While setting up your machine learning workspace, you want to register a blob container from your storage account, using the Python SDK.
Which two authentication modes can you use to connect to your storage?
from azureml.core import Workspace, Datastore ws = Workspace.from_config() # Register Datastore blob_ds = Datastore.register_azure_blob_container(workspace=ws, datastore_name='blob_data', container_name='data_container', account_name='az_store_acct', <select code snippet here>)
Click on the arrows to vote for the correct answer
A. B. C. D.Answers: A and C.
Option A is CORRECT because in order to connect to a blob storage, you either need the account key or an SAS token (for temporary access).
Option B is incorrect becauseusername/password as the way of authentication is used with SQL datastores (Azure SQL, PostgreSQL etc.)
It is not applicable for storage accounts.
Option C is CORRECT becausein order to connect to a blob storage, you either need the account key or an SAS token (for temporary access).
Option D is incorrect because tenant_id and client_id of the service principal have to be used when registering an Azure Data Lake as a datastore.
Reference:
When registering a blob container from your storage account using the Python SDK, you can use the following authentication modes:
A. Account Key: You can use the account key mode to connect to your storage account by providing the account name and account key. The account key is a primary or secondary key that provides full access to the storage account. You should keep this key confidential and use it only for administrative tasks such as creating and managing storage containers.
B. Username and Password: You can use the username and password mode to connect to your storage account by providing the storage account name, a username with permission to access the container, and the corresponding password. This mode requires the creation of an Azure Active Directory (AAD) user with the appropriate permissions to access the container.
C. SAS Token: You can use the Shared Access Signature (SAS) token mode to connect to your storage account by providing a SAS token with the necessary permissions. The SAS token is a string that contains a signed set of permissions and is generated by the storage account owner. You can use a SAS token to grant temporary access to a container or blob.
D. Service Principal: You can use the service principal mode to connect to your storage account by providing the tenant ID, client ID, and client secret. This mode requires creating a service principal in Azure Active Directory, which is a security identity used by applications or services to access Azure resources.
In the given code snippet, you need to select one of these authentication modes and provide the appropriate values for the parameters based on the authentication mode you choose. For example, if you choose the account key mode, you need to provide the account key value as the account_key parameter. Similarly, if you choose the SAS token mode, you need to provide the SAS token value as the sas_token parameter.