search

Azure / azure-sdk-for-python

This repository is for active development of the Azure SDK for Python. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/python/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-python.
MIT License
4.53k stars 2.76k forks source link

Alternatives for accessing Azure Storage Account without using SAS when creating an environment #36603

Closed boynextdoor-cze closed 1 month ago

boynextdoor-cze commented 1 month ago

I am creating a training environment in my Azure ML Workspace using docker, as the code below:

credential = DefaultAzureCredential()
ml_client = MLClient.from_config(credential, path='config.json')
environment = Environment(
    name=args.environment_name,
    description=args.description,
    build=BuildContext(path=args.docker_context_path, dockerfile_path=args.dockerfile_name)
)
ml_client.environments.create_or_update(environment)

As Microsoft has disabled SAS access to storage account internally, when deploying the code above on Azure DevOps I got the following error: azure.core.exceptions.HttpResponseError: Operation returned an invalid status 'Key based authentication is not permitted on this storage account.'. I guess the reason is that create_or_update methods uses SAS URI for environment creation so that the problem seems to be inevitable.

I've tried using ManagedIdentityCredential() but the error message became ManagedIdentityCredential.get_token failed: ManagedIdentityCredential authentication unavailable, no response from the IMDS endpoint.

Therefore, I wonder if there's any alternative to avoid using SAS, either via Python SDK or Azure CLI

github-actions[bot] commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

github-actions[bot] commented 1 month ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/azure-ml-sdk @azureml-github.

swathipil commented 1 month ago

Hi @boynextdoor-cze - Thanks for opening an issue. We'll take a look at this asap!

achauhan-scc commented 1 month ago

assuming error in occurring while uploading the image file to storage account, can you please help with full exception trace? I think what you need a key less data store. https://github.com/Azure/azureml-examples/blob/main/sdk/python/resources/datastores/datastore.ipynb

boynextdoor-cze commented 1 month ago

Problem has been solved. I granted the app registration the reader & contributor access and then everything works well