你当前正在访问 Microsoft Azure Global Edition 技术文档网站。如果需要访问由世纪互联运营的 Microsoft Azure 中国技术文档网站，请访问 https://docs.azure.cn。

使用服务连接器集成 Azure Cosmos DB for Cassandra

项目
10/16/2024

本页显示了支持的身份验证方法和客户端，还演示了可用于使用服务连接器将 Azure Cosmos DB for Apache Cassandra 连接到其他云服务的示例代码。即使不使用服务连接器，你可能仍然可以使用其他编程语言连接到 Azure Cosmos DB for Cassandra。此页面还显示了你在创建服务连接时获得的默认环境变量名称和值（或 Spring Boot 配置）。

受支持的计算服务

服务连接器可用于将以下计算服务连接到 Azure Cosmos DB for Apache Cassandra：

Azure 应用程序服务
Azure Container Apps
Azure Functions
Azure Kubernetes 服务 (AKS)
Azure Spring Apps

受支持的身份验证类型和客户端类型

下表显示了使用服务连接器将计算服务连接到 Azure Cosmos DB for Apache Cassandra 时支持哪些客户端类型和身份验证方法的组合。 “是”表示支持该组合，“否”表示不支持该组合。

客户端类型	系统分配的托管标识	用户分配的托管标识	机密/连接字符串	服务主体
.NET	是	是	是	是
Go	是	是	是	是
Java	是	是	是	是
Java - Spring Boot	否	No	是	否
Node.js	是	是	是	是
Python	是	是	是	是
无	是	是	是	是

此表指示支持客户端类型和身份验证方法的所有组合，但 Java - Spring Boot 客户端类型除外，它们仅支持机密/连接字符串方法。所有其他客户端类型都可通过服务连接器使用任何身份验证方法连接到 Azure Cosmos DB for Apache Cassandra。

默认环境变量名称或应用程序属性和示例代码

根据连接的身份验证类型和客户端类型，参考下表中的连接详细信息和示例代码，将计算服务连接到 Azure Cosmos DB for Apache Cassandra。有关命名约定的详细信息，请参阅服务连接器内部一文。

系统分配的托管标识

默认环境变量名称	说明	示例值
AZURE_COSMOS_LISTKEYURL	用户获取连接字符串的 URL	`https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15`
AZURE_COSMOS_SCOPE	托管标识范围	`https://management.azure.com/.default`
AZURE_COSMOS_RESOURCEENDPOINT	资源终结点	`https://<Azure-Cosmos-DB-account>.documents.azure.com:443/`
AZURE_COSMOS_CONTACTPOINT	Azure Cosmos DB for Apache Cassandra 接触点	`<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com`
AZURE_COSMOS_PORT	Cassandra 连接端口	10350
AZURE_COSMOS_KEYSPACE	Cassandra 密钥空间	`<keyspace>`
AZURE_COSMOS_USERNAME	Cassandra 用户名	`<username>`

代码示例

请参考以下步骤和代码，使用系统分配的托管标识连接到 Azure Cosmos DB for Cassandra。

安装依赖项

dotnet add package CassandraCSharpDriver --version 3.19.3
dotnet add package Azure.Identity

使用 Azure.Identity 客户端库获取托管标识或服务主体的访问令牌。使用访问令牌和 AZURE_COSMOS_LISTKEYURL 获取密码。从服务连接器添加的环境变量中获取连接信息，并连接到 Azure Cosmos DB for Cassandra。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
using Azure.Identity;

public class Program
{
	public static async Task Main()
	{
        var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
        var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
        var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
        var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
        var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
        var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");

        // Uncomment the following lines corresponding to the authentication type you want to use.
        // For system-assigned identity.
        // var tokenProvider = new DefaultAzureCredential();

        // For user-assigned identity.
        // var tokenProvider = new DefaultAzureCredential(
        //     new DefaultAzureCredentialOptions
        //     {
        //         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
        //     }
        // );

        // For service principal.
        // var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
        // var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
        // var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
        // var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);

        // Acquire the access token. 
        AccessToken accessToken = await tokenProvider.GetTokenAsync(
            new TokenRequestContext(scopes: new string[]{ scope }));

        // Get the password.
        var httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
        var response = await httpClient.POSTAsync(listKeyUrl);
        var responseBody = await response.Content.ReadAsStringAsync();
        var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
        var password = keys["primaryMasterKey"];

        // Connect to Azure Cosmos DB for Cassandra
        var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
        options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
        Cluster cluster = Cluster
            .Builder()
            .WithCredentials(userName, password)
            .WithPort(cassandraPort)
            .AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
        ISession session = await cluster.ConnectAsync();
    }

    public static bool ValidateServerCertificate
	(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors
    )
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }
}

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.datastax.oss</groupId>
    <artifactId>java-driver-core</artifactId>
    <version>4.5.1</version>
</dependency>  
<dependency>
    <groupId>com.datastax.oss</groupId>
    <artifactId>java-driver-query-builder</artifactId>
    <version>4.0.0</version>
</dependency>       
<dependency>
    <groupId>com.datastax.cassandra</groupId>
    <artifactId>cassandra-driver-extras</artifactId>
    <version>3.1.4</version>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

使用 azure-identity 获取托管标识或服务主体的访问令牌。使用访问令牌和 AZURE_COSMOS_LISTKEYURL 获取密码。从服务连接器添加的环境变量中获取连接信息，并连接到 Azure Cosmos DB for Cassandra。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
import com.azure.identity.*;
import com.azure.core.credential.*;
import java.net.http.*;
import java.net.URI;

int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
String listKeyUrl = System.getenv("AZURE_COSMOS_LISTKEYURL");
String scope = System.getenv("AZURE_COSMOS_SCOPE");

// Uncomment the following lines corresponding to the authentication type you want to use.
// For system managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// For user assigned managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_COSMOS_CLIENTID"))
//     .build();

// For service principal.
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_COSMOS_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_COSMOS_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_COSMOS_TENANTID>"))
//   .build();

// Get the access token.
AccessToken accessToken = defaultCredential.getToken(new TokenRequestContext().addScopes(new String[]{ scope })).block();
String token = accessToken.getToken();

// Get the password.
HttpClient client = HttpClient.newBuilder().build();
HttpRequest request = HttpRequest.newBuilder()
    .uri(new URI(listKeyUrl))
    .header("Authorization", "Bearer " + token)
    .POST()
    .build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONParser parser = new JSONParser();
JSONObject responseBody = parser.parse(response.body());
String cassandraPassword = responseBody.get("primaryMasterKey");

// Connect to Azure Cosmos DB for Cassandra
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
    .addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
    .withAuthCredentials(cassandraUsername, cassandraPassword).build();

安装依赖项

pip install Cassandra-driver 
pip install pyopenssl
pip install azure-identity

使用 azure-identity 向托管标识或服务主体进行身份验证，并向 AZURE_COSMOS_LISTKEYURL 发送获取密码的请求。从服务连接器添加的环境变量中获取连接信息，并连接到 Azure Cosmos DB for Cassandra。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
import requests
from azure.identity import ManagedIdentityCredential, ClientSecretCredential

username = os.getenv('AZURE_COSMOS_USERNAME')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
listKeyUrl = os.getenv('AZURE_COSMOS_LISTKEYURL')
scope = os.getenv('AZURE_COSMOS_SCOPE')

# Uncomment the following lines corresponding to the authentication type you want to use.
# For system-assigned managed identity
# cred = ManagedIdentityCredential()

# For user-assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# For service principal
# tenant_id = os.getenv('AZURE_COSMOS_TENANTID')
# client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# client_secret = os.getenv('AZURE_COSMOS_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

# Get the password 
session = requests.Session()
token = cred.get_token(scope)
response = session.post(listKeyUrl, headers={"Authorization": "Bearer {}".format(token.token)})
keys_dict = response.json()
password = keys_dict['primaryMasterKey']

# Connect to Azure Cosmos DB for Cassandra.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()

安装依赖项。

go get github.com/gocql/gocql
go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/azcore"

在代码中，通过 azidentity 获取访问令牌，然后使用它获取密码。从服务连接器添加的环境变量中获取连接信息，并连接到 Azure Cosmos DB for Cassandra。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

import (
    "fmt"
    "os"
    "context"
    "log"
    "io/ioutil"
    "encoding/json"

    "github.com/gocql/gocql"
    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)

func GetSession() *gocql.Session {
    cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
    cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
    cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
    cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
    listKeyUrl = os.Getenv("AZURE_COSMOS_LISTKEYURL")
    scope = os.Getenv("AZURE_COSMOS_SCOPE")

    // Uncomment the following lines corresponding to the authentication type you want to use.
    // For system-assigned identity.
    // cred, err := azidentity.NewDefaultAzureCredential(nil)

    // For user-assigned identity.
    // clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
    // azidentity.ManagedIdentityCredentialOptions.ID := clientid
    // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
    // cred, err := azidentity.NewManagedIdentityCredential(options)

    // For service principal.
    // clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
    // tenantid := os.Getenv("AZURE_COSMOS_TENANTID")
    // clientsecret := os.Getenv("AZURE_COSMOS_CLIENTSECRET")
    // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

    // Acquire the access token.
    ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
    token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
        Scopes: []string{scope},
    })

    // Acquire the password.
    client := &http.Client{}
	req, err := http.NewRequest("POST", listKeyUrl, nil)
	req.Header.Add("Authorization", "Bearer " + token.Token)
	resp, err := client.Do(req)
    body, err := ioutil.ReadAll(resp.Body)
    var result map[string]interface{}
     json.Unmarshal(body, &result)
    cosmosCassandraPassword, err := result["primaryMasterKey"]

    // Connect to Azure Cosmos DB for Cassandra
    clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
    port, err := strconv.Atoi(cosmosCassandraPort)
    clusterConfig.Port = port
     clusterConfig.ProtoVersion = 4
    clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
    clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}

    session, err := clusterConfig.CreateSession()
    return session
}

func main() {
    session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
    defer session.Close()
    ...
}

安装依赖项

npm install cassandra-driver
npm install --save @azure/identity

在代码中，通过 @azure/identity 获取访问令牌，然后使用它来获取密码。从服务连接器添加的环境变量中获取连接信息，并连接到 Azure Cosmos DB for Cassandra。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";
const cassandra = require("cassandra-driver");
const axios = require('axios');

let username = process.env.AZURE_COSMOS_USERNAME;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let listKeyUrl = process.env.AZURE_COSMOS_LISTKEYURL;
let scope = process.env.AZURE_COSMOS_SCOPE;

// Uncomment the following lines corresponding to the authentication type you want to use.  
// For system-assigned identity.
// const credential = new DefaultAzureCredential();

// For user-assigned identity.
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// For service principal.
// const tenantId = process.env.AZURE_COSMOS_TENANTID;
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const clientSecret = process.env.AZURE_COSMOS_CLIENTSECRET;

// Acquire the access token.
var accessToken = await credential.getToken(scope);

// Get the password.
const config = {
    method: 'post',
    url: listKeyUrl,
    headers: { 
      'Authorization': `Bearer ${accessToken.token}`
    }
};
const response = await axios(config);
const keysDict = response.data;
const password = keysDict['primaryMasterKey'];

let authProvider = new cassandra.auth.PlainTextAuthProvider(
    username,
    password
);

let client = new cassandra.Client({
    contactPoints: [`${contactPoint}:${port}`],
    authProvider: authProvider,
    localDataCenter: 'datacenter1',
    sslOptions: {
        secureProtocol: "TLSv1_2_method"
    },
});

client.connect();

用户分配的托管标识

默认环境变量名称	说明	示例值
AZURE_COSMOS_LISTKEYURL	用户获取连接字符串的 URL	`https://management.azure.com/subscriptions/<subscription-ID>/resourceGroups/<resource-group-name>/providers/Microsoft.DocumentDB/databaseAccounts/<Azure-Cosmos-DB-account>/listKeys?api-version=2021-04-15`
AZURE_COSMOS_SCOPE	托管标识范围	`https://management.azure.com/.default`
AZURE_COSMOS_RESOURCEENDPOINT	资源终结点	`https://<Azure-Cosmos-DB-account>.documents.azure.com:443/`
AZURE_COSMOS_CONTACTPOINT	Azure Cosmos DB for Apache Cassandra 接触点	`<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com`
AZURE_COSMOS_PORT	Cassandra 连接端口	10350
AZURE_COSMOS_KEYSPACE	Cassandra 密钥空间	`<keyspace>`
AZURE_COSMOS_USERNAME	Cassandra 用户名	`<username>`
AZURE_COSMOS_CLIENTID	客户端 ID	`<client-ID>`

代码示例

请参考以下步骤和代码，使用用户分配的托管标识连接到 Azure Cosmos DB for Cassandra。

安装依赖项

dotnet add package CassandraCSharpDriver --version 3.19.3
dotnet add package Azure.Identity

using System;
using System.Security.Authentication;
using System.Net.Security;
using System.Net.Http;
using System.Security.Authentication;
using System.Security.Cryptography.X509Certificates;
using System.Threading.Tasks;
using Cassandra;
using Azure.Identity;

public class Program
{
	public static async Task Main()
	{
        var cassandraContactPoint = Environment.GetEnvironmentVariable("AZURE_COSMOS_CONTACTPOINT");
        var userName = Environment.GetEnvironmentVariable("AZURE_COSMOS_USERNAME");
        var cassandraPort = Int32.Parse(Environment.GetEnvironmentVariable("AZURE_COSMOS_PORT"));
        var cassandraKeyspace = Environment.GetEnvironmentVariable("AZURE_COSMOS_KEYSPACE");
        var listKeyUrl = Environment.GetEnvironmentVariable("AZURE_COSMOS_LISTKEYURL");
        var scope = Environment.GetEnvironmentVariable("AZURE_COSMOS_SCOPE");

        // Uncomment the following lines corresponding to the authentication type you want to use.
        // For system-assigned identity.
        // var tokenProvider = new DefaultAzureCredential();

        // For user-assigned identity.
        // var tokenProvider = new DefaultAzureCredential(
        //     new DefaultAzureCredentialOptions
        //     {
        //         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
        //     }
        // );

        // For service principal.
        // var tenantId = Environment.GetEnvironmentVariable("AZURE_COSMOS_TENANTID");
        // var clientId = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTID");
        // var clientSecret = Environment.GetEnvironmentVariable("AZURE_COSMOS_CLIENTSECRET");
        // var tokenProvider = new ClientSecretCredential(tenantId, clientId, clientSecret);

        // Acquire the access token. 
        AccessToken accessToken = await tokenProvider.GetTokenAsync(
            new TokenRequestContext(scopes: new string[]{ scope }));

        // Get the password.
        var httpClient = new HttpClient();
        httpClient.DefaultRequestHeaders.Add("Authorization", $"Bearer {accessToken.Token}");
        var response = await httpClient.POSTAsync(listKeyUrl);
        var responseBody = await response.Content.ReadAsStringAsync();
        var keys = JsonConvert.DeserializeObject<Dictionary<string, string>>(responseBody);
        var password = keys["primaryMasterKey"];

        // Connect to Azure Cosmos DB for Cassandra
        var options = new Cassandra.SSLOptions(SslProtocols.Tls12, true, ValidateServerCertificate);
        options.SetHostNameResolver((ipAddress) => cassandraContactPoint);
        Cluster cluster = Cluster
            .Builder()
            .WithCredentials(userName, password)
            .WithPort(cassandraPort)
            .AddContactPoint(cassandraContactPoint).WithSSL(options).Build();
        ISession session = await cluster.ConnectAsync();
    }

    public static bool ValidateServerCertificate
	(
        object sender,
        X509Certificate certificate,
        X509Chain chain,
        SslPolicyErrors sslPolicyErrors
    )
    {
        if (sslPolicyErrors == SslPolicyErrors.None)
            return true;

        Console.WriteLine("Certificate error: {0}", sslPolicyErrors);
        // Do not allow this client to communicate with unauthenticated servers.
        return false;
    }
}

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.datastax.oss</groupId>
    <artifactId>java-driver-core</artifactId>
    <version>4.5.1</version>
</dependency>  
<dependency>
    <groupId>com.datastax.oss</groupId>
    <artifactId>java-driver-query-builder</artifactId>
    <version>4.0.0</version>
</dependency>       
<dependency>
    <groupId>com.datastax.cassandra</groupId>
    <artifactId>cassandra-driver-extras</artifactId>
    <version>3.1.4</version>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

import com.datastax.oss.driver.api.core.CqlSession;
import javax.net.ssl.*;
import java.net.InetSocketAddress;
import com.azure.identity.*;
import com.azure.core.credential.*;
import java.net.http.*;
import java.net.URI;

int cassandraPort = Integer.parseInt(System.getenv("AZURE_COSMOS_PORT"));
String cassandraUsername = System.getenv("AZURE_COSMOS_USERNAME");
String cassandraHost = System.getenv("AZURE_COSMOS_CONTACTPOINT");
String cassandraKeyspace = System.getenv("AZURE_COSMOS_KEYSPACE");
String listKeyUrl = System.getenv("AZURE_COSMOS_LISTKEYURL");
String scope = System.getenv("AZURE_COSMOS_SCOPE");

// Uncomment the following lines corresponding to the authentication type you want to use.
// For system managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// For user assigned managed identity.
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_COSMOS_CLIENTID"))
//     .build();

// For service principal.
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_COSMOS_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_COSMOS_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_COSMOS_TENANTID>"))
//   .build();

// Get the access token.
AccessToken accessToken = defaultCredential.getToken(new TokenRequestContext().addScopes(new String[]{ scope })).block();
String token = accessToken.getToken();

// Get the password.
HttpClient client = HttpClient.newBuilder().build();
HttpRequest request = HttpRequest.newBuilder()
    .uri(new URI(listKeyUrl))
    .header("Authorization", "Bearer " + token)
    .POST()
    .build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
JSONParser parser = new JSONParser();
JSONObject responseBody = parser.parse(response.body());
String cassandraPassword = responseBody.get("primaryMasterKey");

// Connect to Azure Cosmos DB for Cassandra
final SSLContext sc = SSLContext.getInstance("TLSv1.2");
CqlSession session = CqlSession.builder().withSslContext(sc)
    .addContactPoint(new InetSocketAddress(cassandraHost, cassandraPort)).withLocalDatacenter('datacenter1')
    .withAuthCredentials(cassandraUsername, cassandraPassword).build();

安装依赖项

pip install Cassandra-driver 
pip install pyopenssl
pip install azure-identity

from cassandra.cluster import Cluster
from ssl import PROTOCOL_TLSv1_2, SSLContext, CERT_NONE
from cassandra.auth import PlainTextAuthProvider
import requests
from azure.identity import ManagedIdentityCredential, ClientSecretCredential

username = os.getenv('AZURE_COSMOS_USERNAME')
contactPoint = os.getenv('AZURE_COSMOS_CONTACTPOINT')
port = os.getenv('AZURE_COSMOS_PORT')
keyspace = os.getenv('AZURE_COSMOS_KEYSPACE')
listKeyUrl = os.getenv('AZURE_COSMOS_LISTKEYURL')
scope = os.getenv('AZURE_COSMOS_SCOPE')

# Uncomment the following lines corresponding to the authentication type you want to use.
# For system-assigned managed identity
# cred = ManagedIdentityCredential()

# For user-assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# For service principal
# tenant_id = os.getenv('AZURE_COSMOS_TENANTID')
# client_id = os.getenv('AZURE_COSMOS_CLIENTID')
# client_secret = os.getenv('AZURE_COSMOS_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

# Get the password 
session = requests.Session()
token = cred.get_token(scope)
response = session.post(listKeyUrl, headers={"Authorization": "Bearer {}".format(token.token)})
keys_dict = response.json()
password = keys_dict['primaryMasterKey']

# Connect to Azure Cosmos DB for Cassandra.
ssl_context = SSLContext(PROTOCOL_TLSv1_2)
ssl_context.verify_mode = CERT_NONE
auth_provider = PlainTextAuthProvider(username, password)
cluster = Cluster([contactPoint], port = port, auth_provider=auth_provider,ssl_context=ssl_context)
session = cluster.connect()

安装依赖项。

go get github.com/gocql/gocql
go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/azcore"

import (
    "fmt"
    "os"
    "context"
    "log"
    "io/ioutil"
    "encoding/json"

    "github.com/gocql/gocql"
    "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
)

func GetSession() *gocql.Session {
    cosmosCassandraContactPoint = os.Getenv("AZURE_COSMOS_CONTACTPOINT")
    cosmosCassandraPort = os.Getenv("AZURE_COSMOS_PORT")
    cosmosCassandraUser = os.Getenv("AZURE_COSMOS_USERNAME")
    cosmosCassandraKeyspace = os.Getenv("AZURE_COSMOS_KEYSPACE")
    listKeyUrl = os.Getenv("AZURE_COSMOS_LISTKEYURL")
    scope = os.Getenv("AZURE_COSMOS_SCOPE")

    // Uncomment the following lines corresponding to the authentication type you want to use.
    // For system-assigned identity.
    // cred, err := azidentity.NewDefaultAzureCredential(nil)

    // For user-assigned identity.
    // clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
    // azidentity.ManagedIdentityCredentialOptions.ID := clientid
    // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
    // cred, err := azidentity.NewManagedIdentityCredential(options)

    // For service principal.
    // clientid := os.Getenv("AZURE_COSMOS_CLIENTID")
    // tenantid := os.Getenv("AZURE_COSMOS_TENANTID")
    // clientsecret := os.Getenv("AZURE_COSMOS_CLIENTSECRET")
    // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

    // Acquire the access token.
    ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second)
    token, err := cred.GetToken(ctx, policy.TokenRequestOptions{
        Scopes: []string{scope},
    })

    // Acquire the password.
    client := &http.Client{}
	req, err := http.NewRequest("POST", listKeyUrl, nil)
	req.Header.Add("Authorization", "Bearer " + token.Token)
	resp, err := client.Do(req)
    body, err := ioutil.ReadAll(resp.Body)
    var result map[string]interface{}
     json.Unmarshal(body, &result)
    cosmosCassandraPassword, err := result["primaryMasterKey"]

    // Connect to Azure Cosmos DB for Cassandra
    clusterConfig := gocql.NewCluster(cosmosCassandraContactPoint)
    port, err := strconv.Atoi(cosmosCassandraPort)
    clusterConfig.Port = port
     clusterConfig.ProtoVersion = 4
    clusterConfig.Authenticator = gocql.PasswordAuthenticator{Username: cosmosCassandraUser, Password: cosmosCassandraPassword}
    clusterConfig.SslOpts = &gocql.SslOptions{Config: &tls.Config{MinVersion: tls.VersionTLS12}}

    session, err := clusterConfig.CreateSession()
    return session
}

func main() {
    session := utils.GetSession(cosmosCassandraContactPoint, cosmosCassandraPort, cosmosCassandraUser, cosmosCassandraPassword)
    defer session.Close()
    ...
}

安装依赖项

npm install cassandra-driver
npm install --save @azure/identity

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";
const cassandra = require("cassandra-driver");
const axios = require('axios');

let username = process.env.AZURE_COSMOS_USERNAME;
let contactPoint = process.env.AZURE_COSMOS_CONTACTPOINT;
let port = process.env.AZURE_COSMOS_PORT;
let keyspace = process.env.AZURE_COSMOS_KEYSPACE;
let listKeyUrl = process.env.AZURE_COSMOS_LISTKEYURL;
let scope = process.env.AZURE_COSMOS_SCOPE;

// Uncomment the following lines corresponding to the authentication type you want to use.  
// For system-assigned identity.
// const credential = new DefaultAzureCredential();

// For user-assigned identity.
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// For service principal.
// const tenantId = process.env.AZURE_COSMOS_TENANTID;
// const clientId = process.env.AZURE_COSMOS_CLIENTID;
// const clientSecret = process.env.AZURE_COSMOS_CLIENTSECRET;

// Acquire the access token.
var accessToken = await credential.getToken(scope);

// Get the password.
const config = {
    method: 'post',
    url: listKeyUrl,
    headers: { 
      'Authorization': `Bearer ${accessToken.token}`
    }
};
const response = await axios(config);
const keysDict = response.data;
const password = keysDict['primaryMasterKey'];

let authProvider = new cassandra.auth.PlainTextAuthProvider(
    username,
    password
);

let client = new cassandra.Client({
    contactPoints: [`${contactPoint}:${port}`],
    authProvider: authProvider,
    localDataCenter: 'datacenter1',
    sslOptions: {
        secureProtocol: "TLSv1_2_method"
    },
});

client.connect();

连接字符串

警告

Microsoft 建议使用最安全的可用身份验证流。本过程中介绍的身份验证流程需要非常高的信任度，并携带其他流中不存在的风险。请仅在无法使用其他更安全的流（例如托管标识）时才使用此流。

SpringBoot 客户端类型

默认环境变量名称	说明	示例值
spring.data.cassandra.contact-points	Azure Cosmos DB for Apache Cassandra 接触点	`<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com`
spring.data.cassandra.port	Cassandra 连接端口	10350
spring.data.cassandra.keyspace-name	Cassandra 密钥空间	`<keyspace>`
spring.data.cassandra.username	Cassandra 用户名	`<username>`
spring.data.cassandra.password	Cassandra 密码	`<password>`
spring.data.cassandra.local-datacenter	Azure 区域	`<Azure-region>`
spring.data.cassandra.ssl	SSL 状态	是

其他客户端类型

默认环境变量名称	说明	示例值
AZURE_COSMOS_CONTACTPOINT	Azure Cosmos DB for Apache Cassandra 接触点	`<Azure-Cosmos-DB-account>.cassandra.cosmos.azure.com`
AZURE_COSMOS_PORT	Cassandra 连接端口	10350
AZURE_COSMOS_KEYSPACE	Cassandra 密钥空间	`<keyspace>`
AZURE_COSMOS_USERNAME	Cassandra 用户名	`<username>`
AZURE_COSMOS_PASSWORD	Cassandra 密码	`<password>`