如何解决SAS网址为存储帐户的RM模板 [英] How to resolve SAS URL for Storage Account in RM Template

问题描述

我想创建，创建一个网站，并配置该用于登录到Blob存储RM模板。

我看到这个<一个href=\"http://stackoverflow.com/questions/34810290/how-to-set-the-application-log-in-an-azure-webapp-using-azure-resource-manager\">post在计算器，它展示了如何配置这一点。

的 JSON 看起来有点如下：

\r

\r

{\r
  ID：/subscriptions/.../config/logs\r
  名：日志\r
  类型：Microsoft.Web /网站/配置，\r
  位置：北环美\r
  属性：{\r
    applicationLogs：{\r
      文件系统： {\r
        级别：关\r
      }，\r
      azureBlobStorage：{\r
        级别：信息，\r
        sasUrl：......\r
        retentionInDays：14\r
      }\r
    }，\r
    ...\r
}

\r

\r

\r

不过，我无法弄清楚的sasUrl应如何计算/解析到这个文件？

解决方案

Moim，我不认为你可以在模板中创建sasToken。正如MichaelB提到你做的部署之前，您可以创建它，无论是在传递其作为模板参数或根本就很难code将其（不理想，因为这是一个秘密的）。几件事情要添加到迈克尔的code：1）您需要的完整URL和一个容器，2）你要设置令牌到期时间，因此它不会过期，prevent记录到它。例如：

  $ SasToken =新AzureStorageContainerSASToken  - 集装箱日志
   -Context $背景-Permission rwdl -ExpiryTime（GET-日）.AddYears（1）-FullUri
 

你可以做到这一点的另一种方法是创建一个sasToken，其存储在Azure中KeyVault，并参考了KeyVault秘密的模板。此博客已通过设置，最多走了几个帖子：<一href=\"http://www.$c$cisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/\" rel=\"nofollow\">http://www.$c$cisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/

I am trying to create RM template that creates a web site and configures this for logging into the blob storage.

I saw this post in StackOverflow, which shows how to configure this.

The json looks somewhat following:

{
  "id": "/subscriptions/.../config/logs",
  "name": "logs",
  "type": "Microsoft.Web/sites/config",
  "location": "North Central US",
  "properties": {
    "applicationLogs": {
      "fileSystem": {
        "level": "Off"
      },
      "azureBlobStorage": {
        "level": "Information",
        "sasUrl": "...",
        "retentionInDays": 14
      }
    },
    ...
}

However, I couldn't figure out how the sasUrl should be calculated/resolved into this file?

解决方案

Moim, I don't think you can create a sasToken within the template. As MichaelB mentioned you can create it before you do the deployment and either pass it in as a parameter or simply hardcode it in the template (not ideal since this is a secret). A couple things to add to Michael's code: 1) you need the full URL and a container and 2) you'll want to set an expiry time on the token so it doesn't expire and prevent logging to it. For example:

$SasToken = New-AzureStorageContainerSASToken -Container 'logs'
   -Context $context -Permission rwdl -ExpiryTime (Get-Date).AddYears(1) -FullUri

The other way you can do this is to create a sasToken, store it in Azure KeyVault, and reference that KeyVault secret in the template. This blog has a few posts that walk through setting that up: http://www.codeisahighway.com/how-to-refer-an-azure-key-vault-secret-in-an-azure-resource-manager-deployment-template/

这篇关于如何解决SAS网址为存储帐户的RM模板的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！