()
# For user-assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)
# For service principal
# tenant_id = os.getenv('AZURE_COSMOS_TENANTID')
# client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# client_secret = os.getenv('AZURE_COSMOS_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
# Get the password
session = requests.Session()
token = cred.get_token(scope)
response = session.post(listKeyUrl, headers={"Authorization": "Bearer {}".format(token.token)})
keys_dict = response.json()
password = keys_dict['primaryMasterKey']
# Connect to Azure Cosmos DB for Cassandra.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()
安裝相依性。
go get github.com/gocql/gocql
go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/azcore"
在程式碼中,透過 azidentity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import (
"fmt"
"os"
"context"
"log"
"io/ioutil"
"encoding/json"
"github.com/gocql/gocql"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)
func GetSession() *gocql.Session {
cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
listKeyUrl = os.Getenv("AZURE_COSMOS_LISTKEYURL")
scope = os.Getenv("AZURE_COSMOS_SCOPE")
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// cred, err := azidentity.NewDefaultAzureCredential(nil)
// For user-assigned identity.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// azidentity.ManagedIdentityCredentialOptions.ID := clientid
// options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
// cred, err := azidentity.NewManagedIdentityCredential(options)
// For service principal.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// tenantid := os.Getenv("AZURE_COSMOS_TENANTID")
// clientsecret := os.Getenv("AZURE_COSMOS_CLIENTSECRET")
// cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})
// Acquire the access token.
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
Scopes: []string{scope},
})
// Acquire the password.
client := &http.Client{}
req, err := http.NewRequest("POST", listKeyUrl, nil)
req.Header.Add("Authorization", "Bearer " + token.Token)
resp, err := client.Do(req)
body, err := ioutil.ReadAll(resp.Body)
var result map[string]interface{}
json.Unmarshal(body, &result)
cosmosCassandraPassword, err := result["primaryMasterKey"]
// Connect to Azure Cosmos DB for Cassandra
clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
port, err := strconv.Atoi(cosmosCassandraPort)
clusterConfig.Port = port
clusterConfig.ProtoVersion = 4
clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}
session, err := clusterConfig.CreateSession()
return session
}
func main() {
session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
defer session.Close()
...
}
安裝相依性
npm install cassandra-driver
npm install --save @azure/identity
在程式碼中,透過 @azure/identity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";
const cassandra = require("cassandra-driver");
const axios = require('axios');
let username = process.env.AZURE_COSMOS_USERNAME;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let listKeyUrl = process.env.AZURE_COSMOS_LISTKEYURL;
let scope = process.env.AZURE_COSMOS_SCOPE;
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// const credential = new DefaultAzureCredential();
// For user-assigned identity.
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const credential = new DefaultAzureCredential({
// managedIdentityClientId: clientId
// });
// For service principal.
// const tenantId = process.env.AZURE_COSMOS_TENANTID;
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const clientSecret = process.env.AZURE_COSMOS_CLIENTSECRET;
// Acquire the access token.
var accessToken = await credential.getToken(scope);
// Get the password.
const config = {
method: 'post',
url: listKeyUrl,
headers: {
'Authorization': `Bearer ${accessToken.token}`
}
};
const response = await axios(config);
const keysDict = response.data;
const password = keysDict['primaryMasterKey'];
let authProvider = new cassandra.auth.PlainTextAuthProvider(
username,
password
);
let client = new cassandra.Client({
contactPoints: [`${contactPoint}:${port}`],
authProvider: authProvider,
localDataCenter: 'datacenter1',
sslOptions: {
secureProtocol: "TLSv1_2_method"
},
});
client.connect();
使用者指派的受控識別
| 預設環境變數名稱 |
描述 |
範例值 |
| AZURE_COSMOS_LISTKEYURL |
要取得連接字串的 URL |
https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15 |
| AZURE_COSMOS_SCOPE |
您的受控識別範圍 |
https://management.azure.com/.default |
| AZURE_COSMOS_RESOURCEENDPOINT |
您的資源端點 |
https://<Azure-Cosmos-DB-account>.documents.azure.com:443/ |
| AZURE_COSMOS_CONTACTPOINT |
Azure Cosmos DB for Apache Cassandra 連絡點 |
<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com |
| AZURE_COSMOS_PORT |
Cassandra 連線連接埠 |
10350 |
| AZURE_COSMOS_KEYSPACE |
Cassandra Keyspace |
<keyspace> |
| AZURE_COSMOS_USERNAME |
Cassandra 使用者名稱 |
<username> |
| AZURE_COSMOS_CLIENTID |
您的用戶端識別碼 |
<client-ID> |
範例指令碼
請參閱下列步驟和程式碼,透過使用者指派的受控識別連線至 Azure Cosmos DB for Cassandra。
安裝相依性
dotnet add package CassandraCSharpDriver --version 3.19.3
dotnet add package Azure.Identity
使用用戶端程式庫 Azure.Identity 取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
using Azure.Identity;
public class Program
{
public static async Task Main()
{
var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// var tokenProvider = new DefaultAzureCredential();
// For user-assigned identity.
// var tokenProvider = new DefaultAzureCredential(
// new DefaultAzureCredentialOptions
// {
// ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// }
// );
// For service principal.
// var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
// var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
// Acquire the access token.
AccessToken accessToken = await tokenProvider.GetTokenAsync(
new TokenRequestContext(scopes: new string[]{ scope }));
// Get the password.
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
var response = await httpClient.POSTAsync(listKeyUrl);
var responseBody = await response.Content.ReadAsStringAsync();
var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
var password = keys["primaryMasterKey"];
// Connect to Azure Cosmos DB for Cassandra
var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
Cluster cluster = Cluster
.Builder()
.WithCredentials(userName, password)
.WithPort(cassandraPort)
.AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
ISession session = await cluster.ConnectAsync();
}
public static bool ValidateServerCertificate
(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
}
在您的 pom.xml 中新增下列相依性:
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-core</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-query-builder</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>com.datastax.cassandra</groupId>
<artifactId>cassandra-driver-extras</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.5</version>
</dependency>
使用 azure-identity,取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
import com.azure.identity.*;
import com.azure.core.credential.*;
import java.net.http.*;
import java.net.URI;
int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
String listKeyUrl = System.getenv("AZURE_COSMOS_LISTKEYURL");
String scope = System.getenv("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
// For user assigned managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
// .managedIdentityClientId(System.getenv("AZURE_COSMOS_CLIENTID"))
// .build();
// For service principal.
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
// .clientId(System.getenv("<AZURE_COSMOS_CLIENTID>"))
// .clientSecret(System.getenv("<AZURE_COSMOS_CLIENTSECRET>"))
// .tenantId(System.getenv("<AZURE_COSMOS_TENANTID>"))
// .build();
// Get the access token.
AccessToken accessToken = defaultCredential.getToken(new TokenRequestContext().addScopes(new String[]{ scope })).block();
String token = accessToken.getToken();
// Get the password.
HttpClient client = HttpClient.newBuilder().build();
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(listKeyUrl))
.header("Authorization", "Bearer " + token)
.POST()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONParser parser = new JSONParser();
JSONObject responseBody = parser.parse(response.body());
String cassandraPassword = responseBody.get("primaryMasterKey");
// Connect to Azure Cosmos DB for Cassandra
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
.addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
.withAuthCredentials(cassandraUsername, cassandraPassword).build();
安裝相依性
pip install Cassandra-driver
pip install pyopenssl
pip install azure-identity
使用 azure-identity 向受控識別或服務主體進行驗證,並向 AZURE_COSMOS_LISTKEYURL 傳送要求以取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
import requests
from azure.identity import ManagedIdentityCredential, ClientSecretCredential
username = os.getenv('AZURE_COSMOS_USERNAME')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
listKeyUrl = os.getenv('AZURE_COSMOS_LISTKEYURL')
scope = os.getenv('AZURE_COSMOS_SCOPE')
# Uncomment the following lines corresponding to the authentication type you want to use.
# For system-assigned managed identity
# cred = ManagedIdentityCredential()
# For user-assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)
# For service principal
# tenant_id = os.getenv('AZURE_COSMOS_TENANTID')
# client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# client_secret = os.getenv('AZURE_COSMOS_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
# Get the password
session = requests.Session()
token = cred.get_token(scope)
response = session.post(listKeyUrl, headers={"Authorization": "Bearer {}".format(token.token)})
keys_dict = response.json()
password = keys_dict['primaryMasterKey']
# Connect to Azure Cosmos DB for Cassandra.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()
安裝相依性。
go get github.com/gocql/gocql
go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/azcore"
在程式碼中,透過 azidentity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import (
"fmt"
"os"
"context"
"log"
"io/ioutil"
"encoding/json"
"github.com/gocql/gocql"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)
func GetSession() *gocql.Session {
cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
listKeyUrl = os.Getenv("AZURE_COSMOS_LISTKEYURL")
scope = os.Getenv("AZURE_COSMOS_SCOPE")
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// cred, err := azidentity.NewDefaultAzureCredential(nil)
// For user-assigned identity.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// azidentity.ManagedIdentityCredentialOptions.ID := clientid
// options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
// cred, err := azidentity.NewManagedIdentityCredential(options)
// For service principal.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// tenantid := os.Getenv("AZURE_COSMOS_TENANTID")
// clientsecret := os.Getenv("AZURE_COSMOS_CLIENTSECRET")
// cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})
// Acquire the access token.
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
Scopes: []string{scope},
})
// Acquire the password.
client := &http.Client{}
req, err := http.NewRequest("POST", listKeyUrl, nil)
req.Header.Add("Authorization", "Bearer " + token.Token)
resp, err := client.Do(req)
body, err := ioutil.ReadAll(resp.Body)
var result map[string]interface{}
json.Unmarshal(body, &result)
cosmosCassandraPassword, err := result["primaryMasterKey"]
// Connect to Azure Cosmos DB for Cassandra
clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
port, err := strconv.Atoi(cosmosCassandraPort)
clusterConfig.Port = port
clusterConfig.ProtoVersion = 4
clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}
session, err := clusterConfig.CreateSession()
return session
}
func main() {
session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
defer session.Close()
...
}
安裝相依性
npm install cassandra-driver
npm install --save @azure/identity
在程式碼中,透過 @azure/identity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";
const cassandra = require("cassandra-driver");
const axios = require('axios');
let username = process.env.AZURE_COSMOS_USERNAME;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let listKeyUrl = process.env.AZURE_COSMOS_LISTKEYURL;
let scope = process.env.AZURE_COSMOS_SCOPE;
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// const credential = new DefaultAzureCredential();
// For user-assigned identity.
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const credential = new DefaultAzureCredential({
// managedIdentityClientId: clientId
// });
// For service principal.
// const tenantId = process.env.AZURE_COSMOS_TENANTID;
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const clientSecret = process.env.AZURE_COSMOS_CLIENTSECRET;
// Acquire the access token.
var accessToken = await credential.getToken(scope);
// Get the password.
const config = {
method: 'post',
url: listKeyUrl,
headers: {
'Authorization': `Bearer ${accessToken.token}`
}
};
const response = await axios(config);
const keysDict = response.data;
const password = keysDict['primaryMasterKey'];
let authProvider = new cassandra.auth.PlainTextAuthProvider(
username,
password
);
let client = new cassandra.Client({
contactPoints: [`${contactPoint}:${port}`],
authProvider: authProvider,
localDataCenter: 'datacenter1',
sslOptions: {
secureProtocol: "TLSv1_2_method"
},
});
client.connect();
連接字串
警告
Microsoft 建議您使用最安全的可用驗證流程。 這個程序描述的驗證流程需要在應用程式中具備極高的信任度,且伴隨著其他流程並未面臨的風險。 請僅在其他較安全的流程 (例如受控身分識別) 皆不具可行性的情況下,才使用這個流程。
SpringBoot 用戶端類型
| 預設環境變數名稱 |
描述 |
範例值 |
| spring.data.cassandra.contact-points |
Azure Cosmos DB for Apache Cassandra 連絡點 |
<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com |
| spring.data.cassandra.port |
Cassandra 連線連接埠 |
10350 |
| spring.data.cassandra.keyspace-name |
Cassandra Keyspace |
<keyspace> |
| spring.data.cassandra.username |
Cassandra 使用者名稱 |
<username> |
| spring.data.cassandra.password |
Cassandra 密碼 |
<password> |
| spring.data.cassandra.local-datacenter |
Azure 區域 |
<Azure-region> |
| spring.data.cassandra.ssl |
SSL 狀態 |
true |
其他用戶端類型
| 預設環境變數名稱 |
描述 |
範例值 |
| AZURE_COSMOS_CONTACTPOINT |
Azure Cosmos DB for Apache Cassandra 連絡點 |
<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com |
| AZURE_COSMOS_PORT |
Cassandra 連線連接埠 |
10350 |
| AZURE_COSMOS_KEYSPACE |
Cassandra Keyspace |
<keyspace> |
| AZURE_COSMOS_USERNAME |
Cassandra 使用者名稱 |
<username> |
| AZURE_COSMOS_PASSWORD |
Cassandra 密碼 |
<password> |
範例指令碼
請參閱下列步驟和程式碼,使用連接字串連線至 Azure Cosmos DB for Cassandra。
安裝相依性
dotnet add package CassandraCSharpDriver --version 3.19.3
從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。
using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
public class Program
{
public static async Task Main()
{
var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
var password = Environment.GetEnvironmentVariable("AZURE_COSMOS_PASSWORD");
var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
Cluster cluster = Cluster
.Builder()
.WithCredentials(userName, password)
.WithPort(cassandraPort)
.AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
ISession session = await cluster.ConnectAsync();
}
public static bool ValidateServerCertificate
(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
}
如需詳細資訊,請參閱使用 .NET SDK 和 Azure Cosmos DB 建置 Apache Cassandra 應用程式。
在您的 pom.xml 中新增下列相依性:
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-core</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-query-builder</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>com.datastax.cassandra</groupId>
<artifactId>cassandra-driver-extras</artifactId>
<version>3.1.4</version>
</dependency>
從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。
import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraPassword = System.getenv("AZURE_COSMOS_PASSWORD");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
.addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
.withAuthCredentials(cassandraUsername, cassandraPassword).build();
如需詳細資訊,請參閱建置 Java 應用程式來管理 Azure Cosmos DB for Apache Cassandra 資料。
安裝相依性
pip install Cassandra-driver
pip install pyopenssl
從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。
from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
username = os.getenv('AZURE_COSMOS_USERNAME')
password = os.getenv('AZURE_COSMOS_PASSWORD')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()
如需詳細資訊,請參閱使用 Python SDK 和 Azure Cosmos DB 建置 Cassandra 應用程式
- 安裝相依性。
go get github.com/gocql/gocql
- 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。
import (
"fmt"
"os"
"context"
"log"
"github.com/gocql/gocql"
)
func GetSession() *gocql.Session {
cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
cosmosCassandraPassword = os.Getenv("AZURE_COSMOS_PASSWORD")
cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
port, err := strconv.Atoi(cosmosCassandraPort)
if err != nil {
// error handling
}
clusterConfig.Port = port
clusterConfig.ProtoVersion = 4
clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}
session, err := clusterConfig.CreateSession()
if err != nil {
// error handling
}
return session
}
func main() {
session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
defer session.Close()
...
}
如需詳細資訊,請參閱建置具有 gocql 用戶端的 Go 應用程式來管理 Azure Cosmos DB for Apache Cassandra 資料。
- 安裝相依性
npm install cassandra-driver
- 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。
const cassandra = require("cassandra-driver");
let username = process.env.AZURE_COSMOS_USERNAME;
let password = process.env.AZURE_COSMOS_PASSWORD;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let authProvider = new cassandra.auth.PlainTextAuthProvider(
username,
password
);
let client = new cassandra.Client({
contactPoints: [`${contactPoint}:${port}`],
authProvider: authProvider,
localDataCenter: 'datacenter1',
sslOptions: {
secureProtocol: "TLSv1_2_method"
},
});
client.connect();
如需詳細資訊,請參閱使用 Node.js SDK 和 Azure Cosmos DB 建置 Cassandra 應用程式
服務主體
| 預設環境變數名稱 |
描述 |
範例值 |
| AZURE_COSMOS_LISTKEYURL |
要取得連接字串的 URL |
https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15 |
| AZURE_COSMOS_SCOPE |
您的受控識別範圍 |
https://management.azure.com/.default |
| AZURE_COSMOS_RESOURCEENDPOINT |
您的資源端點 |
https://<Azure-Cosmos-DB-account>.documents.azure.com:443/ |
| AZURE_COSMOS_CONTACTPOINT |
Azure Cosmos DB for Apache Cassandra 連絡點 |
<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com |
| AZURE_COSMOS_PORT |
Cassandra 連線連接埠 |
10350 |
| AZURE_COSMOS_KEYSPACE |
Cassandra Keyspace |
<keyspace> |
| AZURE_COSMOS_USERNAME |
Cassandra 使用者名稱 |
<username> |
| AZURE_COSMOS_CLIENTID |
您的用戶端識別碼 |
<client-ID> |
| AZURE_COSMOS_CLIENTSECRET |
您的用戶端密碼 |
<client-secret> |
| AZURE_COSMOS_TENANTID |
您的租用戶識別碼 |
<tenant-ID> |
範例指令碼
請參閱下列步驟和程式碼,使用服務主體連線至 Azure Cosmos DB for Cassandra。
安裝相依性
dotnet add package CassandraCSharpDriver --version 3.19.3
dotnet add package Azure.Identity
使用用戶端程式庫 Azure.Identity 取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
using Azure.Identity;
public class Program
{
public static async Task Main()
{
var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// var tokenProvider = new DefaultAzureCredential();
// For user-assigned identity.
// var tokenProvider = new DefaultAzureCredential(
// new DefaultAzureCredentialOptions
// {
// ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// }
// );
// For service principal.
// var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
// var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);
// Acquire the access token.
AccessToken accessToken = await tokenProvider.GetTokenAsync(
new TokenRequestContext(scopes: new string[]{ scope }));
// Get the password.
var httpClient = new HttpClient();
httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
var response = await httpClient.POSTAsync(listKeyUrl);
var responseBody = await response.Content.ReadAsStringAsync();
var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
var password = keys["primaryMasterKey"];
// Connect to Azure Cosmos DB for Cassandra
var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
Cluster cluster = Cluster
.Builder()
.WithCredentials(userName, password)
.WithPort(cassandraPort)
.AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
ISession session = await cluster.ConnectAsync();
}
public static bool ValidateServerCertificate
(
object sender,
X509Certificate certificate,
X509Chain chain,
SslPolicyErrors sslPolicyErrors
)
{
if (sslPolicyErrors == SslPolicyErrors.None)
return true;
Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
// Do not allow this client to communicate with unauthenticated servers.
return false;
}
}
在您的 pom.xml 中新增下列相依性:
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-core</artifactId>
<version>4.5.1</version>
</dependency>
<dependency>
<groupId>com.datastax.oss</groupId>
<artifactId>java-driver-query-builder</artifactId>
<version>4.0.0</version>
</dependency>
<dependency>
<groupId>com.datastax.cassandra</groupId>
<artifactId>cassandra-driver-extras</artifactId>
<version>3.1.4</version>
</dependency>
<dependency>
<groupId>com.azure</groupId>
<artifactId>azure-identity</artifactId>
<version>1.1.5</version>
</dependency>
使用 azure-identity,取得受控識別或服務主體的存取權杖。 使用存取權杖和 AZURE_COSMOS_LISTKEYURL 取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
import com.azure.identity.*;
import com.azure.core.credential.*;
import java.net.http.*;
import java.net.URI;
int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
String listKeyUrl = System.getenv("AZURE_COSMOS_LISTKEYURL");
String scope = System.getenv("AZURE_COSMOS_SCOPE");
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();
// For user assigned managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
// .managedIdentityClientId(System.getenv("AZURE_COSMOS_CLIENTID"))
// .build();
// For service principal.
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
// .clientId(System.getenv("<AZURE_COSMOS_CLIENTID>"))
// .clientSecret(System.getenv("<AZURE_COSMOS_CLIENTSECRET>"))
// .tenantId(System.getenv("<AZURE_COSMOS_TENANTID>"))
// .build();
// Get the access token.
AccessToken accessToken = defaultCredential.getToken(new TokenRequestContext().addScopes(new String[]{ scope })).block();
String token = accessToken.getToken();
// Get the password.
HttpClient client = HttpClient.newBuilder().build();
HttpRequest request = HttpRequest.newBuilder()
.uri(new URI(listKeyUrl))
.header("Authorization", "Bearer " + token)
.POST()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONParser parser = new JSONParser();
JSONObject responseBody = parser.parse(response.body());
String cassandraPassword = responseBody.get("primaryMasterKey");
// Connect to Azure Cosmos DB for Cassandra
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
.addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
.withAuthCredentials(cassandraUsername, cassandraPassword).build();
安裝相依性
pip install Cassandra-driver
pip install pyopenssl
pip install azure-identity
使用 azure-identity 向受控識別或服務主體進行驗證,並向 AZURE_COSMOS_LISTKEYURL 傳送要求以取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
import requests
from azure.identity import ManagedIdentityCredential, ClientSecretCredential
username = os.getenv('AZURE_COSMOS_USERNAME')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
listKeyUrl = os.getenv('AZURE_COSMOS_LISTKEYURL')
scope = os.getenv('AZURE_COSMOS_SCOPE')
# Uncomment the following lines corresponding to the authentication type you want to use.
# For system-assigned managed identity
# cred = ManagedIdentityCredential()
# For user-assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)
# For service principal
# tenant_id = os.getenv('AZURE_COSMOS_TENANTID')
# client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# client_secret = os.getenv('AZURE_COSMOS_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)
# Get the password
session = requests.Session()
token = cred.get_token(scope)
response = session.post(listKeyUrl, headers={"Authorization": "Bearer {}".format(token.token)})
keys_dict = response.json()
password = keys_dict['primaryMasterKey']
# Connect to Azure Cosmos DB for Cassandra.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()
安裝相依性。
go get github.com/gocql/gocql
go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/azcore"
在程式碼中,透過 azidentity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import (
"fmt"
"os"
"context"
"log"
"io/ioutil"
"encoding/json"
"github.com/gocql/gocql"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)
func GetSession() *gocql.Session {
cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
listKeyUrl = os.Getenv("AZURE_COSMOS_LISTKEYURL")
scope = os.Getenv("AZURE_COSMOS_SCOPE")
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// cred, err := azidentity.NewDefaultAzureCredential(nil)
// For user-assigned identity.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// azidentity.ManagedIdentityCredentialOptions.ID := clientid
// options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
// cred, err := azidentity.NewManagedIdentityCredential(options)
// For service principal.
// clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
// tenantid := os.Getenv("AZURE_COSMOS_TENANTID")
// clientsecret := os.Getenv("AZURE_COSMOS_CLIENTSECRET")
// cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})
// Acquire the access token.
ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
Scopes: []string{scope},
})
// Acquire the password.
client := &http.Client{}
req, err := http.NewRequest("POST", listKeyUrl, nil)
req.Header.Add("Authorization", "Bearer " + token.Token)
resp, err := client.Do(req)
body, err := ioutil.ReadAll(resp.Body)
var result map[string]interface{}
json.Unmarshal(body, &result)
cosmosCassandraPassword, err := result["primaryMasterKey"]
// Connect to Azure Cosmos DB for Cassandra
clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
port, err := strconv.Atoi(cosmosCassandraPort)
clusterConfig.Port = port
clusterConfig.ProtoVersion = 4
clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}
session, err := clusterConfig.CreateSession()
return session
}
func main() {
session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
defer session.Close()
...
}
安裝相依性
npm install cassandra-driver
npm install --save @azure/identity
在程式碼中,透過 @azure/identity 取得存取權杖,然後將其用來取得密碼。 從服務連接器新增的環境變數取得連線資訊,並連線至 Azure Cosmos DB for Cassandra。 使用下列程式代碼時,請取消註解您想要使用的驗證類型代碼段部分。
import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";
const cassandra = require("cassandra-driver");
const axios = require('axios');
let username = process.env.AZURE_COSMOS_USERNAME;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let listKeyUrl = process.env.AZURE_COSMOS_LISTKEYURL;
let scope = process.env.AZURE_COSMOS_SCOPE;
// Uncomment the following lines corresponding to the authentication type you want to use.
// For system-assigned identity.
// const credential = new DefaultAzureCredential();
// For user-assigned identity.
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const credential = new DefaultAzureCredential({
// managedIdentityClientId: clientId
// });
// For service principal.
// const tenantId = process.env.AZURE_COSMOS_TENANTID;
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const clientSecret = process.env.AZURE_COSMOS_CLIENTSECRET;
// Acquire the access token.
var accessToken = await credential.getToken(scope);
// Get the password.
const config = {
method: 'post',
url: listKeyUrl,
headers: {
'Authorization': `Bearer ${accessToken.token}`
}
};
const response = await axios(config);
const keysDict = response.data;
const password = keysDict['primaryMasterKey'];
let authProvider = new cassandra.auth.PlainTextAuthProvider(
username,
password
);
let client = new cassandra.Client({
contactPoints: [`${contactPoint}:${port}`],
authProvider: authProvider,
localDataCenter: 'datacenter1',
sslOptions: {
secureProtocol: "TLSv1_2_method"
},
});
client.connect();
下一步
請遵循下方列出的教學課程以深入了解服務連接器。