使用 Azure 模块在 PowerShell 中使用 Azure 函数将文件上传到 blob 存储

Question

Requirement is to store the file in Storage account through Azure functions in PowerShell using Az module. Please help.

$todaydate = Get-Date -Format MM-dd-yy
$LogFull = "AzureScan-$todaydate.log" 
$LogItem = New-Item -ItemType File -Name $LogFull
"  Text to write" | Out-File -FilePath $LogFull -Append

Answer 1

First of all, what you need to figure out is the input of your function and how you're handling that. If you're just wanting to write a file to blob storage everytime an HTTP triggered Azure function is executed then that is simple enough.

There are a number of elements that come into play when working with blob storage with Azure Functions however that you will need to understand to develop a working solution.

Managed Identities

Azure Funtions are able to be assigned an identity so that you can grant access to the FunctionApp itself rather than having to authenticate as a user. This means you don't have to handle the authentication aspect of your function to access the storage account content and you just need to grant your FunctionApp the relevant permissions to read/write/delete blob or storage content.

There are a number of built in RBAC roles in AzureAD which you can grant to access storage accounts and blobs etc.

You can find the documentation on the RBAC permissions for that here: https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#storage

and the documentation on how to activate a managed identity on your functionApp can be found here: https://docs.microsoft.com/en-us/azure/app-service/overview-managed-identity?tabs=dotnet#add-a-system-assigned-identity

Storage Account(s)

Programmatically accessing storage account contents depends on the permissions but you can use the access keys associated to the storage account which provide access to at the storage account level

You can read about the access keys here: https://docs.microsoft.com/en-us/azure/storage/common/storage-account-keys-manage?tabs=azure-portal#view-account-access-keys

Just remember that least-privilege access should be adopted and if you leak your keys then someone could access your data.

PowerShell Commands

The PowerShell commands required for programmatically accessing storage accounts and writing blob data can be summarised below

# Variables required - Fill these out
$storageAccountName = '<Insert Storage Account Here'
$containerName = '<Insert StorageContainer Name Here>'

# Set the context to the subscription you want to use
# If your functionApp has access to more than one subscription it will load the first subscription by default.
# Possibly a good habit to be explicit about context.
Set-AzContext -Subscription $subscription

# Get the Storage Account Key to authenticate
$storAccKeys = Get-AzStorageAccountKey -ResourceGroupName 'Storage-ResourceGroup' -Name $storageAccountName
$primaryKey = $storAccKeys | Where-Object keyname -eq 'key1' | Select-Object -ExpandProperty value

# Create a Storage Context which will be used in the subsequent commands
$storageContext = New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $primaryKey

# Attempt to create a container in the storage account. Handle Error appropriately.
try {
    New-AzStorageContainer -Name $containerName -Context $storageContext -ErrorAction Stop
}
catch [Microsoft.WindowsAzure.Commands.Storage.Common.ResourceAlreadyExistException] {
    Write-Output ('Container {0} already exists in Storage Account {1}' -f $containerName, $storageAccountName)
    # Throw Here if you want it to fail instead.
}
catch {
    throw $_
}

# Upload your file here. This may vary depending on your function input and how you plan to have your functionApp work.
Set-AzStorageBlobContent -Container $containerName -File ".\PlanningData" -Blob "Planning2015"

You can see the documentation on Set-AzStorageBlobContent for examples on that here: https://docs.microsoft.com/en-us/powershell/module/az.storage/set-azstorageblobcontent?view=azps-6.2.1#examples

Generally though you will need a file to upload to blob storage and you can't just write directly to a file in blob storage.

If you need to read more on the Azure Functions side of things then there is the quickstart guide: https://docs.microsoft.com/en-us/azure/azure-functions/create-first-function-vs-code-powershell

Or the Developer Reference on MS docs is really detailed: https://docs.microsoft.com/en-us/azure/azure-functions/functions-reference-powershell?tabs=portal