我从官方文档中获取了这个例子(你在下面看到的那个)。
from azure.ai.ml import command, Input, MLClient, UserIdentityConfiguration, ManagedIdentityConfigurationfrom azure.ai.ml.entities import Datafrom azure.ai.ml.constants import AssetTypes, InputOutputModesfrom azure.identity import DefaultAzureCredential# Set your subscription, resource group and workspace name:subscription_id = "<SUBSCRIPTION_ID>"resource_group = "<RESOURCE_GROUP>"workspace = "<AML_WORKSPACE_NAME>"# connect to the AzureML workspaceml_client = MLClient(DefaultAzureCredential(), subscription_id, resource_group, workspace)# ==============================================================# You can set the identity you want to use in a job to access the data. Options include:# identity = UserIdentityConfiguration() # Use the user's identity# identity = ManagedIdentityConfiguration() # Use the compute target managed identity# ==============================================================# This example accesses public data, so we don't need an identity.# You also set identity to None if you use a credential-based datastoreidentity = None# Set the input for the job:inputs = {"input_data": Input(type=data_type, path=path, mode=mode)}# This command job uses the head Linux command to print the first 10 lines of the filejob = command(command="head ${{inputs.input_data}}",inputs=inputs,environment="azureml://registries/azureml/environments/sklearn-1.1/versions/4",compute="cpu-cluster",identity=identity,)# Submit the commandml_client.jobs.create_or_update(job)
字符串
上面的代码来自Azure文档。
我有一个例子,其中下面的输入被馈送到管道作业。然而,我的用例要求容器是私有的。
因此,我的问题是容器名称是私有的,所以我不能像上面的教程那样访问它。
我知道我需要分配一些权限,我在运行代码的群集上已经有一个托管标识,它具有以下权限:
1.包括存储blob容器的存储帐户的所有者和参与者。
1.机器学习工作区的所有者和贡献者。
我有一个自定义输入,它看起来像:
Input(type="uri_folder",# Here is the problem, cannot access it in a job.path="wasbs://container_name@storage_account.blob.core.windows.net/",mode="ro_mount"),
型
为了能够访问作业中私有容器中的数据(如下面的示例输入),我应该做些什么?
1条答案
按热度按时间23c0lvtd1#
问题是我必须将此角色添加到托管身份:
字符串
(因为我读取和写入存储帐户内的私有Blob)