Azure Blob 存储部署:存储访问策略被删除
Azure Blob Storage Deployment: Stored Access Policy gets deleted
-
azure-devops
-
azure-storage
-
azure-blob-storage
-
azure-resource-manager
-
azure-pipelines-release-pipeline
上下文:
我使用以下 ARM 模板和 Azure DevOps 部署了一个存储帐户以及一个或多个容器,分别是一个资源部署任务:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The name of the Azure Storage account."
}
},
"containerNames": {
"type": "array",
"metadata": {
"description": "The names of the blob containers."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The location in which the Azure Storage resources should be deployed."
}
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-07-01",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"properties": {
"accessTier": "Hot"
}
},
{
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('containerNames')[copyIndex()])]",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2018-03-01-preview",
"dependsOn": [
"[parameters('storageAccountName')]"
],
"copy": {
"name": "containercopy",
"count": "[length(parameters('containerNames'))]"
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[parameters('storageAccountName')]"
},
"storageAccountKey": {
"type": "string",
"value": "[listKeys(parameters('storageAccountName'), '2018-02-01').keys[0].value]"
},
"storageContainerNames": {
"type": "array",
"value": "[parameters('containerNames')]"
}
}
}
输入可以是例如
-storageAccountName 'stor1' -containerNames [ 'con1', 'con2' ] -location 'westeurope'
在下一步中,我为部署的容器创建存储访问策略。
问题:
我第一次这样做时一切正常。但是,如果我第二次执行管道,则存储访问策略会因模板部署而被删除。存储帐户本身及其容器和 blob 不会被删除(应该被删除)。这很不幸,因为我想保留存储访问策略及其第一次部署的开始时间和到期时间,此外我预计 SAS 也会变得无效(到目前为止尚未测试)。
问题:
为什么会这样?
如何避免此问题分别保留存储访问策略?
谢谢
经过一些调查后,这似乎是设计使然。为存储帐户部署 ARM 模板时,使用 PUT 操作,即删除模板中未指定的元素。由于无法在存储帐户的 ARM 模板中为容器指定共享访问策略,因此在重新部署模板时现有的容器将被删除...
azure-devops
azure-storage
azure-blob-storage
azure-resource-manager
azure-pipelines-release-pipeline
上下文:
我使用以下 ARM 模板和 Azure DevOps 部署了一个存储帐户以及一个或多个容器,分别是一个资源部署任务:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"metadata": {
"description": "The name of the Azure Storage account."
}
},
"containerNames": {
"type": "array",
"metadata": {
"description": "The names of the blob containers."
}
},
"location": {
"type": "string",
"metadata": {
"description": "The location in which the Azure Storage resources should be deployed."
}
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2018-07-01",
"location": "[parameters('location')]",
"kind": "StorageV2",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"properties": {
"accessTier": "Hot"
}
},
{
"name": "[concat(parameters('storageAccountName'), '/default/', parameters('containerNames')[copyIndex()])]",
"type": "Microsoft.Storage/storageAccounts/blobServices/containers",
"apiVersion": "2018-03-01-preview",
"dependsOn": [
"[parameters('storageAccountName')]"
],
"copy": {
"name": "containercopy",
"count": "[length(parameters('containerNames'))]"
}
}
],
"outputs": {
"storageAccountName": {
"type": "string",
"value": "[parameters('storageAccountName')]"
},
"storageAccountKey": {
"type": "string",
"value": "[listKeys(parameters('storageAccountName'), '2018-02-01').keys[0].value]"
},
"storageContainerNames": {
"type": "array",
"value": "[parameters('containerNames')]"
}
}
}
输入可以是例如
-storageAccountName 'stor1' -containerNames [ 'con1', 'con2' ] -location 'westeurope'
在下一步中,我为部署的容器创建存储访问策略。
问题:
我第一次这样做时一切正常。但是,如果我第二次执行管道,则存储访问策略会因模板部署而被删除。存储帐户本身及其容器和 blob 不会被删除(应该被删除)。这很不幸,因为我想保留存储访问策略及其第一次部署的开始时间和到期时间,此外我预计 SAS 也会变得无效(到目前为止尚未测试)。
问题:
为什么会这样? 如何避免此问题分别保留存储访问策略?
谢谢
经过一些调查后,这似乎是设计使然。为存储帐户部署 ARM 模板时,使用 PUT 操作,即删除模板中未指定的元素。由于无法在存储帐户的 ARM 模板中为容器指定共享访问策略,因此在重新部署模板时现有的容器将被删除...