jprdonnelly/MachineLearningNotebooks
1
0
Fork 0
mirror of https://github.com/Azure/MachineLearningNotebooks.git synced 2025-12-25 01:00:11 -05:00
Code Issues Projects Releases Wiki Activity

update samples from Release-85 as a part of SDK release

Browse Source
This commit is contained in:
amlrelsa-ms
2021-02-10 15:27:28 +00:00
parent 624c46e7f9
commit 7fe27501d1
42 changed files with 826 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

63
how-to-use-azureml/manage-azureml-service/authentication-in-azureml/authentication-in-azureml.ipynb
View File

@@ -28,6 +28,7 @@
" 2. Azure CLI Authentication\n",
" 3. Managed Service Identity (MSI) Authentication\n",
" 4. Service Principal Authentication\n",
" 5. Token Authentication\n",
" \n",
"The interactive authentication is suitable for local experimentation on your own computer. Azure CLI authentication is suitable if you are already using Azure CLI for managing Azure resources, and want to sign in only once. The MSI and Service Principal authentication are suitable for automated workflows, for example as part of Azure Devops build."
]
@@ -319,6 +320,66 @@
"See [Register an application with the Microsoft identity platform](https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app) quickstart for more details about application registrations. "
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"### Token Authentication\n",
"\n",
"When token generation and its refresh needs to be outside on AML SDK, we recommend using Token Authentication. It can be used for getting token for AML or ARM audience. Thus giving more granular control over token generated.\n",
"\n",
"This authentication class requires users to provide method `get_token_for_audience` which will be called to retrieve the token based on the audience passed.\n",
"\n",
"Audience that is passed to `get_token_for_audience` can be ARM or AML. Exact value that will be passed as audience will depend on cloud and type for audience."
]
},
{
"cell_type": "code",
"execution_count": null,
"metadata": {},
"outputs": [],
"source": [
"from azureml.core.authentication import TokenAuthentication, Audience\n",
"\n",
"# This is a sample method to retrieve token and will be passed to TokenAuthentication\n",
"def get_token_for_audience(audience):\n",
" from adal import AuthenticationContext\n",
" client_id = \"my-client-id\"\n",
" client_secret = \"my-client-secret\"\n",
" tenant_id = \"my-tenant-id\"\n",
" auth_context = AuthenticationContext(\"https://login.microsoftonline.com/{}\".format(tenant_id))\n",
" resp = auth_context.acquire_token_with_client_credentials(audience,client_id,client_secret)\n",
" token = resp[\"accessToken\"]\n",
" return token\n",
"\n",
"\n",
"token_auth = TokenAuthentication(get_token_for_audience=get_token_for_audience)\n",
"\n",
"ws = Workspace(\n",
" subscription_id=\"my-subscription-id\",\n",
" resource_group=\"my-ml-rg\",\n",
" workspace_name=\"my-ml-workspace\",\n",
" auth=token_auth\n",
" )\n",
"\n",
"print(\"Found workspace {} at location {}\".format(ws.name, ws.location))\n",
"\n",
"token_aml_audience = token_auth.get_token(Audience.aml)\n",
"token_arm_audience = token_auth.get_token(Audience.arm)\n",
"\n",
"# Value of audience pass to `get_token_for_audience` can be retrieved as follows:\n",
"# aud_aml_val = token_auth.get_aml_resource_id() # For AML\n",
"# aud_arm_val = token_auth._cloud_type.endpoints.active_directory_resource_id # For ARM\n"
]
},
{
"cell_type": "markdown",
"metadata": {},
"source": [
"Token authentication object can be used to retrieve token for either AML or ARM audience,\n",
"which can be used by other clients to authenticate to AML or ARM"
]
},
{
"cell_type": "markdown",
"metadata": {},
@@ -350,7 +411,7 @@
},
"outputs": [],
"source": [
"import os, uuid\n",
"import uuid\n",
"\n",
"local_secret = os.environ.get(\"LOCAL_SECRET\", default = str(uuid.uuid4())) # Use random UUID as a substitute for real secret.\n",
"keyvault = ws.get_default_keyvault()\n",