Azure 数据工厂事件触发器 - Json 中的存储帐户密钥?
[英]Azure Data Factory Event Trigger - Storage Account Key in Json?
问题描述
we have a storage account that is locked down.
我们有一个锁定的存储帐户。 My pipeline has connections that reference a key vault to get the access token for the storage account.我的管道具有引用密钥保管库的连接以获取存储帐户的访问令牌。
When I create an event trigger in ADF, ADF lets me find and connect to the storage account (without asking for a key or prompting me to select the linked service connection).当我在 ADF 中创建事件触发器时,ADF 允许我查找并连接到存储帐户(无需询问密钥或提示我 select 链接服务连接)。 It tells me what files it will include based on my begins with and ends with values (it found 2 files).它告诉我它将根据我的开始值和结束值(它找到 2 个文件)包含哪些文件。 It saves successfully.它保存成功。
When I publish it, I get this error in between publish to adf-publish and generating the arm templates.当我发布它时,我在发布到 adf-publish 和生成 arm 模板之间遇到了这个错误。
The attempt to configure storage notifications for the provided storage account ****failed.尝试为提供的存储帐户配置存储通知 **** 失败。 Please ensure that your storage account meets the requirements described at https://aka.ms/storageevents .请确保您的存储帐户满足https://aka.ms/storageevents中描述的要求。 The error is Failed to retrieve credentials for request=RequestUri=https://management.azure.com/subscriptions/********/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/<storage account name here to gen 2 data lake>/listAccountSas, Method=POST, response=StatusCode=400, StatusDescription=Bad Request, IsSuccessStatusCode=False, Content=System.Net.HttpWebResponse, responseContent={"error":{"code":"InvalidValuesForRequestParameters","message":"Values for request parameters are invalid: keyToSign."}}错误是 Failed to retrieve credentials for request=RequestUri=https://management.azure.com/subscriptions/********/resourceGroups/<resource group name>/providers/Microsoft.Storage/storageAccounts/ <第 2 代数据湖的存储帐户名称>/listAccountSas,Method=POST,response=StatusCode=400,StatusDescription=Bad Request,IsSuccessStatusCode=False,Content=System.Net.HttpWebResponse,responseContent={"error&# 34;:{"code":"InvalidValuesForRequestParameters","message":"请求参数的值无效:keyToSign."}}
I believe this is due to the fact that ADF trigger creation process (and therefore its JSON) does not allow you to point to a Key Vault to get the access token for the storage account you are connecting to.我认为这是因为 ADF 触发器创建过程(及其 JSON)不允许您指向 Key Vault 以获取您要连接的存储帐户的访问令牌。 Is this the issue?这是问题吗? Is there a fix for this?有解决办法吗?
Appreciate any help, thanks - April感谢任何帮助,谢谢 - 四月
2 个解决方案
解决方案1
0 2020-08-07 09:06:07
I think the storage account is attached to a VNET and running behind the firewall.我认为存储帐户附加到 VNET 并在防火墙后面运行。 I faced similar issue because of this.因此,我遇到了类似的问题。 You may remove the firewall once and configure the trigger and then bring the firewall back.您可以删除防火墙一次并配置触发器,然后将防火墙恢复。
解决方案2
0 2023-01-15 23:02:47
It's not strictly necessary to disable the firewall.禁用防火墙并不是绝对必要的。 You can also use this feature on your storage account.您还可以在存储帐户上使用此功能。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.