我正在尝试使用Powershell获取Azure Blob容器信息。我正在使用以下脚本。
我尝试将 Set-AzStorageContainerAcl 更改为 Blob 和 Container 仍然没有运气。
$StorageAccounts = Get-AzStorageAccount
FOREACH ($StorageAccount in $StorageAccounts) {
$AllContainers = Get-AzStorageContainerAcl -Context $StorageAccount.Context
$AccountCapacity = 0
FOREACH ($Container in $AllContainers) {
$ListOfBLobs = Get-AzStorageBlob -Container $Container.Name -Context $StorageAccount.Context
$length = 0
$BlobCapacity = 0
$BlobCapacity = ($listOfBlobs | Measure-Object 'Length' -Sum).Sum
$AccountCapacity = $AccountCapacity + $BlobCapacity
}
当我使用我的凭据时,此方法有效。但是,当我尝试使用App Registration连接到Subscription时,出现了以下错误。
Get-AzStorageContainerAcl : The client 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx' with object id 'xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx' does not have authorization to perform action 'Microsoft.Storage/storageAccounts/listKeys/action' over scope
'/subscriptions/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx/resourceGroups/ResourceGroupName/providers/Microsoft.Storage/storageAccounts/StorageAccountName' or the scope is invalid. If access was recently granted, please refresh your credentials.
At line:11 char:30
+ ... ontainers = Get-AzStorageContainerAcl -Context $StorageAccount.Contex ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Get-AzStorageContainer], CloudException
+ FullyQualifiedErrorId : Microsoft.Rest.Azure.CloudException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageContainerCommand
答案 0 :(得分:0)
似乎您没有为Application授予访问存储帐户或订阅的正确RBAC权限。
https://docs.microsoft.com/en-us/azure/role-based-access-control/role-assignments-portal
答案 1 :(得分:0)
我弄清楚了检修部分。它是Set-AzStorageContainerAcl。
但是,我在上述问题中粘贴的脚本仅花费一个小时即可通过一个存储帐户。我想要的只是存储帐户使用的数据大小。
因此,该订阅具有多个存储帐户。每个存储帐户中都有100多个容器。我需要每个存储帐户使用的合并最终数据,该数据是所有容器数据的总和。
Get-AzStorageBlob -Container $Container.Name -Context $StorageAccount.Context
遍历所有容器的Get-AzStorageBlob永远都需要花费时间。