问题描述
这是我们使用的python代码,
def az_upload_blob(tenantID,container_name,file_name,data):
try:
logger.debug("Info::Acessing uBlob.")
AZURE_STORAGE_CONNECTION_STRING = az_kv_getsecret(Con.KV_RINGR_URI,Con.KV_SEC_CONN_STRING)
blob_service_client = BlobServiceClient.from_connection_string(AZURE_STORAGE_CONNECTION_STRING)
blob_client = blob_service_client.get_blob_client(container=container_name,blob=file_name)
blob_client.upload_blob(data)
logger.debug("Info:: Blob uploaded")
except Exception as ex:
logger.error(f"uBlob:: {ex}")
raise Exception(f"AZ-uBlob-Exception: {ex}")
错误信息:
Server Failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:23025256-801e-0047-3150-3b8ba5000000
Time:2021-04-27T10:34:18.1487489Z
ErrorCode:AuthenticationFailed
Error:None
AuthenticationErrorDetail:The MAC signature found in the HTTP request 'xyyz' is not the same as any computed signature. Server used following string to sign: 'PUT
636
application/octet-stream
*
x-ms-blob-type:BlockBlob
x-ms-client-request-id:1ebf24c8-a744-11eb-be9d-000d3a99de90
x-ms-date:Tue,27 Apr 2021 10:34:18 GMT
x-ms-encryption-algorithm:AES256
x-ms-version:2020-06-12
请帮助解决丢失的项目。谢谢!
解决方法
更新:
我使用下面的代码,它工作正常:
如果我运行 python 脚本,我首先运行 'az login' 然后运行:
from azure.keyvault.secrets import SecretClient
from azure.identity import AzureCliCredential
from azure.storage.blob import BlobServiceClient
def az_upload_blob(KVUri,secretName,container_name,file_name,data):
try:
AZURE_STORAGE_CONNECTION_STRING = az_kv_getsecret(KVUri,secretName)
blob_service_client = BlobServiceClient.from_connection_string(AZURE_STORAGE_CONNECTION_STRING)
blob_client = blob_service_client.get_blob_client(container=container_name,blob=file_name)
blob_client.upload_blob(data)
except Exception as ex:
print("Some Exception.")
def az_kv_getsecret(KVUri,secretName):
credential = AzureCliCredential()
client = SecretClient(vault_url=KVUri,credential=credential)
retrieved_secret = client.get_secret(secretName)
print(retrieved_secret.value)
return retrieved_secret.value
KVUri = "https://bowmantest.vault.azure.net/"
secretName = "STR"
container_name = "test"
file_name = "0505test.txt"
data = "This is 0505test.txt"
az_upload_blob(KVUri=KVUri,secretName=secretName,container_name=container_name,file_name=file_name,data=data)
print("This is OK.")
如果我在 azure 函数中使用它们,我只需将凭据更改为“ManagedIdentityCredential”并将函数应用的访问策略添加到 azure 密钥保管库(在我这边,我提供完全访问权限。)。
from azure.keyvault.secrets import SecretClient
from azure.identity import ManagedIdentityCredential
from azure.storage.blob import BlobServiceClient
def az_upload_blob(KVUri,secretName):
credential = ManagedIdentityCredential()
client = SecretClient(vault_url=KVUri,data=data)
print("This is OK.")
{{3}}
原答案:
你能展示 az_kv_getsecre 吗?实际上,我们总是只是从 azure blob 存储中复制连接字符串。
格式应如下所示:
DefaultEndpointsProtocol=https;AccountName=youraccountname;AccountKey=xxxxxx;EndpointSuffix=core.windows.net