Azure-sdk-for-python: Azure batch authentication failed when using other Azure resources

Created on 4 Dec 2017  路  4Comments  路  Source: Azure/azure-sdk-for-python

Hi,
My customer met the same issue below.

Azure Batch Pool: How do I use a custom VM Image via Python?

According to the article above, we need to use ServicePrincipalCredentials when we use Azure resources in batch.
However, in Azure batch, only SharedKeyCredentials is provided but no information about such usage.

Is it recommended and assumed way for Azure batch to use Azure Resources or, is the way not assumed ?

I thought we had better add the usage but I wasn't able to find where to write.

ARM Docs Service Attention Waiting answer
Source
picture ghost

Most helpful comment

Hi @annatisch and @lmazuel ,
Thanks for replying and helping me to understand how we should code when using other resources
My customer solved the issue by using ServicePrincipalCredentials.

Plus, thanks for sharing the information. I understood that we need to acquire token from batch endpoint "https://batch.core.windows.net/".

My customer had a trouble because he didn't set resource = "https://batch.core.windows.net/" ,so the default resource "https://login.microsoftonline.com/" was set and his token was not for batch account.

from azure.batch import BatchServiceClient
from azure.common.credentials import ServicePrincipalCredentials

credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=SECRET,
    tenant=TENANT_ID,
    resource="https://batch.core.windows.net/"
)
    batch_client = BatchServiceClient(
    credentials,
    base_url=BATCH_ACCOUNT_URL
)

Now the problem is solved. Thanks so much for your kind help 馃憤

picture ghost on 6 Dec 2017
🎉3 👍1

All 4 comments

@annatisch could you answer this one please?

lmazuel picture lmazuel on 4 Dec 2017

Hi @kemura,
You are correct in that when Batch needs to access other resources (e.g. VNets and Custom Images), it requires Active Directory authentication rather than SharedKey.
The tools required to authenticate via AAD are already supplied for use with the management SDKs and so are not re-packaged with Batch.

Once you have followed the instructions in this article for creating a Service Principal, you can authenticate with it using the instructions here:
http://azure-sdk-for-python.readthedocs.io/en/latest/batch.html#azure-active-directory-authentication

annatisch picture annatisch on 5 Dec 2017

Thanks @annatisch !
@kemura please let us know if your problem is solved now :)

lmazuel picture lmazuel on 5 Dec 2017

Hi @annatisch and @lmazuel ,
Thanks for replying and helping me to understand how we should code when using other resources
My customer solved the issue by using ServicePrincipalCredentials.

Plus, thanks for sharing the information. I understood that we need to acquire token from batch endpoint "https://batch.core.windows.net/".

My customer had a trouble because he didn't set resource = "https://batch.core.windows.net/" ,so the default resource "https://login.microsoftonline.com/" was set and his token was not for batch account.

from azure.batch import BatchServiceClient
from azure.common.credentials import ServicePrincipalCredentials

credentials = ServicePrincipalCredentials(
    client_id=CLIENT_ID,
    secret=SECRET,
    tenant=TENANT_ID,
    resource="https://batch.core.windows.net/"
)
    batch_client = BatchServiceClient(
    credentials,
    base_url=BATCH_ACCOUNT_URL
)

Now the problem is solved. Thanks so much for your kind help 馃憤

ghost picture ghost on 6 Dec 2017
🎉3 👍1
Was this page helpful?
0 / 5 - 0 ratings

Related issues

christonog picture christonog  路  4Comments
ctercekcsc picture ctercekcsc  路  4Comments
Koppens picture Koppens  路  4Comments
raviteja59 picture raviteja59  路  3Comments
logachev picture logachev  路  3Comments