从Azure自动化帐户运行时Get-AzureBlobContent引发错误 [英] Get-AzureBlobContent throwing error when run from Azure Automation account

问题描述

尝试从Azure自动化帐户中的Azure存储帐户下载blob(JSON文件)时遇到错误.看起来像是授权问题.

I am receiving a failure while trying to download blob (JSON file) from Azure storage account from my Azure Automation account. It looks like an authorization issue.

这可以在我的本地笔记本电脑上使用，但不能在Azure自动化帐户上使用.即使我将容器设为公开"也不起作用

This works on my local laptop, but does not work on Azure Automation Account. Does not work even if I make the container "public"

我已在资源组(自动化帐户+存储帐户留在此RG)上，特别是在存储帐户上，为自动化帐户的服务原理分配了OWNER特权:

I have assigned OWNER privileges for the Automation accounts's service principle on the Resource Group (Automation account + Storage account stay in this RG) and specifically on the Storage Account as well:

下面是代码:

$connectionName = "AzureRunAsConnection"
try
{
    # Get the connection "AzureRunAsConnection "
    $servicePrincipalConnection=Get-AutomationConnection -Name $connectionName         

    "Logging in to Azure..."
    Add-AzureRmAccount `
        -ServicePrincipal `
        -TenantId $servicePrincipalConnection.TenantId `
        -ApplicationId $servicePrincipalConnection.ApplicationId `
        -CertificateThumbprint $servicePrincipalConnection.CertificateThumbprint 
}
catch {
    if (!$servicePrincipalConnection)
    {
        $ErrorMessage = "Connection $connectionName not found."
        throw $ErrorMessage
    } else{
        Write-Error -Message $_.Exception
        throw $_.Exception
    }
}

$config_file_resource_group_name = "vg-datalake-manjunath"
$config_file_storage_account_name = "datalakelog"
$primary_key = (Get-AzureRmStorageAccountKey -ResourceGroupName $config_file_resource_group_name -AccountName $config_file_storage_account_name).value[0]
 $config_file_context = New-AzureStorageContext -StorageAccountName $config_file_storage_account_name -StorageAccountKey $primary_key

 Get-AzureStorageBlobContent -Blob "mw_services.json" -Container "fwconfigfiles" -Destination "C:\temp\mw_services.json" -Context $config_file_context

 get-content "C:\temp\mw_services.json" | write-output

错误:

Get-AzureStorageBlobContent : The remote server returned an error: (403) Forbidden. HTTP Status Code: 403 - HTTP Error 
Message: This request is not authorized to perform this operation.
At line:30 char:2
+  Get-AzureStorageBlobContent -Blob "mw_services.json" -Container "fwc ...
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : CloseError: (:) [Get-AzureStorageBlobContent], StorageException
    + FullyQualifiedErrorId : 
StorageException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageBlobContentCommand

推荐答案

可能的原因是您可能配置为选择要访问的网络.

The possible reason is that you may configure to selected networks to access.

如果启用此选项，并且是否勾选了允许访问受信任的Microsoft服务"，则会出现此错误，因为MS信任的服务下未列出自动化.请参阅

If you enable this option, and whether you tick "allow trusted microsoft services to access", you would get this error, since automation is not listed under MS trusted services. see

这篇关于从Azure自动化帐户运行时Get-AzureBlobContent引发错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！