使用SAS令牌时,我无法设置存储容器权限。它可以与存储帐户密钥配合使用。我在SAS定义中缺少某些权限吗?
PS C:\WINDOWS\system32> Get-AzureKeyVaultManagedStorageSasDefinition -VaultName <vaultname> -Name writesas -AccountName <accountname> | fl *
Parameter : {validityPeriod, signedPermissions, signedServices, signedResourceTypes...}
ParameterTable : Name Value
validityPeriod PT30M
signedPermissions rwdlacup
signedServices bqft
signedResourceTypes sco
signedVersion 2016-05-31
sasType account
PS C:\WINDOWS\system32> $SasToken = (Get-AzureKeyVaultSecret -VaultName <vaultName> -SecretName <secretName>).SecretValueText
PS C:\WINDOWS\system32> $context = New-AzureStorageContext -StorageAccountName <storageAccountName> -SasToken $SasToken -Protocol Https
PS C:\WINDOWS\system32> Get-AzureStorageContainer -Context $context -Container <containerName> | Set-AzureStorageContainerAcl -Permission Blob -PassThru
Set-AzureStorageContainerAcl : The remote server returned an error: (403) Forbidden. HTTP Status Code: 403 - HTTP Error Message: This request is not authorized to perform this operation.
At line:1 char:66
+ ... ner content | Set-AzureStorageContainerAcl -Permission Blob -PassThru
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : CloseError: (:) [Set-AzureStorageContainerAcl], StorageException
+ FullyQualifiedErrorId : StorageException,Microsoft.WindowsAzure.Commands.Storage.Cmdlet.SetAzureStorageContainer
AclCommand
通过存储帐户密钥
PS C:\WINDOWS\system32> $SAK = "storage account key"
PS C:\WINDOWS\system32> $context = New-AzureStorageContext -StorageAccountName <accountName> -Protocol Https -StorageAccountKey $SAK
PS C:\WINDOWS\system32> Get-AzureStorageContainer -Context $context -Container <containerName> | Set-AzureStorageContainerAcl -Permission Blob -PassThru
Blob End Point: https://<accountname>.blob.core.windows.net/
Name PublicAccess LastModified
---- ------------ ------------
<name> Blob 11/6/2018 12:45:48 AM +00:00
答案 0 :(得分:0)
这曾经奏效吗?这意味着您能够通过之前的相同命令设置容器权限。如果答案是否定的,我将为您提供有关如何通过CLI进行操作的说明。如果是,请尝试升级您的Powershell版本