[英]upload file to blob storage with Azure functions in PowerShell using Azure module
Requirement is to store the file in Storage account through Azure functions in PowerShell using Az module.要求是使用 Az 模块通过 PowerShell 中的 Azure 函数将文件存储在存储帐户中。 Please help.
请帮忙。
$todaydate = Get-Date -Format MM-dd-yy
$LogFull = "AzureScan-$todaydate.log"
$LogItem = New-Item -ItemType File -Name $LogFull
" Text to write" | Out-File -FilePath $LogFull -Append
First of all, what you need to figure out is the input of your function and how you're handling that.首先,您需要弄清楚函数的输入以及如何处理它。 If you're just wanting to write a file to blob storage everytime an HTTP triggered Azure function is executed then that is simple enough.
如果您只想在每次执行 HTTP 触发的 Azure 函数时将文件写入 blob 存储,那么这很简单。
There are a number of elements that come into play when working with blob storage with Azure Functions however that you will need to understand to develop a working solution.在通过 Azure Functions 使用 blob 存储时,有许多元素会发挥作用,但是你需要了解这些元素才能开发出有效的解决方案。
Azure Funtions are able to be assigned an identity so that you can grant access to the FunctionApp itself rather than having to authenticate as a user.可以为 Azure Functions 分配一个标识,以便您可以授予对 FunctionApp 本身的访问权限,而不必以用户身份进行身份验证。 This means you don't have to handle the authentication aspect of your function to access the storage account content and you just need to grant your FunctionApp the relevant permissions to read/write/delete blob or storage content.
这意味着您无需处理函数的身份验证方面即可访问存储帐户内容,您只需授予 FunctionApp 相关权限即可读取/写入/删除 blob 或存储内容。
There are a number of built in RBAC roles in AzureAD which you can grant to access storage accounts and blobs etc. AzureAD 中有许多内置的 RBAC 角色,您可以授予这些角色以访问存储帐户和 Blob 等。
You can find the documentation on the RBAC permissions for that here: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage您可以在此处找到有关 RBAC 权限的文档: https : //docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage
and the documentation on how to activate a managed identity on your functionApp can be found here: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-a-system-assigned-identity可以在此处找到有关如何在您的 functionApp 上激活托管标识的文档: https : //docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-系统分配身份
Programmatically accessing storage account contents depends on the permissions but you can use the access keys associated to the storage account which provide access to at the storage account level以编程方式访问存储帐户内容取决于权限,但您可以使用与存储帐户关联的访问密钥,这些访问密钥在存储帐户级别提供访问权限
You can read about the access keys here: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys您可以在此处阅读有关访问密钥的信息: https : //docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account- access-keys
Just remember that least-privilege access should be adopted and if you leak your keys then someone could access your data.请记住,应该采用最低权限访问,如果您泄露了您的密钥,那么有人可以访问您的数据。
The PowerShell commands required for programmatically accessing storage accounts and writing blob data can be summarised below以编程方式访问存储帐户和写入 blob 数据所需的 PowerShell 命令总结如下
# Variables required - Fill these out
$storageAccountName = '<Insert Storage Account Here'
$containerName = '<Insert StorageContainer Name Here>'
# Set the context to the subscription you want to use
# If your functionApp has access to more than one subscription it will load the first subscription by default.
# Possibly a good habit to be explicit about context.
Set-AzContext -Subscription $subscription
# Get the Storage Account Key to authenticate
$storAccKeys = Get-AzStorageAccountKey -ResourceGroupName 'Storage-ResourceGroup' -Name $storageAccountName
$primaryKey = $storAccKeys | Where-Object keyname -eq 'key1' | Select-Object -ExpandProperty value
# Create a Storage Context which will be used in the subsequent commands
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $primaryKey
# Attempt to create a container in the storage account. Handle Error appropriately.
try {
New-AzStorageContainer -Name $containerName -Context $storageContext -ErrorAction Stop
}
catch [Microsoft.WindowsAzure.Commands.Storage.Common.ResourceAlreadyExistException] {
Write-Output ('Container {0} already exists in Storage Account {1}' -f $containerName, $storageAccountName)
# Throw Here if you want it to fail instead.
}
catch {
throw $_
}
# Upload your file here. This may vary depending on your function input and how you plan to have your functionApp work.
Set-AzStorageBlobContent -Container $containerName -File ".\PlanningData" -Blob "Planning2015"
You can see the documentation on Set-AzStorageBlobContent
for examples on that here: https://docs.microsoft.com/en-us/powershell/module/az.storage/set-azstorageblobcontent?view=azps-6.2.1#examples您可以在此处查看有关
Set-AzStorageBlobContent
的文档以获取示例: https : Set-AzStorageBlobContent
examples
Generally though you will need a file to upload to blob storage and you can't just write directly to a file in blob storage.通常,尽管您需要将文件上传到 blob 存储,但不能直接写入 blob 存储中的文件。
If you need to read more on the Azure Functions side of things then there is the quickstart guide: https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-powershell如果您需要阅读有关 Azure Functions 方面的更多信息,请参阅快速入门指南: https : //docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-电源外壳
Or the Developer Reference on MS docs is really detailed: https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal或者 MS 文档的开发人员参考非常详细: https : //docs.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.