从Azure数据工厂访问Azure Blob存储帐户

时间:2018-08-08 11:09:05

标签: azure azure-data-factory

我的存储帐户中有一个包含文件列表的文件夹,并且一直在尝试使用管道删除其中一个文件。为了完成该任务,我在管道中使用了“ Web”,复制了Blob存储网址和访问密钥。

直接使用“标题” |“授权”下的访问键来疲劳。还尝试了https://docs.microsoft.com/en-us/azure/storage/common/storage-rest-api-auth#creating-the-authorization-header

上共享密钥的概念

甚至尝试使用curl进行这项工作,但每次我尝试运行时都会返回“身份验证错误” 

# List the blobs in an Azure storage container.

echo "usage: ${0##*/} <storage-account-name> <container-name> <access-key>"

storage_account="$1"
container_name="$2"
access_key="$3"

blob_store_url="blob.core.windows.net"
authorization="SharedKey"

request_method="DELETE"
request_date=$(TZ=GMT LC_ALL=en_US.utf8 date "+%a, %d %h %Y %H:%M:%S %Z")
#request_date="Mon, 18 Apr 2016 05:16:09 GMT"
storage_service_version="2018-03-28"

# HTTP Request headers
x_ms_date_h="x-ms-date:$request_date"
x_ms_version_h="x-ms-version:$storage_service_version"

# Build the signature string
canonicalized_headers="${x_ms_date_h}\n${x_ms_version_h}"
canonicalized_resource="/${storage_account}/${container_name}"

string_to_sign="${request_method}\n\n\n\n\n\n\n\n\n\n\n\n${canonicalized_headers}\n${canonicalized_resource}\ncomp:list\nrestype:container"


# Decode the Base64 encoded access key, convert to Hex.
decoded_hex_key="$(echo -n $access_key | base64 -d -w0 | xxd -p -c256)"


# Create the HMAC signature for the Authorization header
signature=$(printf "$string_to_sign" | openssl dgst -sha256 -mac HMAC -macopt "hexkey:$decoded_hex_key" -binary |  base64 -w0)

authorization_header="Authorization: $authorization $storage_account:$signature"

curl \
  -H "$x_ms_date_h" \
  -H "$x_ms_version_h" \
  -H "$authorization_header" \
  -H "Content-Length: 0"\
  -X DELETE  "https://${storage_account}.${blob_store_url}/${container_name}/myfile.csv_123"

curl命令返回错误:

<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:XX Time:2018-08-09T10:09:41.3394688Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'xxx' is not the same as any computed signature. Server used following string to sign: 'DELETE

1 个答案:

答案 0 :(得分:0)

您不能直接从数据工厂授权存储帐户API。我建议您使用逻辑应用程序。 Logic App内置了对Blob存储的支持: https://docs.microsoft.com/en-us/azure/connectors/connectors-create-api-azureblobstorage

您可以从Data Factory Web Activity调用Logic App。使用Data Factory请求的主体,您可以像blob路径一样将变量传递给Logic应用。

相关问题
最新问题