如何使用Powershell功能应用程序检索存储帐户密钥？ [英] How to retrieve storage account key using powershell function app?

问题描述

我正在使用Powershell功能应用程序检索存储帐户密钥，但是我无法访问资源。请帮助我。

I'm using powershell function app to retrieve storage account key but i'm not able to access resources .Please help me .

$resourceGroup = "DemoResourceGroup"

$AccountName = "Demo"

$Key = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $AccountName)

Write-Host "storage account key 1 = " $Key

I '正在发生以下错误：

2020-05-14T14：00：05Z [Error]错误：Get-AzStorageAccountKey： this.Client.SubscriptionId不能为null。
在D：\home\site\wwwroot\TimerTrigger1\run.ps1：25 char：8
+ $ key = Get-AzStorageAccountKey -ResourceGroupName DocumentParser_FBI ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
+ CategoryInfo：CloseError：（:) [Get-AzStorageAccountKey]，ValidationException
+ FullyQualifiedErrorId：Microsoft.Azure.Commands.Management.Storage。 GetAzureStorageAccountKeyCommand

2020-05-14T14:00:05Z [Error] ERROR: Get-AzStorageAccountKey : 'this.Client.SubscriptionId' cannot be null. At D:\home\site\wwwroot\TimerTrigger1\run.ps1:25 char:8 + $key = Get-AzStorageAccountKey -ResourceGroupName "DocumentParser_FBI ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : CloseError: (:) [Get-AzStorageAccountKey], ValidationException + FullyQualifiedErrorId : Microsoft.Azure.Commands.Management.Storage.GetAzureStorageAccountKeyCommand

脚本堆栈跟踪：
，位于D：\home\site\wwwroot\TimerTrigger1\run.ps1：第25行

Script stack trace: at , D:\home\site\wwwroot\TimerTrigger1\run.ps1: line 25

Microsoft.Rest.ValidationException： this.Client.SubscriptionId不能为null。Microsoft.Azure.Management.Storage.StorageAccountsOperations.ListKeysWithHttpMessagesAsync（String resourceGroupName，字符串accountName，Nullable 1扩展，字典 2 customHeaders，CancellationToken cancelleToken）
在Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeysAsync（IStorageAccountsOperations o perations，字符串resourceGroupName，字符串accountName，Nullable 1扩展，CancellationToken cancelleToken）
，位于Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeys（IStorageAccountsOperations操作，字符串resourceGroupName，字符串accountName，Nullable 1扩展）
，位于Microsoft.Azure.Commands.Management.Storage.GetAzureStorageAccountKeyCommand.ExecuteCmdlet（）

Microsoft.Rest.ValidationException: 'this.Client.SubscriptionId' cannot be null. at Microsoft.Azure.Management.Storage.StorageAccountsOperations.ListKeysWithHttpMessagesAsync(String resourceGroupName, String accountName, Nullable1 expand, Dictionary2 customHeaders, CancellationToken cancellationToken) at Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeysAsync(IStorageAccountsOperations operations, String resourceGroupName, String accountName, Nullable1 expand, CancellationToken cancellationToken) at Microsoft.Azure.Management.Storage.StorageAccountsOperationsExtensions.ListKeys(IStorageAccountsOperations operations, String resourceGroupName, String accountName, Nullable1 expand) at Microsoft.Azure.Commands.Management.Storage.GetAzureStorageAccountKeyCommand.ExecuteCmdlet()

推荐答案

根据您提供的脚本，使用 Az 模块。因此，如果要选择使用哪个Azure订阅，则需要使用命令 Select-AzSubscription 。此外，您还可以在 Connect-AzAccoun 中添加 -Subscription< subscription Id> ，则选择正确的订阅。

According to the script you provide, you use Az module. So if you want to choose which Azure subscription you use, you need to use the command Select-AzSubscription. Besides, you also can add -Subscription "<subscription Id>" in Connect-AzAccoun to ensure when you login, you choose the right subscription.

例如

1. 创建服务主体

Import-Module Az.Resources # Imports the PSADPasswordCredential object
$credentials = New-Object Microsoft.Azure.Commands.ActiveDirectory.PSADPasswordCredential -Property @{ StartDate=Get-Date; EndDate=Get-Date -Year 2024; Password=<Choose a strong password>}
$sp = New-AzAdServicePrincipal -DisplayName ServicePrincipalName -PasswordCredential $credentials

1. 将角色分配给服务主体。例如，在订阅级别上将sp的贡献者角色分配给

New-AzRoleAssignment -ApplicationId <service principal application ID> -RoleDefinitionName "Contributor" `
-Scope "/subscriptions/<subscription id>"

1. 脚本

$appId = "your sp app id"
$password = "your sp password"
$secpasswd = ConvertTo-SecureString $password -AsPlainText -Force
$mycreds = New-Object System.Management.Automation.PSCredential ($appId, $secpasswd)

Connect-AzAccount -ServicePrincipal -Credential $mycreds -Tenant <you sp tenant id>
Get-AzSubscription -SubscriptionName "CSP Azure" | Select-AzSubscription

$resourceGroup = "nora4test"

$AccountName = "qsstorageacc"

$Key = (Get-AzStorageAccountKey -ResourceGroupName $resourceGroup -Name $AccountName)[0].Value

Write-Host "storage account key 1 = " $Key

这篇关于如何使用Powershell功能应用程序检索存储帐户密钥？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！