处理来自不同AD租户中多个Azure订阅中存储帐户的Blob事件? [英] Handle blob events from storage accounts in multiple Azure Subscriptions in different AD Tenants?
问题描述
是否有可能收到有关存在于多个Azure订阅中的多个存储帐户中发生的blobCreated事件的通知?
Is it possible to get notified about blobCreated events happening in multiple storage accounts who live in multiple Azure Subscriptions?
我想处理在我的订阅中存在的中央Azure功能的任意存储帐户中发生的Blob创建的事件,但我希望给客户提供将数据存储在其自己的订阅中的可能性.
I would like to handle blob created events happening in arbitrary storage accounts in a central Azure Function which lives in my subscription but i would like to give customers the possibility to store the data in their own subscription.
我当时正在考虑使用事件网格Webhook端点将事件路由到我的中央Azure函数.这是实现多订阅方案的可靠方法吗?
I was thinking about using Event Grid Webhook endpoints to route the events to my central Azure Function. Would this be a solid approach to enable multi-subscription scenarios?
更准确地说,我需要在不同的租户上工作(因为我们的客户将带来他们自己的订阅,我们需要在不将其分配给AD租户的情况下进行整合)
To be more precise, i need this to work over different tenants (as our customers would bring their own subscriptions and we need to integrate them without assigning them to our AD tenant)
推荐答案
基于我们的讨论,以下屏幕片段显示了您的多租户支持方案.
Based on our discussion, the following screen snippets show your multi-tenant-fan-in-scenarios.
在天青订阅(多租户)中订阅分布式兴趣源已完成,将主题映射到webhook端点.请注意,该主题表示事件正发布(发布)到AEG服务的地方的完整资源路径(id).此路径在当前租户的范围内,请参见以下示例:
Subscribing to the distributed interest source across the azure subscriptions (multi-tenants) is done mapping the topic to the webhook endpoint. Note, that the topic represents a full resource path (id) of the place where the event is posting (publishing) to the AEG service. This path is in the scope of the current tenant, see the following example:
"topic": "/subscriptions/myID/resourceGroups/myRG/providers/microsoft.storage/storageaccounts/mySA"
"endpointBaseUrl": "https://myFnc.azurewebsites.net/runtime/webhooks/EventGrid?functionName=myEventGridTrigger&code=xxxx"
此映射在与主题相同作用域中存储的订阅元数据中声明.另一方面,可以将webhook终结点发布在此范围之外.
This mapping is declared in the subscription metadata stored in the same scope as a topic. On the other side, the webhook endpoint can be posted outside of this scope.
其他更复杂的解决方案以及使用FAN-OUT Pub/Sub方式进行事件分发的与租户的完全隔离显示在以下屏幕片段中:
Other more complex solution and the full isolation from the tenats with an event distribution using an FAN-OUT Pub/Sub manner is shown in the following screen snippet:
在上述解决方案中,扇入订户可以将原始事件消息调解为适当的面向业务的事件消息,其中包括用于访问blob元数据和/或正文等的简短sasToken.
In the above solution, the fan-in subscriber can mediate an original event message to the properly business oriented event message included a short sasToken for accessing a blob metadata and/or body, etc.
要在您的租户中使用EventGridTrigger函数的事件处理程序创建事件订阅,例如,您可以使用
To create an event subscription in your tenant with an event handler for your EventGridTrigger function, you can use for instance the REST API call, see the following example:
PUT https://management.azure.com/subscriptions/myId/resourceGroups/myRG/providers/Microsoft.Storage/storageaccounts/mySA/providers/Microsoft.EventGrid/eventSubscriptions/mySubscription?api-version=2019-01-01
标题:
Authorization:Bearer eyJ0eXAiOiJKV1QiLCJhb....
身体(最小有效载荷):
Body (minimum payload):
{
"properties": {
"destination": {
"endpointType": "WebHook",
"properties": {
"endpointUrl": "https://myFnc.azurewebsites.net/runtime/webhooks/EventGrid?functionName=myEventGridTrigger&code=xxxxxxxx..."
}
}
}
}
更新:
在隔离的多租户分布式事件架构中使用Azure事件网格发布/订阅模型的另一种方法是级联. 可以通过级联Azure事件网格来构建逻辑事件管道,例如使用自定义主题将Azure事件网格订阅到另一个.
Another way using the Azure Event Grid Pub/Sub model in the isolated multi-tenants distributed eventing architecture is its cascading. The logical event pipeline can be constructed via cascading of the Azure Event Grids such as subscribing an Azure Event Grid to the another one using a custom topic.
以下屏幕片段显示了Azure事件网格级联的示例:
The following screen snippet shows an example of the Azure Event Grid cascading:
基于扇入到扇出模式的级联概念是通过以标准Pub/Sub方式向另一个事件网格模型的WebHook事件处理程序订阅自定义主题终结点来启用的.
The cascading concept which is based on the Fan-In to Fan-Out pattern is enabled by subscribing a custom topic endpoint to the WebHook event handler of the another event grid model in the standard Pub/Sub manner.
请注意,Azure事件网格没有内置的端点来相互级联,包括验证事件环回.但是,以下步骤可以允许彼此级联Azure事件网格.
Note, that the Azure Event Grid doesn't have a built-in endpoint for cascading each other including a validation event loopback. However, the following steps can allow to cascade an Azure Event Grid each other.
-
使用 CustomInputSchema 创建自定义主题终结点,例如:
Create a custom topic endpoint with a CustomInputSchema for example:
{
"properties": {
"inputSchema": "CustomEventSchema",
"inputSchemaMapping": {
"properties": {
"id": {
"sourceField": null
},
"topic": {
"sourceField": null
},
"eventTime": {
"sourceField": null
},
"eventType": {
"sourceField": "myEventType",
"defaultValue": "recordInserted"
},
"subject": {
"sourceField": "subject",
"defaultValue": "/myapp/vehicles/motorcycles"
},
"dataVersion": {
"sourceField": null,
"defaultValue": "1.0"
}
},
"inputSchemaMappingType": "Json"
}
}
}
请注意,topic属性必须具有"sourceField":null ,对于自定义主题(不适用于事件域),这是可以的.
Note, that the topic property must have a "sourceField": null, which is OK for a custom topic (not for event domains).
对于webhook事件处理程序终结点,请在URL查询字符串中使用 aeg-sas-key ,例如:
For webhook event handler endpoint use the aeg-sas-key in the url query string, for example:
https://myTopic.westus -1.eventgrid.azure.net/api/events?aeg-sas-key=xxxxxxxxxx
请注意, aeg-sas-key 值必须是url编码的字符串.
Note, that the aeg-sas-key value must be url encoded string.
为了进行订阅验证,以即发即忘的方式使用了 validationUrl 握手.它可以在 EventGridTrigger 函数中实现,并订阅自定义主题以进行级联. 以下代码段显示了此实现的示例:
For subscription validation is used a validationUrl handshake in the fire&forget manner. It can be implemented in the EventGridTrigger function and subscribing to the custom topic for cascading purpose. The following code snippet shows an example of this implementation:
#r "Newtonsoft.Json"
using System;
using System.Threading.Tasks;
using System.Text;
using System.Linq;
using System.Net;
using System.Net.Http;
using System.Web;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
public static async Task Run(JObject eventGridEvent, ILogger log)
{
log.LogInformation(eventGridEvent.ToString());
string eventType = $"{eventGridEvent["data"]?["eventType"]?.Value<string>()}";
if(!string.IsNullOrEmpty(eventType) && eventType == "Microsoft.EventGrid.SubscriptionValidationEvent")
{
// manual validation
string validationUrl = $"{eventGridEvent["data"]?["data"]?["validationUrl"]?.Value<string>()}";
using (var client = new HttpClient())
{
var response = await client.GetAsync(validationUrl);
log.LogInformation(response.ToString());
}
}
else
{
// notifications
}
await Task.CompletedTask;
}
请注意,每次发布时,原始事件消息(原始来源感兴趣)都会在事件数据对象中级联(嵌套)
Note, that the original event message (original source interest) is cascaded (nested) in the event data object each time when is published
这篇关于处理来自不同AD租户中多个Azure订阅中存储帐户的Blob事件?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
