使用 SDK azblob 和托管服务标识从 Azure VM 将文件上传到 Azure 存储
[英]Upload files to Azure Storage from Azure VM using SDK azblob and Managed Service Identity
问题描述
I am trying to upload files to azure storage container using Go SDK for Azure storage from an Azure VM which has Azure Managed Identity attached to it. 我还使用Azure auth使用MSIConfig创建ServicePrincipalToken 。 但是我收到一个错误
RESPONSE Status: 400 Authentication information is not given in the correct format. Check the value of Authorization header.
有人可以帮我理解我所缺少的吗?
我使用的脚本( 示例的修改形式):
// main.go
package main
import (
"log"
"fmt"
"context"
"net/url"
"strings"
"github.com/Azure/azure-storage-blob-go/azblob"
"github.com/Azure/go-autorest/autorest/azure/auth"
)
func main() {
azureServicePrincipalToken, err := auth.NewMSIConfig().ServicePrincipalToken()
if err != nil {
log.Fatal(err)
}
accountName := "<TESTSA>"
containerName := "<TESTCONTAINER>"
// Create a BlockBlobURL object to a blob in the container (we assume the container already exists).
u, _ := url.Parse(fmt.Sprintf("https://%s.blob.core.windows.net/%s/readme.txt", accountName, containerName))
credential := azblob.NewTokenCredential(azureServicePrincipalToken.Token().AccessToken, nil)
if err != nil {
log.Fatal(err)
}
blockBlobURL := azblob.NewBlockBlobURL(*u, azblob.NewPipeline(credential, azblob.PipelineOptions{}))
log.Println(blockBlobURL)
ctx := context.Background() // This example uses a never-expiring context
// Perform UploadStreamToBlockBlob
bufferSize := 2 * 1024 * 1024
maxBuffers := 3
_, err = azblob.UploadStreamToBlockBlob(ctx, strings.NewReader("Hello azblob"), blockBlobURL,
azblob.UploadStreamToBlockBlobOptions{BufferSize: bufferSize, MaxBuffers: maxBuffers})
if err != nil {
log.Fatal(err)
}
}
当我执行go run main.go时,我收到以下错误:
2020/12/26 17:58:07 https://<TESTSA>.blob.core.windows.net/<TESTCONTAINER>/readme.txt
2020/12/26 17:58:07 write error: -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/<MYUSER>/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.12.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=) =====
Description=Authentication information is not given in the correct format. Check the value of Authorization header.
RequestId:f30c063e-901e-0046-2cb0-db4781000000
Time:2020-12-26T17:58:07.7810745Z, Details:
Code: InvalidAuthenticationInfo
PUT https://<TESTSA>.blob.core.windows.net/<TESTCONTAINER>/readme.txt?blockid=j%2BItsAdqRN6EScZ3S2r8QwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA%3D%3D&comp=block&timeout=61
Authorization: REDACTED
Content-Length: [12]
User-Agent: [Azure-Storage/0.12 (go1.13.9; linux)]
X-Ms-Client-Request-Id: [21638ec4-138c-434d-4b53-d13924e51966]
X-Ms-Version: [2019-12-12]
--------------------------------------------------------------------------------
RESPONSE Status: 400 Authentication information is not given in the correct format. Check the value of Authorization header.
Content-Length: [298]
Content-Type: [application/xml]
Date: [Sat, 26 Dec 2020 17:58:07 GMT]
Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0]
X-Ms-Request-Id: [f30c063e-901e-0046-2cb0-db4781000000]
exit status 1
我还使用azcli命令进行了验证,并且能够毫无挑战地将示例 txt 文件helloworld上传到存储容器。 我使用的命令:
az login --identity
az storage blob upload --container-name <TESTCONTAINER> --account-name <TESTSA> --name helloworld --file helloworld --auth-mode login
回复:
Finished[#############################################################] 100.0000%
{
"etag": "\"0x8D8A9CCDD921BA7\"",
"lastModified": "2020-12-26T18:34:22+00:00"
}
谢谢你。
1 个解决方案
解决方案1
0 2020-12-27 09:37:14
您参考的代码示例使用共享密钥和Put Blob API 进行授权,但不是 Azure AD。
credential, err := NewSharedKeyCredential(accountName, accountKey)
如果您想通过ServicePrincipalToken使用 Azure AD 进行授权,请参阅Go 的 Azure Active Directory 身份验证。
applicationSecret := "APPLICATION_SECRET"
spt, err := adal.NewServicePrincipalToken(
*oauthConfig,
appliationID,
applicationSecret,
resource,
callbacks...)
if err != nil {
return nil, err
}
// Acquire a new access token
err = spt.Refresh()
if (err == nil) {
token := spt.Token
}
如何使用 Python 和托管标识/SAS 凭据从 VM 访问 Azure 存储帐户
[英]How to access Azure storage account from VM using Python and managed identity / SAS credentials
使用托管服务身份对Azure功能进行授权以从Azure存储容器中获取Blob
[英]Authorization for Azure Function using Managed Service Identity to fetch blob from Azure Storage container
使用托管标识和 REST API 从 VM 调用 Azure 函数
[英]Calling Azure function from VM using managed identity and REST API
将 Azure 托管标识用于未授权新 SDK 的应用服务
[英]Using Azure managed identity for App Service not authorising for new SDK
使用 Service Principle 或 Managed Identity 从 ADF 验证 Azure 表存储
[英]Authenticate Azure Table storage from ADF using Service Principle or Managed Identity
使用适用于 Python 的 Azure 存储 SDK 将多个文件从文件夹上传到 Azure Blob 存储
[英]Upload multiple files from folder to Azure Blob storage using Azure Storage SDK for Python
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
使用托管标识从 VM 访问 Azure 存储
从Azure VM将文件上传到Azure存储
如何使用 Python 和托管标识/SAS 凭据从 VM 访问 Azure 存储帐户
使用托管服务身份对Azure功能进行授权以从Azure存储容器中获取Blob
使用托管标识和 REST API 从 VM 调用 Azure 函数
将 Azure 托管标识用于未授权新 SDK 的应用服务
使用 Service Principle 或 Managed Identity 从 ADF 验证 Azure 表存储
来自非 Azure VM 的托管身份验证
使用适用于 Python 的 Azure 存储 SDK 将多个文件从文件夹上传到 Azure Blob 存储
Azure Azure 服务总线的托管身份 java sdk
相关标签