MATLAB 是一个编程和数值计算平台,用于分析数据、开发算法和创建模型。 本文介绍如何在适用于 Azure 数据资源管理器的 MATLAB 中获取授权令牌,以妨如何使用此令牌与群集进行交互。
选择用于运行 MATLAB 的操作系统的选项卡。
安装 JDK 8 和 Maven。
克隆适用于 Azure 服务的 MATLAB 接口存储库:
git clone https://github.com/mathworks-ref-arch/matlab-azure-services.git
生成 MATLAB Azure SDK jar:
cd matlab-azure-services/Software/Java
mvn clean package
此版本应生成文件“Software/MATLAB/lib/jar/azure-common-sdk-0.2.0.jar”。
在 MATLAB 工作室中,加载 jar 文件并将其添加到 java 静态类路径:
edit(fullfile(prefdir,'javaclasspath.txt'));
在 java 静态类路径文件中,添加与 jar 文件对应的输入:
(full-path)/matlab-azure-services/Software/MATLAB/lib/jar/azure-common-sdk-0.2.0.jar
重启 MATLAB IDE。 重新加载后,运行 matlab-azure-services\Software\MATLAB\startup.m 中提供的 startup.m 脚本。 这样做可确保设置好访问 Azure 服务所需的所有先决条件函数。 输出如下所示:
>> startup
Adding Azure Paths
------------------
Adding: matlab-azure-services/Software/MATLAB/app
Adding: matlab-azure-services/Software/MATLAB/app/functions
Adding: matlab-azure-services/Software/MATLAB/app/system
Adding: matlab-azure-services/Software/MATLAB/lib
Adding: matlab-azure-services/Software/MATLAB/config
Skipping: matlab-azure-services/Software/Utilities
Checking the static Java classpath for: matlab-azure-services/Software/MATLAB/lib/jar/azure-common-sdk-0.2.0.jar
Found: azure-common-sdk-0.2.0.jar
执行用户身份验证时,系统会提示用户通过浏览器窗口登录。 成功登录后,将授予用户授权令牌。 本部分介绍如何配置此交互式登录流。
若要执行用户身份验证,请执行以下操作:
定义授权所需的常数。 有关这些值的详细信息,请参阅授权参数。
% The Azure Data Explorer cluster URL
clusterUrl = 'https://<adx-cluster>.kusto.chinacloudapi.cn';
% The Azure AD tenant ID
tenantId = '';
% Send a request to https://<adx-cluster>.kusto.chinacloudapi.cn/v1/rest/auth/metadata
% The appId should be the value of KustoClientAppId
appId = '';
% The Azure AD scopes
scopesToUse = strcat(clusterUrl,'/.default ');
在 MATLAB 工作室中,加载提取的 DLL 文件:
% Access the folder that contains the DLL files
dllFolder = fullfile("C:","Matlab","DLL");
% Load the referenced assemblies in the MATLAB session
matlabDllFiles = dir(fullfile(dllFolder,'*.dll'));
for k = 1:length(matlabDllFiles)
baseFileName = matlabDllFiles(k).name;
fullFileName = fullfile(dllFolder,baseFileName);
fprintf(1, 'Reading %s\n', fullFileName);
end
% Load the downloaded assembly in MATLAB
NET.addAssembly(fullFileName);
使用 PublicClientApplicationBuilder 提示用户进行交互式登录:
% Create an PublicClientApplicationBuilder
app = Microsoft.Identity.Client.PublicClientApplicationBuilder.Create(appId)...
.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance.AzurePublic,tenantId)...
.WithRedirectUri('http://localhost:8675')...
.Build();
% System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
NET.setStaticProperty ('System.Net.ServicePointManager.SecurityProtocol',System.Net.SecurityProtocolType.Tls12)
% Start with creating a list of scopes
scopes = NET.createGeneric('System.Collections.Generic.List',{'System.String'});
% Add the actual scopes
scopes.Add(scopesToUse);
fprintf(1, 'Using appScope %s\n', scopesToUse);
% Get the token from the service
% and show the interactive dialog in which the user can login
tokenAcquirer = app.AcquireTokenInteractive(scopes);
result = tokenAcquirer.ExecuteAsync;
% Extract the token and when it expires
% and retrieve the returned token
token = char(result.Result.AccessToken);
fprintf(2, 'User token aquired and will expire at %s & extended expires at %s', result.Result.ExpiresOn.LocalDateTime.ToString,result.Result.ExtendedExpiresOn.ToLocalTime.ToString);
使用授权令牌通过 REST API 查询群集:
options=weboptions('HeaderFields',{'RequestMethod','POST';'Accept' 'application/json';'Authorization' ['Bearer ', token]; 'Content-Type' 'application/json; charset=utf-8'; 'Connection' 'Keep-Alive'; 'x-ms-app' 'Matlab'; 'x-ms-client-request-id' 'Matlab-Query-Request'});
% The DB and KQL variables represent the database and query to execute
querydata = struct('db', "<DB>", 'csl', "<KQL>");
querryresults = webwrite("https://sdktestcluster.chinaeast2.dev.kusto.chinacloudapi.cn/v2/rest/query", querydata, options);
% Extract the results row
results=querryresults{3}.Rows
使用相关凭据在工作目录中创建 Auth.json 文件。 从 https://<adx-cluster>.kusto.chinacloudapi.cn/v1/rest/auth/metadata 返回的 KustoClientAppId 需要替换为以下 ClientId 的值:
{
"AuthMethod": "InteractiveBrowser",
"TenantId" : "<AAD Tenant / Authority ID for the login>",
"ClientId" : "<Client ID>",
"RedirectUrl": "http://localhost:8675"
}
按如下所示查询群集:
% References the credential file created in the previous step
credentials = configureCredentials('Auth.json');
% Point the scopes to the Azure Data Explorer cluster that we want to query
request = azure.core.credential.TokenRequestContext();
request.addScopes('<https://adx-cluster-changeme.kusto.chinacloudapi.cn/.default>');
token=credentials.getToken(request);
% Prepare to query the cluster
options=weboptions('HeaderFields',{'RequestMethod','POST';'Accept' 'application/json';'Authorization' ['Bearer ', token.getToken()]; 'Content-Type' 'application/json; charset=utf-8'; 'Connection' 'Keep-Alive'; 'x-ms-app' 'Matlab'; 'x-ms-client-request-id' 'Matlab-Query-Request'});
% The DB and KQL variables represent the database and query to execute
querydata = struct('db', "<DB>", 'csl', "<KQL>");
querryresults = webwrite('<https://adx-cluster-changeme.kusto.chinacloudapi.cn/v2/rest/query>', querydata, options);
% The results row can be extracted as follows
results=querryresults{3}.Rows
Microsoft Entra 应用程序授权可用于不需要交互式登录且需要自动运行的情况。
若要执行应用程序身份验证,请执行以下操作:
预配 Microsoft Entra 应用程序。 在“重定向 URI”处,选择“Web”,在 URI 处输入“http://localhost:8675”。
定义授权所需的常数。 有关这些值的详细信息,请参阅授权参数。
% The Azure Data Explorer cluster URL
clusterUrl = 'https://<adx-cluster>.kusto.chinacloudapi.cn';
% The Azure AD tenant ID
tenantId = '';
% The Azure AD application ID and key
appId = '';
appSecret = '';
在 MATLAB 工作室中,加载提取的 DLL 文件:
% Access the folder that contains the DLL files
dllFolder = fullfile("C:","Matlab","DLL");
% Load the referenced assemblies in the MATLAB session
matlabDllFiles = dir(fullfile(dllFolder,'*.dll'));
for k = 1:length(matlabDllFiles)
baseFileName = matlabDllFiles(k).name;
fullFileName = fullfile(dllFolder,baseFileName);
fprintf(1, 'Reading %s\n', fullFileName);
end
% Load the downloaded assembly
NET.addAssembly(fullFileName);
使用 ConfidentialClientApplicationBuilder 对 Microsoft Entra 应用程序执行非交互式自动登录:
% Create an ConfidentialClientApplicationBuilder
app = Microsoft.Identity.Client.ConfidentialClientApplicationBuilder.Create(appId)...
.WithAuthority(Microsoft.Identity.Client.AzureCloudInstance.AzurePublic,tenantId)...
.WithRedirectUri('http://localhost:8675')...
.WithClientSecret(appSecret)...
.Build();
% System.Net.ServicePointManager.SecurityProtocol = System.Net.SecurityProtocolType.Tls12;
NET.setStaticProperty ('System.Net.ServicePointManager.SecurityProtocol',System.Net.SecurityProtocolType.Tls12)
% Start with creating a list of scopes
scopes = NET.createGeneric('System.Collections.Generic.List',{'System.String'});
% Add the actual scopes
scopes.Add(scopesToUse);
fprintf(1, 'Using appScope %s\n', scopesToUse);
% Get the token from the service and cache it until it expires
tokenAcquirer = app.AcquireTokenForClient(scopes);
result = tokenAcquirer.ExecuteAsync;
% Extract the token and when it expires
% retrieve the returned token
token = char(result.Result.AccessToken);
fprintf(2, 'User token aquired and will expire at %s & extended expires at %s', result.Result.ExpiresOn.LocalDateTime.ToString,result.Result.ExtendedExpiresOn.ToLocalTime.ToString);
使用授权令牌通过 REST API 查询群集:
options=weboptions('HeaderFields',{'RequestMethod','POST';'Accept' 'application/json';'Authorization' ['Bearer ', token]; 'Content-Type' 'application/json; charset=utf-8'; 'Connection' 'Keep-Alive'; 'x-ms-app' 'Matlab'; 'x-ms-client-request-id' 'Matlab-Query-Request'});
% The DB and KQL variables represent the database and query to execute
querydata = struct('db', "<DB>", 'csl', "<KQL>");
querryresults = webwrite("https://sdktestcluster.chinaeast2.dev.kusto.chinacloudapi.cn/v2/rest/query", querydata, options);
% Extract the results row
results=querryresults{3}.Rows
使用相关凭据在工作目录中创建 Auth.json 文件:
{
"AuthMethod": "ClientSecret",
"TenantId" : "<AAD Tenant / Authority ID for the login>",
"ClientId" : "<Client ID of the Azure AD application>",
"ClientSecret": "<Client Key of the Azure AD application>",
"RedirectUrl": "http://localhost:8675"
}
按如下所示查询群集:
% References the credential file created in the previous step
credentials = configureCredentials('Auth.json');
% Point the scopes to the Azure Data Explorer cluster that we want to query
request = azure.core.credential.TokenRequestContext();request.addScopes('<https://adx-cluster-changeme.kusto.chinacloudapi.cn/.default>');
token=credentials.getToken(request);
% Prepare to query the cluster
options=weboptions('HeaderFields',{'RequestMethod','POST';'Accept' 'application/json';'Authorization' ['Bearer ', token.getToken()]; 'Content-Type' 'application/json; charset=utf-8'; 'Connection' 'Keep-Alive'; 'x-ms-app' 'Matlab'; 'x-ms-client-request-id' 'Matlab-Query-Request'});
% The DB and KQL variables represent the database and query to execute
querydata = struct('db', "<DB>", 'csl', "<KQL>");
querryresults = webwrite('<https://adx-cluster-changeme.kusto.chinacloudapi.cn/v2/rest/query>', querydata, options);
% The results row can be extracted as follows
results=querryresults{3}.Rows