使用来自Azure功能的系统分配的身份验证Azure存储

Question

我想使用Azure Functions的系统分配的身份进行身份验证并从存储帐户中读取。我得到了.NET的以下代码。我正在寻找Java中的等效代码。预先感谢。

public static class Function1
{
    [FunctionName("WebHook-Func")]
    public static async Task<IActionResult> Run(
        [HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
        ILogger log)
    {
        log.LogInformation("C# HTTP trigger function processed a request.");

        var azureServiceTokenProvider = new AzureServiceTokenProvider();
        string accessToken = await azureServiceTokenProvider.GetAccessTokenAsync("https://storage.azure.com/");
        TokenCredential creds = new TokenCredential(accessToken);

        log.LogInformation($"Token: {accessToken}");

        StorageCredentials storageCreds = new StorageCredentials(creds);

        try
        {
            CloudBlobClient client = new CloudBlobClient(new StorageUri(new Uri("https://<storageAccount>.blob.core.windows.net")), storageCreds);
            CloudBlobContainer container = client.GetContainerReference("fltd");
            CloudBlockBlob blob = container.GetBlockBlobReference("shopping.txt");

            string content = await blob.DownloadTextAsync();

            return (ActionResult)new OkObjectResult($"File contents: {content}");
        }catch(Exception ex)
        {
            return new BadRequestObjectResult($"Exception when calling web hook: {ex.StackTrace} {ex.Message}");
        }
    }
}

Answer 1

如果要通过系统分配的身份访问Azure功能中的Azure blob，请参考以下步骤

1. Create Azure function

2. Enable system assigned Identity the function

在存储帐户级别为MSI分配

3. 角色（存储Blob数据贡献者）

4. SDK

 <dependency>
            <groupId>com.microsoft.azure</groupId>
            <artifactId>azure-client-authentication</artifactId>
            <version>1.7.5</version>
        </dependency>

        <dependency>
            <groupId>com.microsoft.azure</groupId>
            <artifactId>azure-storage</artifactId>
            <version>8.6.5</version>
        </dependency>

1. 代码

 public HttpResponseMessage run(@HttpTrigger(name = "req",methods = {HttpMethod.GET, HttpMethod.POST},authLevel = AuthorizationLevel.ANONYMOUS) HttpRequestMessage<Optional<String>> request, ExecutionContext context) throws URISyntaxException, StorageException, IOException {
        context.getLogger().info("Java HTTP trigger processed a request.");
        AppServiceMSICredentials msiCredentials = new AppServiceMSICredentials(AzureEnvironment.AZURE);
        String token = msiCredentials.getToken("https://storage.azure.com/");
        context.getLogger().info("000000000000" + token);
       
        String accountName = "jimtestdiag924";
        StorageCredentialsToken credentials = new StorageCredentialsToken(accountName, token);
        CloudStorageAccount account = new CloudStorageAccount(credentials, true);
        CloudBlobClient client = account.createCloudBlobClient();
        CloudBlobContainer container = client.getContainerReference("testupload");
        CloudBlockBlob blob = container.getBlockBlobReference("hello.txt");
        String content = blob.downloadText();
        return request.createResponseBuilder(HttpStatus.OK).body("The file content :" + content).build();
    }