如何解决SAS网址为存储帐户的RM模板 [英] How to resolve SAS URL for Storage Account in RM Template
问题描述
我想创建,创建一个网站,并配置该用于登录到Blob存储RM模板。
我看到这个<一个href=\"http://stackoverflow.com/questions/34810290/how-to-set-the-application-log-in-an-azure-webapp-using-azure-resource-manager\">post在计算器,它展示了如何配置这一点。
的 JSON
看起来有点如下:
{\r
ID:/subscriptions/.../config/logs\r
名:日志\r
类型:Microsoft.Web /网站/配置,\r
位置:北环美\r
属性:{\r
applicationLogs:{\r
文件系统: {\r
级别:关\r
},\r
azureBlobStorage:{\r
级别:信息,\r
sasUrl:......\r
retentionInDays:14\r
}\r
},\r
...\r
}
\r
不过,我无法弄清楚的sasUrl应如何计算/解析到这个文件?
Moim,我不认为你可以在模板中创建sasToken。正如MichaelB提到你做的部署之前,您可以创建它,无论是在传递其作为模板参数或根本就很难code将其(不理想,因为这是一个秘密的)。几件事情要添加到迈克尔的code:1)您需要的完整URL和一个容器,2)你要设置令牌到期时间,因此它不会过期,prevent记录到它。例如:
$ SasToken =新AzureStorageContainerSASToken - 集装箱日志
-Context $背景-Permission rwdl -ExpiryTime(GET-日).AddYears(1)-FullUri
你可以做到这一点的另一种方法是创建一个sasToken,其存储在Azure中KeyVault,并参考了KeyVault秘密的模板。此博客已通过设置,最多走了几个帖子:<一href=\"http://www.$c$cisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/\" rel=\"nofollow\">http://www.$c$cisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/
I am trying to create RM template that creates a web site and configures this for logging into the blob storage.
I saw this post in StackOverflow, which shows how to configure this.
The json
looks somewhat following:
{
"id": "/subscriptions/.../config/logs",
"name": "logs",
"type": "Microsoft.Web/sites/config",
"location": "North Central US",
"properties": {
"applicationLogs": {
"fileSystem": {
"level": "Off"
},
"azureBlobStorage": {
"level": "Information",
"sasUrl": "...",
"retentionInDays": 14
}
},
...
}
However, I couldn't figure out how the sasUrl should be calculated/resolved into this file?
Moim, I don't think you can create a sasToken within the template. As MichaelB mentioned you can create it before you do the deployment and either pass it in as a parameter or simply hardcode it in the template (not ideal since this is a secret). A couple things to add to Michael's code: 1) you need the full URL and a container and 2) you'll want to set an expiry time on the token so it doesn't expire and prevent logging to it. For example:
$SasToken = New-AzureStorageContainerSASToken -Container 'logs'
-Context $context -Permission rwdl -ExpiryTime (Get-Date).AddYears(1) -FullUri
The other way you can do this is to create a sasToken, store it in Azure KeyVault, and reference that KeyVault secret in the template. This blog has a few posts that walk through setting that up: http://www.codeisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/
这篇关于如何解决SAS网址为存储帐户的RM模板的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!