azure - 无法使用 Azure Batch 管理库和通过 AzureCredentialsFactory 生成的 ServiceClientCrenetials 创建池

Question

我正在使用此文档将托管标识分配给我的批处理池。为简单起见，我没有在下面的示例中包含该分配，因为问题与此无关，而是与使用我的凭据访问管理库并能够在我现有的批处理帐户上生成一个新池有关。

我正在使用服务主体通过AzureCredentialsFactory生成ServiceClientCredentials以与Microsoft.Azure.Management.Batch库一起使用。

服务主体启用了Azure 服务管理权限，并将 user_impersonation设置为Delegated。它还被分配为订阅的参与者角色。

我可以使用以下代码创建凭据

using Microsoft.Azure.Management.Batch.Models;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;

string subscriptionId = "<subscriptionId>"; 
string tenantId = "<tenantId>";
string servicePrincipalId = "<servicePrincipalId>"; 
string servicePrincipalKey = "<servicePrincipalKey>"; 

var creds = new AzureCredentialsFactory().FromServicePrincipal(servicePrincipalId, servicePrincipalKey, tenantId, AzureEnvironment.AzureGlobalCloud).WithDefaultSubscription(subscriptionId);

var managementClient = new Microsoft.Azure.Management.Batch.BatchManagementClient(creds);

但是，当我尝试使用凭据在我的 Azure Batch 帐户中创建池时，出现以下异常：

Microsoft.Rest.ValidationException: ''this.Client.SubscriptionId' cannot be null.'

我正在使用.WithDefaultSubscription(subscriptionId)并已验证在创建 BatchManagementClient 之前已在凭据上设置了默认订阅。

这是我用来创建池的代码

var poolId = "test-pool";
var batchResourceGroupName = "<resourceGroupName>";
var batchAccountName = "<batchAccountName>";

var poolParameters = new Pool(name: poolId)
{
    VmSize = "STANDARD_D8S_V3",
    DeploymentConfiguration = new DeploymentConfiguration
    {
        VirtualMachineConfiguration = new VirtualMachineConfiguration(
            new ImageReference(
                "Canonical",
                "UbuntuServer",
                "18.04-LTS",
                "latest"),
            "batch.node.ubuntu 18.04")
    }
};

var pool = await managementClient.Pool.CreateWithHttpMessagesAsync(
    poolName: poolId,
    resourceGroupName: batchResourceGroupName,
    accountName: batchAccountName,
    parameters: poolParameters,
    cancellationToken: default(CancellationToken)).ConfigureAwait(false);

我可以使用凭据列出我的订阅

IAzure azure = Azure.Authenticate(creds).WithDefaultSubscription();
var subscriptions = azure.Subscriptions.List().ToList();

我在该列表中看到此服务主体有权访问的订阅。所以我知道证书很好。

此行发生异常

var pool = await managementClient.Pool.CreateWithHttpMessagesAsync(...

这是完整的代码

using Microsoft.Azure.Management.Batch.Models;
using Microsoft.Azure.Management.ResourceManager.Fluent;
using Microsoft.Azure.Management.ResourceManager.Fluent.Authentication;

string subscriptionId = "<subscriptionId>"; 
string tenantId = "<tenantId>";
string servicePrincipalId = "<servicePrincipalId>"; 
string servicePrincipalKey = "<servicePrincipalKey>"; 

var poolId = "test-pool";
var batchResourceGroupName = "<resourceGroupName>";
var batchAccountName = "<batchAccountName>";

var poolParameters = new Pool(name: poolId)
{
    VmSize = "STANDARD_D8S_V3",
    DeploymentConfiguration = new DeploymentConfiguration
    {
        VirtualMachineConfiguration = new VirtualMachineConfiguration(
            new ImageReference(
                "Canonical",
                "UbuntuServer",
                "18.04-LTS",
                "latest"),
            "batch.node.ubuntu 18.04")
    }
};

var creds = new AzureCredentialsFactory().FromServicePrincipal(servicePrincipalId, servicePrincipalKey, tenantId, AzureEnvironment.AzureGlobalCloud).WithDefaultSubscription(subscriptionId);

var managementClient = new Microsoft.Azure.Management.Batch.BatchManagementClient(creds);

var pool = await managementClient.Pool.CreateWithHttpMessagesAsync(
    poolName: poolId,
    resourceGroupName: batchResourceGroupName,
    accountName: batchAccountName,
    parameters: poolParameters,
    cancellationToken: default(CancellationToken)).ConfigureAwait(false);

- - 更新 - -

我在调用Pool.CreateWithHttpMessageAsync()之前添加了以下行

managementClient.SubscriptionId = subscriptionId;

并且不再收到有关 null subscriptionId 的错误，现在可以按预期使用管理客户端。