使用 SAS 令牌通过 Power Shell 列出 Azure Blob 容器中文件夹中的文件
List Files in a folder in Azure Blob Container via Power Shell with SAS Token
我的objective 是检查blob 容器中的文件夹中是否存在文件。从门户访问存储已关闭,所以这是我所拥有的:
- 带有 PowerShell 和 Azure 存储资源管理器的 VM
- 文件路径:
mycontainer/in/data/documents/
- 连接字符串(修正):
BlobEndpoint=https://storagecont01.blob.core.windows.net/;QueueEndpoint=https://storageacont01.queue.core.windows.net/;FileEndpoint=https://storageacont01.file.core.windows.net/;TableEndpoint=https://storageacont01.table.core.windows.net/;SharedAccessSignature=sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D
我的 AD 帐户无权访问这些文件,但我使用上面的连接字符串通过 Azure 存储帐户成功连接,并且我使用 Azcopy 成功复制了文件
关注话题
这是我尝试过的(不成功,get-azstorageblob 也不起作用):
$ctx = New-AzStorageContext -StorageAccountName "storageacont01" -sastoken "sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D"
get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug
我的问题是:
- 我是不是做错了什么?
- 是否可能,我获得的连接字符串限制了从 PowerShell 的访问?
更新:账户类型存储V2(通用v2)
调试输出如下:
DEBUG: 2:27:30 PM - GetAzureStorageContainerCommand begin processing with ParameterSet 'ContainerName'.
DEBUG: 2:27:30 PM - Use storage account 'storagecont1' from storage context.
DEBUG: Request [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] GET https://storagecont1.blob.core.windows.net/mycontainer?sv=2000-00-00&ss=bfqt&srt=sco&sp=rwlacup&se=2000-00-00T08:37:05Z&st=2000-00-00
T00:30:005Z&spr=https&sig=REDACTED&restype=container
x-ms-version:2020-04-08
User-Agent:AzurePowershell/v1.0.0,azsdk-net-Storage.Blobs/12.8.0 (.NET Framework 4.7.3850.0; Microsoft Windows 10.0.14393 )
x-ms-client-request-id:9888e1b0-b7f1-47ba-b9bb-116263ead7dd
x-ms-return-client-request-id:true
client assembly: Azure.Storage.Blobs
DEBUG: Error response [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] 503 Service Unavailable (00.2s)
Mime-Version:REDACTED
X-Squid-Error:REDACTED
Vary:Accept-Language
Content-Language:en
Content-Length:3888
Content-Type:text/html;charset=utf-8
Date:Sun, 03 Oct 2021 03:27:27 GMT
Server:squid/4.10
...... 4 more retries ......
get-azstoragecontainer : The 'meta' start tag on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.
At line:2 char:2
+ get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzStorageContainer], XmlException
+ FullyQualifiedErrorId : XmlException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageContainerCommand
DEBUG: 2:27:59 PM - GetAzureStorageContainerCommand end processing, Start 24 remote calls. Finish 0 remote calls. Elapsed time 3044243.02 ms. Client operation id: Azure-Storage-PowerShell-d39
4497f-0e4f-4e13-bc40-079df6bf143c.
DEBUG: AzureQoSEvent: Module: Az.Storage:3.11.0; CommandName: Get-AzStorageContainer; PSVersion: 5.1.14393.4583; IsSuccess: False; Duration: 00:00:28.2957856; Exception: The 'meta' start tag
on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.;
DEBUG: Finish sending metric.
DEBUG: 2:28:00 PM - GetAzureStorageContainerCommand end processing.
显然问题是客户端 (VM) 端未满足最低 TLS 要求。
以下代码更改当前 PowerShell 会话的 TLS:
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol
根据 Microsoft 的文档:https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-configure-tls-settings
我的objective 是检查blob 容器中的文件夹中是否存在文件。从门户访问存储已关闭,所以这是我所拥有的:
- 带有 PowerShell 和 Azure 存储资源管理器的 VM
- 文件路径:
mycontainer/in/data/documents/ - 连接字符串(修正):
BlobEndpoint=https://storagecont01.blob.core.windows.net/;QueueEndpoint=https://storageacont01.queue.core.windows.net/;FileEndpoint=https://storageacont01.file.core.windows.net/;TableEndpoint=https://storageacont01.table.core.windows.net/;SharedAccessSignature=sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D
我的 AD 帐户无权访问这些文件,但我使用上面的连接字符串通过 Azure 存储帐户成功连接,并且我使用 Azcopy 成功复制了文件
关注话题get-azstorageblob 也不起作用):
$ctx = New-AzStorageContext -StorageAccountName "storageacont01" -sastoken "sv=2019-06-00&ss=bxqt&srt=sco&sp=xwlacux&se=2019-06-00T00:00:05Z&st=2019-06-00T01:30:00Z&spr=https&sig=Sz%2zxdadzca1e137zzdzdq131D%21366bpafOrAAdac%3D"
get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug
我的问题是:
- 我是不是做错了什么?
- 是否可能,我获得的连接字符串限制了从 PowerShell 的访问?
更新:账户类型存储V2(通用v2)
调试输出如下:
DEBUG: 2:27:30 PM - GetAzureStorageContainerCommand begin processing with ParameterSet 'ContainerName'.
DEBUG: 2:27:30 PM - Use storage account 'storagecont1' from storage context.
DEBUG: Request [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] GET https://storagecont1.blob.core.windows.net/mycontainer?sv=2000-00-00&ss=bfqt&srt=sco&sp=rwlacup&se=2000-00-00T08:37:05Z&st=2000-00-00
T00:30:005Z&spr=https&sig=REDACTED&restype=container
x-ms-version:2020-04-08
User-Agent:AzurePowershell/v1.0.0,azsdk-net-Storage.Blobs/12.8.0 (.NET Framework 4.7.3850.0; Microsoft Windows 10.0.14393 )
x-ms-client-request-id:9888e1b0-b7f1-47ba-b9bb-116263ead7dd
x-ms-return-client-request-id:true
client assembly: Azure.Storage.Blobs
DEBUG: Error response [9888e1b0-b7f1-47ba-b9bb-116263ead7dd] 503 Service Unavailable (00.2s)
Mime-Version:REDACTED
X-Squid-Error:REDACTED
Vary:Accept-Language
Content-Language:en
Content-Length:3888
Content-Type:text/html;charset=utf-8
Date:Sun, 03 Oct 2021 03:27:27 GMT
Server:squid/4.10
...... 4 more retries ......
get-azstoragecontainer : The 'meta' start tag on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.
At line:2 char:2
+ get-azstoragecontainer -container "mycontainer" -Context $ctx -Debug
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Get-AzStorageContainer], XmlException
+ FullyQualifiedErrorId : XmlException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageContainerCommand
DEBUG: 2:27:59 PM - GetAzureStorageContainerCommand end processing, Start 24 remote calls. Finish 0 remote calls. Elapsed time 3044243.02 ms. Client operation id: Azure-Storage-PowerShell-d39
4497f-0e4f-4e13-bc40-079df6bf143c.
DEBUG: AzureQoSEvent: Module: Az.Storage:3.11.0; CommandName: Get-AzStorageContainer; PSVersion: 5.1.14393.4583; IsSuccess: False; Duration: 00:00:28.2957856; Exception: The 'meta' start tag
on line 4 position 2 does not match the end tag of 'head'. Line 117, position 3.;
DEBUG: Finish sending metric.
DEBUG: 2:28:00 PM - GetAzureStorageContainerCommand end processing.
显然问题是客户端 (VM) 端未满足最低 TLS 要求。 以下代码更改当前 PowerShell 会话的 TLS:
$TLS12Protocol = [System.Net.SecurityProtocolType] 'Ssl3 , Tls12'
[System.Net.ServicePointManager]::SecurityProtocol = $TLS12Protocol
根据 Microsoft 的文档:https://docs.microsoft.com/en-us/azure/databox-online/azure-stack-edge-gpu-configure-tls-settings