您可以使用適用於 Python 的 Azure 連結庫來連線到 Azure 可供使用的所有區域。
根據預設,Azure 程式庫會設定為連線到全域 Azure 雲端。
使用預先定義的主權雲端常數
預先定義的主權雲端常數是由 AzureAuthorityHosts 連結庫的 azure.identity 模組所提供:
AZURE_CHINAAZURE_GOVERNMENTAZURE_PUBLIC_CLOUD
若要使用定義,請從 azure.identity.AzureAuthorityHosts 匯入適當的常數,並在建立客戶端物件時套用它。
使用 DefaultAzureCredential時,如下列範例所示,您可以使用 來自 azure.identity.AzureAuthorityHosts的適當值來指定雲端。
import os
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient
from azure.identity import DefaultAzureCredential, AzureAuthorityHosts
from azure.core import AzureClouds
authority = AzureAuthorityHosts.AZURE_CHINA
# Set environment variable AZURE_SUBSCRIPTION_ID as well as environment variables
# for DefaultAzureCredential. For combinations of environment variables, see
# https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#environment-variables
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
# When using sovereign domains (that is, any cloud other than AZURE_PUBLIC_CLOUD),
# you must use an authority with DefaultAzureCredential.
credential = DefaultAzureCredential(authority=authority)
resource_client = ResourceManagementClient(
credential, subscription_id, cloud_setting=AzureClouds.AZURE_CHINA_CLOUD
)
subscription_client = SubscriptionClient(
credential, cloud_setting=AzureClouds.AZURE_CHINA_CLOUD
)
備註
此功能 cloud_setting 是新添加的,並正在 Azure SDK 管理庫中推出。 在此期間,有些用戶支援它,而有些則不支援。 若要檢查支援,請在用戶端建構函式上尋找 cloud_setting 參數。 如果您的服務用戶端尚未公開 cloud_setting ,您仍然可以使用下列範例中所示的先前方法來鎖定主權雲端。
import os
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient
from azure.identity import DefaultAzureCredential, AzureAuthorityHosts
authority = AzureAuthorityHosts.AZURE_CHINA
resource_manager = "https://management.chinacloudapi.cn"
# Set environment variable AZURE_SUBSCRIPTION_ID as well as environment variables
# for DefaultAzureCredential. For combinations of environment variables, see
# https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#environment-variables
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
# When using sovereign domains (that is, any cloud other than AZURE_PUBLIC_CLOUD),
# you must use an authority with DefaultAzureCredential.
credential = DefaultAzureCredential(authority=authority)
resource_client = ResourceManagementClient(
credential,
subscription_id,
base_url=resource_manager,
credential_scopes=[resource_manager + "/.default"],
)
subscription_client = SubscriptionClient(
credential,
base_url=resource_manager,
credential_scopes=[resource_manager + "/.default"],
)
使用您自己的雲定義
在下列程式代碼中,將 authority、endpoint和 audience 變數的值取代為您私人雲端適用的值。
import os
from azure.mgmt.resource import ResourceManagementClient, SubscriptionClient
from azure.identity import DefaultAzureCredential
from azure.profiles import KnownProfiles
# Set environment variable AZURE_SUBSCRIPTION_ID as well as environment variables
# for DefaultAzureCredential. For combinations of environment variables, see
# https://github.com/Azure/azure-sdk-for-python/tree/main/sdk/identity/azure-identity#environment-variables
subscription_id = os.environ["AZURE_SUBSCRIPTION_ID"]
authority = "<your authority>"
endpoint = "<your endpoint>"
audience = "<your audience>"
# When using a private cloud, you must use an authority with DefaultAzureCredential.
# The active_directory endpoint should be a URL like https://login.microsoftonline.com.
credential = DefaultAzureCredential(authority=authority)
resource_client = ResourceManagementClient(
credential, subscription_id,
base_url=endpoint,
profile=KnownProfiles.v2019_03_01_hybrid,
credential_scopes=[audience])
subscription_client = SubscriptionClient(
credential,
base_url=endpoint,
profile=KnownProfiles.v2019_03_01_hybrid,
credential_scopes=[audience])
例如,針對 Azure Stack,您可以使用 az cloud show CLI 命令傳回已註冊雲端的詳細數據。 下列輸出顯示針對 Azure 公用雲端傳回的值,但 Azure Stack 私人雲端的輸出應該類似。
{
"endpoints": {
"activeDirectory": "https://login.microsoftonline.com",
"activeDirectoryDataLakeResourceId": "https://datalake.azure.net/",
"activeDirectoryGraphResourceId": "https://graph.windows.net/",
"activeDirectoryResourceId": "https://management.core.windows.net/",
"appInsightsResourceId": "https://api.applicationinsights.io",
"appInsightsTelemetryChannelResourceId": "https://dc.applicationinsights.azure.com/v2/track",
"attestationResourceId": "https://attest.azure.net",
"azmirrorStorageAccountResourceId": null,
"batchResourceId": "https://batch.core.windows.net/",
"gallery": "https://gallery.azure.com/",
"logAnalyticsResourceId": "https://api.loganalytics.io",
"management": "https://management.core.windows.net/",
"mediaResourceId": "https://rest.media.azure.net",
"microsoftGraphResourceId": "https://graph.microsoft.com/",
"ossrdbmsResourceId": "https://ossrdbms-aad.database.windows.net",
"portal": "https://portal.azure.com",
"resourceManager": "https://management.azure.com/",
"sqlManagement": "https://management.core.windows.net:8443/",
"synapseAnalyticsResourceId": "https://dev.azuresynapse.net",
"vmImageAliasDoc": "https://raw.githubusercontent.com/Azure/azure-rest-api-specs/main/arm-compute/quickstart-templates/aliases.json"
},
"isActive": true,
"name": "AzureCloud",
"profile": "latest",
"suffixes": {
"acrLoginServerEndpoint": ".azurecr.io",
"attestationEndpoint": ".attest.azure.net",
"azureDatalakeAnalyticsCatalogAndJobEndpoint": "azuredatalakeanalytics.net",
"azureDatalakeStoreFileSystemEndpoint": "azuredatalakestore.net",
"keyvaultDns": ".vault.azure.net",
"mariadbServerEndpoint": ".mariadb.database.azure.com",
"mhsmDns": ".managedhsm.azure.net",
"mysqlServerEndpoint": ".mysql.database.azure.com",
"postgresqlServerEndpoint": ".postgres.database.azure.com",
"sqlServerHostname": ".database.windows.net",
"storageEndpoint": "core.windows.net",
"storageSyncEndpoint": "afs.azure.net",
"synapseAnalyticsEndpoint": ".dev.azuresynapse.net"
}
}
在上述程式代碼中,您可以將authority設定為endpoints.activeDirectory屬性的值,將endpoint設定為endpoints.resourceManager屬性的值,以及將audience設定為endpoints.activeDirectoryResourceId屬性的值加上".default"。
如需詳細資訊,請參閱 搭配 Azure Stack Hub 使用 Azure CLI 和 取得 Azure Stack Hub 的驗證資訊。