Azure旋转存储密钥并更新ADF链接服务
[英]Azure Rotate Storage Keys and Update ADF Linked Service
问题描述
I am looking for a way to implement doing key rotation in an Azure Automation I have found a way to create a powershell runbook and have implemented the following code: 
我正在寻找一种在Azure自动化中实现键旋转的方法,我找到了一种创建Powershell Runbook的方法,并实现了以下代码:
$azureAccountName = <acct_name>
$azurePassword = ConvertTo-SecureString <pass> -AsPlainText -Force
$psCred = New-Object System.Management.Automation.PSCredential($azureAccountName, $azurePassword)
Login-AzureRmAccount -ServicePrincipal -Credential $psCred -TenantId <tenant id> -SubscriptionId <sub id>
#Optionally you may set the following as parameters
$StorageAccountName = <storage acct name>
$RGName = <rg name>
#Key name. For example key1 or key2 for the storage account
New-AzureRmStorageAccountKey -ResourceGroupName $RGName -Name $StorageAccountName -KeyName "key1" -Verbose
New-AzureRmStorageAccountKey -ResourceGroupName $RGName -Name $StorageAccountName -KeyName "key2" -Verbose
When I ran this, it worked, however, it broke my Azure Data Factory Linked Service. 当我运行它时,它起作用了,但是,它破坏了我的Azure数据工厂链接服务。 I realized that the connection string for the linked service is broken, so I set out to try to reset the connection string in the automation script. 我意识到链接服务的连接字符串已损坏,因此我着手尝试在自动化脚本中重置连接字符串。 I was able to get the connection string by doing: 我能够通过执行以下操作获取连接字符串:
(Get-AzureRmDataFactoryLinkedService -DataFactoryName <adf name> -ResourceGroupName <rg name> -Name <ls name>).Properties.TypeProperties.ConnectionString
I cannot find a way to set this connection string using powershell and azure automation. 我找不到使用Powershell和Azure自动设置该连接字符串的方法。
1 个解决方案
解决方案1
1 已采纳 2017-09-08 02:59:36
You could use Power Shell to rest this connection. 您可以使用Power Shell来保持此连接。 But you need use Remove-AzureRmDataFactoryLinkedService (Removes a linked service from Azure Data Factory.) and use New-AzureRmDataFactoryLinkedService to re-link your storage account to data factory. 但是,您需要使用Remove-AzureRmDataFactoryLinkedService (从Azure数据工厂中删除链接的服务。),并使用New-AzureRmDataFactoryLinkedService将存储帐户重新链接到数据工厂。
Please refer to this tutorial . 请参考本教程 。
You need create a json file like below: 您需要创建一个json文件,如下所示:
{
"name": "AzureStorageLinkedService",
"properties": {
"type": "AzureStorage",
"typeProperties": {
"connectionString": "DefaultEndpointsProtocol=https;AccountName=<accountname>;AccountKey=<accountkey>"
}
}
}
Use New-AzureRmDataFactoryLinkedService to link. 使用New-AzureRmDataFactoryLinkedService进行链接。
New-AzureRmDataFactoryLinkedService -ResourceGroupName ADFTutorialResourceGroup -DataFactoryName <Name of your data factory> -File .\AzureStorageLinkedService.json
But if you use Azure automation to execute this, there is a issue you will meet. 但是,如果使用Azure自动化执行此操作,则会遇到一个问题。 On runbook, you could not store a json file, maybe you could save on a public github(no safe). 在Runbook上,您无法存储json文件,也许可以保存在公共github上(不安全)。 Another solution is use Hybrid Runbook Worker . 另一个解决方案是使用Hybrid Runbook Worker 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.