英文:
How can I test for when an Azure Storage Account network rule has actually taken effect
问题
我有一个管道,将代理的当前IP加入存储帐户的网络规则白名单:
az storage account network-rule add
然后立即进入下一个任务,该任务需要在存储帐户的某个容器内访问。由于网络规则生效需要5-30秒的时间,任务需要重试逻辑,因为几乎总是返回以下错误:
autorest/azure: 服务返回了一个错误。状态=403 代码="AuthorizationFailure" 消息="此请求未被授权执行此操作"
经过足够的时间和重试后,任务将愉快地继续。我想知道是否有一种推荐的方法来编写一个循环,测试对容器的访问,并只在防火墙规则实际应用后退出循环。
英文:
I have a pipeline that will whitelist the agents current IP to a storage account's network rules with:
az storage account network-rule add
It then immediately moves to the next task which requires access within one of the storage account's containers. Because there is a 5-30 second period where the network rule is taking effect, the task needs retry logic because it almost always returns:
autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation
After enough time and retries have passed, then task will then happily continue. I was wondering if there was a recommended method for writing a loop that tests access to the container and only exits the loop when the firewall rule has actually been applied.
答案1
得分: 0
我在我的环境中尝试并获得了以下结果:
如何测试 Azure 存储帐户网络规则何时实际生效
您可以使用以下 PowerShell 命令在应用网络规则后测试对容器的访问。
命令:
$storageAccountName = ""
$resourceGroupName = ""
$containerName = ""
$currentIP = ""
$storageAccountKey = ""
# 将当前 IP 添加到网络规则
az storage account network-rule add --resource-group $resourceGroupName --account-name $storageAccountName --ip-address $currentIP
Start-Sleep -Seconds 30
# 等待网络规则生效
while ($true)
{
# 测试对容器的访问
try {
Get-AzStorageBlob -Container $containerName -Context (New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey)
# 如果访问成功,则退出循环
break
}
catch {
# 再次尝试前等待 10 秒
Start-Sleep -Seconds 5
}
}
输出:
门户:
英文:
I tried in my environment and got the below results:
> How can I test for when an Azure Storage Account network rule has actually taken effect
You can use the below powershell command to tests access to the container after network rule applied.
Command:
$storageAccountName = ""
$resourceGroupName = ""
$containerName = ""
$currentIP = ""
$storageAccountKey=""
# Add the current IP to the network rule
az storage account network-rule add --resource-group $resourceGroupName --account-name $storageAccountName --ip-address $currentIP
Start-Sleep -Seconds 30
# Wait for the network rule to take effect
while ($true)
{
# Test access to the container
try {
Get-AzStorageBlob -Container $containerName -Context (New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey)
# If the access is successful, exit the loop
break
}
catch {
# Wait for 10 seconds before trying again
Start-Sleep -Seconds 5
}
}
Output:
Portal:
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论