我在尝试通过我的 Azure 自动化帐户从 Azure 存储帐户下载 blob(JSON 文件)时遇到失败。看起来像是授权问题。
这适用于我的本地笔记本电脑,但不适用于 Azure 自动化帐户。即使我将容器设置为“公共(public)”也不起作用
我已为资源组(自动化帐户 + 存储帐户保留在该 RG 中)上的自动化帐户服务原则分配了所有者权限,特别是在存储帐户上:
下面是代码:
$connectionName = "AzureRunAsConnection"
try
{
# Get the connection "AzureRunAsConnection "
$servicePrincipalConnection=Get-AutomationConnection -Name $connectionName
"Logging in to Azure..."
Add-AzureRmAccount `
-ServicePrincipal `
-TenantId $servicePrincipalConnection.TenantId `
-ApplicationId $servicePrincipalConnection.ApplicationId `
-CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint
}
catch {
if (!$servicePrincipalConnection)
{
$ErrorMessage = "Connection $connectionName not found."
throw $ErrorMessage
} else{
Write-Error -Message $_.Exception
throw $_.Exception
}
}
$config_file_resource_group_name = "vg-datalake-manjunath"
$config_file_storage_account_name = "datalakelog"
$primary_key = (Get-AzureRmStorageAccountKey -ResourceGroupName $config_file_resource_group_name -AccountName $config_file_storage_account_name).value[0]
$config_file_context = New-AzureStorageContext -StorageAccountName $config_file_storage_account_name -StorageAccountKey $primary_key
Get-AzureStorageBlobContent -Blob "mw_services.json" -Container "fwconfigfiles" -Destination "C:\temp\mw_services.json" -Context $config_file_context
get-content "C:\temp\mw_services.json" | write-output
错误:
Get-AzureStorageBlobContent : The remote server returned an error: (403) Forbidden. HTTP Status Code: 403 - HTTP Error
Message: This request is not authorized to perform this operation.
At line:30 char:2
+ Get-AzureStorageBlobContent -Blob "mw_services.json" -Container "fwc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzureStorageBlobContent], StorageException
+ FullyQualifiedErrorId :
StorageException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageBlobContentCommand
最佳答案
如果您启用此选项,并且无论您是否勾选“允许受信任的 Microsoft 服务访问”,您都会收到此错误,因为自动化未在 MS 受信任的服务下列出。请参阅https://learn.microsoft.com/en-us/azure/storage/common/storage-network-security#trusted-microsoft-services 。
关于azure - 从 Azure 自动化帐户运行时 Get-AzureBlobContent 抛出错误,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56129973/