使用 Python 向 Azure 数据资源管理器添加群集主体Add cluster principals for Azure Data Explorer by using Python

Azure 数据资源管理器是一项快速且高度可缩放的数据探索服务,适用于日志和遥测数据。Azure Data Explorer is a fast and highly scalable data exploration service for log and telemetry data. 在本文中,将使用 Python 向 Azure 数据资源管理器添加群集主体。In this article, you add cluster principals for Azure Data Explorer by using Python.

必备条件Prerequisites

安装 Python 包Install Python package

要为 Azure 数据资源管理器 (Kusto) 安装 Python 包,请打开其路径中包含 Python 的命令提示符。To install the Python package for Azure Data Explorer (Kusto), open a command prompt that has Python in its path. 运行以下命令:Run this command:

pip install azure-common
pip install azure-mgmt-kusto

AuthenticationAuthentication

若要运行以下示例,需要可以访问资源的 Azure Active Directory (Azure AD) 应用程序和服务主体。To run the following example, you need an Azure Active Directory (Azure AD) application and service principal that can access resources. 若要创建免费的 Azure AD 应用程序并在订阅级别添加角色分配,请参阅创建 Azure AD 应用程序To create a free Azure AD application and add role assignment at the subscription level, see Create an Azure AD application. 还需要目录(租户)ID、应用程序 ID 和客户端密码。You also need the directory (tenant) ID, application ID, and client secret.

添加群集主体Add a cluster principal

以下示例演示如何以编程方式添加群集主体。The following example shows you how to add a cluster principal programmatically.

from azure.mgmt.kusto import KustoManagementClient
from azure.mgmt.kusto.models import ClusterPrincipalAssignment
from azure.common.credentials import ServicePrincipalCredentials

#Directory (tenant) ID
tenant_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
#Application ID
client_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
#Client Secret
client_secret = "xxxxxxxxxxxxxx"
subscription_id = "xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx"
credentials = ServicePrincipalCredentials(
        client_id=client_id,
        secret=client_secret,
        tenant=tenant_id
    )
kusto_management_client = KustoManagementClient(credentials, subscription_id)

resource_group_name = "testrg"
#The cluster that is created as part of the Prerequisites
cluster_name = "mykustocluster"
principal_assignment_name = "clusterPrincipalAssignment1"
#User email, application ID, or security group name
principal_id = "xxxxxxxx"
#AllDatabasesAdmin or AllDatabasesViewer
role = "AllDatabasesAdmin"
tenant_id_for_principal = tenantId
#User, App, or Group
principal_type = "App"

#Returns an instance of LROPoller, check https://docs.microsoft.com/python/api/msrest/msrest.polling.lropoller?view=azure-python
poller = kusto_management_client.cluster_principal_assignments.create_or_update(resource_group_name=resource_group_name, cluster_name=cluster_name, principal_assignment_name= principal_assignment_name, parameters=ClusterPrincipalAssignment(principal_id=principal_id, role=role, tenant_id=tenant_id_for_principal, principal_type=principal_type))
设置Setting 建议的值Suggested value 字段说明Field description
tenant_idtenant_id xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx 租户 ID。Your tenant ID. 也称为目录 ID。Also known as directory ID.
subscription_idsubscription_id xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx 用于创建资源的订阅 ID。The subscription ID that you use for resource creation.
client_idclient_id xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx 可以访问租户中资源的应用程序的客户端 ID。The client ID of the application that can access resources in your tenant.
client_secretclient_secret xxxxxxxxxxxxxxxxxxxxxxxxxxxx 可以访问租户中资源的应用程序的客户端密码。The client secret of the application that can access resources in your tenant.
resource_group_nameresource_group_name testrgtestrg 包含群集的资源组的名称。The name of the resource group containing your cluster.
cluster_namecluster_name mykustocluster mykustocluster 群集的名称。The name of your cluster.
principal_assignment_nameprincipal_assignment_name clusterPrincipalAssignment1clusterPrincipalAssignment1 群集主体资源的名称。The name of your cluster principal resource.
principal_idprincipal_id xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx 主体 ID,可以是用户电子邮件、应用程序 ID 或安全组名称。The principal ID, which can be user email, application ID, or security group name.
角色 (role)role AllDatabasesAdminAllDatabasesAdmin 群集主体的角色,可以是“AllDatabasesAdmin”或“AllDatabasesViewer”。The role of your cluster principal, which can be 'AllDatabasesAdmin' or 'AllDatabasesViewer'.
tenant_id_for_principaltenant_id_for_principal xxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxxxxxxxxxx-xxxxx-xxxx-xxxx-xxxxxxxxx 主体的租户 ID。The tenant ID of the principal.
principal_typeprincipal_type 应用App 主体的类型,可以是“User”、“App”或“Group”The type of the principal, which can be 'User', 'App', or 'Group'

后续步骤Next steps