我尝试使用 Azure Active DIRECTORY 用户托管标识将 Azure 容器实例连接到我的 Azure SQL 数据库。但我无法使用 ODBC Driver 17 建立连接。
[S1T00][unixODBC][Microsoft][ODBC Driver 17 for SQL Server]Login timeout expired
[FA004][unixODBC][Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Failed to authenticate the user '' in Active Directory (Authentication option is 'ActiveDirectoryMSI').
Error code 0xA190; state 41360
Required metadata header not specified or not correct
Required metadata header not specified or not correct
Required metadata header not specified or not correct
Required metadata header not specified or not correct
[CE275][unixODBC][Microsoft][ODBC Driver 17 for SQL Server][SQL Server]Error requesting access token, HTTP status 400, expected 200
[08001][unixODBC][Microsoft][ODBC Driver 17 for SQL Server]TCP Provider: Timeout error [258].
[08001][unixODBC][Microsoft][ODBC Driver 17 for SQL Server]Unable to complete login process due to delay in login response
docker镜像中使用的ODBC驱动程序版本为17.10.5.1-1,
身份已分配给容器实例,并在表[sys.database_principals]中设置为数据库的外部用户
身份设置为数据库贡献者。
已检查并确认从 Azure 容器实例到 SQL Server 的网络连接。
[dns-name]
Driver=ODBC Driver 17 for SQL Server
Server=<server-name>
Database=<database-name>
UID=<object id of the assigned identity>
Authentication=ActiveDirectoryMsi
Encrypt=yes
任何人都可以帮助确定这些错误的原因或建议故障排除步骤吗?任何见解或建议将不胜感激。
根据错误,您无法使用托管身份登录 SQL Server
在 Azure 容器实例上启用托管标识并为其分配适当的角色以访问 SQL Server。
然后将此托管身份添加到 SQL 服务器的 Microsoft Entra ID 并为其创建相应的用户以用于登录
CREATE USER [<identity-name>] FROM EXTERNAL PROVIDER;
from azure.identity import DefaultAzureCredential
import pyodbc, struct
credential = DefaultAzureCredential() # system-assigned identity
credential = DefaultAzureCredential(managed_identity_client_id='<client-id-of-user-assigned-identity>') # user-assigned identity
# Get token for Azure SQL Database and convert to UTF-16-LE for SQL Server driver
token = credential.get_token("https://database.windows.net/.default").token.encode("UTF-16-LE")
token_struct = struct.pack(f'<I{len(token)}s', len(token), token)
# Connect with the token
SQL_COPT_SS_ACCESS_TOKEN = 1256
connString = f"Driver={{ODBC Driver 17 for SQL Server}};SERVER=<server-name>.database.windows.net;DATABASE=<database-name>"
conn = pyodbc.connect(connString, attrs_before={SQL_COPT_SS_ACCESS_TOKEN: token_struct})