无法从ARM模板正确生成SAS令牌中的signedVersion
我使用以下示例生成SAS并将App Service配置为将https和应用程序日志发送到blob。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "[concat('storage', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of Storage Account."
}
},
"blobContainerName": {
"type": "string",
"defaultValue": "[concat(parameters('webAppName'), '-logs')]",
"metadata": {
"description": "The name of Blob Container to store diagnostics logs from Web App."
}
},
"storageAccountSkuName": {
"type": "string",
"defaultValue": "Standard_LRS",
"metadata": {
"description": "The name of the App Service Plan."
}
},
"storageAccountKind": {
"type": "string",
"defaultValue": "StorageV2",
"metadata": {
"description": "The name of the Storage Account Type."
}
},
"appServicePlanName": {
"type": "string",
"defaultValue": "[concat('appServicePlan', '-', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of the App Service Plan."
}
},
"appServicePlanSkuName": {
"type": "string",
"defaultValue": "F1",
"metadata": {
"description": "The SKU name of the App Serivce Plan."
}
},
"webAppName": {
"type": "string",
"defaultValue": "[concat('webApp', '-', uniqueString(resourceGroup().id))]",
"metadata": {
"description": "The name of the Web App."
}
},
"diagnosticsLogsLevel": {
"type": "string",
"defaultValue": "Verbose",
"allowedValues": [
"Verbose",
"Information",
"Warning",
"Error"
],
"metadata": {
"description": "The degree of severity for diagnostics logs."
}
},
"diagnosticsLogsRetentionInDays": {
"type": "int",
"defaultValue": 10,
"metadata": {
"description": "Number of days for which the diagnostics logs will be retained."
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"blobContainerName": "[toLower(parameters('blobContainerName'))]",
"listAccountSasRequestContent": {
"signedServices": "bfqt",
"signedPermission": "rwdlacup",
"signedStart": "2018-10-01T00:00:00Z",
"signedExpiry": "2218-10-30T00:00:00Z",
"signedResourceTypes": "sco"
}
},
"resources": [
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Storage/storageAccounts",
"name": "[parameters('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[parameters('storageAccountSkuName')]"
},
"kind": "[parameters('storageAccountKind')]",
"resources": [
{
"name": "[concat('default/', variables('blobContainerName'))]",
"type": "blobServices/containers",
"apiVersion": "2018-02-01",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"publicAccess": "Blob"
}
}
]
},
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Web/serverfarms",
"name": "[parameters('appServicePlanName')]",
"location": "[parameters('location')]",
"sku": {
"Name": "[parameters('appServicePlanSkuName')]"
}
},
{
"apiVersion": "2018-02-01",
"type": "Microsoft.Web/sites",
"name": "[parameters('webAppName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]",
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"name": "[parameters('webAppName')]",
"serverFarmId": "[concat('/subscriptions/', subscription().id,'/resourcegroups/', resourceGroup().name, '/providers/Microsoft.Web/serverfarms/', parameters('appServicePlanName'))]"
},
"resources": [
{
"apiVersion": "2018-02-01",
"type": "config",
"name": "logs",
"dependsOn": [
"[concat('Microsoft.Web/sites/', parameters('webAppName'))]"
],
"properties": {
"applicationLogs": {
"azureBlobStorage": {
"level": "[parameters('diagnosticsLogsLevel')]",
"sasUrl": "[concat(reference(concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))).primaryEndpoints.blob, variables('blobContainerName'), '?', listAccountSas(parameters('storageAccountName'), '2018-02-01', variables('listAccountSasRequestContent')).accountSasToken)]",
"retentionInDays": "[parameters('diagnosticsLogsRetentionInDays')]"
}
}
}
}
]
}
]
}
当我尝试记录使用此ARM模板部署的AppService之一的流时,看到以下错误消息:缺少有效的共享访问签名的必需参数。
此错误的根本原因是什么?
P.S如果我从Portal或Azure Storage Explorer手动生成SAS,我会看到sv = 2018-03-28,Portal和Azure Storage Explorer的SAS也具有sr = c参数。
2 个答案:
答案 0 :(得分:1)
Azure团队工程师提供了工作代码。见下文。
"variables": {
"blobContainerName": "[toLower(parameters('blobContainerName'))]",
"serviceSasProperties": {
"canonicalizedResource": "[concat('/blob/', parameters('storageAccountName'),'/',parameters('blobContainerName'))]",
"signedResource": "c",
"signedPermission": "rwdl",
"signedstart":"2017-08-20T11:00:00Z",
"signedExpiry": "2020-08-20T11:00:00Z",
"signedversion": "2015-04-05"
}
},
"sasUrl": "[concat('https://',parameters('storageAccountName'),'.blob.core.windows.net/',parameters('blobContainerName'),'?',listServiceSas(parameters('storageAccountName'), '2018-07-01', variables('serviceSasProperties')).serviceSasToken)]",
答案 1 :(得分:0)
您提供的SAS URI似乎不正确,它混合了帐户SAS和服务SAS的参数。 https://xxxstorage.blob.core.windows.net/httplogs这一部分看起来应该是Service SAS URI,但是它具有ss=bfqt和srt=sco参数,它们属于帐户SAS令牌的参数。
有关更多详细信息,您可以参考这些链接。
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?