如何测试 Azure 存储帐户网络规则实际生效

huangapple go评论70阅读模式
英文:

How can I test for when an Azure Storage Account network rule has actually taken effect

问题

我有一个管道,将代理的当前IP加入存储帐户的网络规则白名单:

az storage account network-rule add

然后立即进入下一个任务,该任务需要在存储帐户的某个容器内访问。由于网络规则生效需要5-30秒的时间,任务需要重试逻辑,因为几乎总是返回以下错误:

autorest/azure: 服务返回了一个错误。状态=403 代码="AuthorizationFailure" 消息="此请求未被授权执行此操作"

经过足够的时间和重试后,任务将愉快地继续。我想知道是否有一种推荐的方法来编写一个循环,测试对容器的访问,并只在防火墙规则实际应用后退出循环。

英文:

I have a pipeline that will whitelist the agents current IP to a storage account's network rules with:

az storage account network-rule add

It then immediately moves to the next task which requires access within one of the storage account's containers. Because there is a 5-30 second period where the network rule is taking effect, the task needs retry logic because it almost always returns:

autorest/azure: Service returned an error. Status=403 Code="AuthorizationFailure" Message="This request is not authorized to perform this operation

After enough time and retries have passed, then task will then happily continue. I was wondering if there was a recommended method for writing a loop that tests access to the container and only exits the loop when the firewall rule has actually been applied.

答案1

得分: 0

我在我的环境中尝试并获得了以下结果:

如何测试 Azure 存储帐户网络规则何时实际生效

您可以使用以下 PowerShell 命令在应用网络规则后测试对容器的访问。

命令:

$storageAccountName = ""
$resourceGroupName = ""
$containerName = ""
$currentIP = ""
$storageAccountKey = ""
# 将当前 IP 添加到网络规则
az storage account network-rule add --resource-group $resourceGroupName --account-name $storageAccountName --ip-address $currentIP

Start-Sleep -Seconds 30

# 等待网络规则生效
while ($true)
{
    # 测试对容器的访问
    try {
        Get-AzStorageBlob -Container $containerName -Context (New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey)
        # 如果访问成功,则退出循环
        break
    }
    catch {
        # 再次尝试前等待 10 秒
        Start-Sleep -Seconds 5
    }
}

输出:

如何测试 Azure 存储帐户网络规则实际生效

门户:

如何测试 Azure 存储帐户网络规则实际生效

英文:

I tried in my environment and got the below results:

> How can I test for when an Azure Storage Account network rule has actually taken effect

You can use the below powershell command to tests access to the container after network rule applied.

Command:

$storageAccountName = ""
$resourceGroupName = ""
$containerName = ""
$currentIP = ""
$storageAccountKey=""
 # Add the current IP to the network rule
az storage account network-rule add --resource-group $resourceGroupName --account-name $storageAccountName --ip-address $currentIP

Start-Sleep -Seconds 30

 # Wait for the network rule to take effect
while ($true)
{
    # Test access to the container
    try {
        Get-AzStorageBlob -Container $containerName -Context (New-AzStorageContext -StorageAccountName $storageAccountName -StorageAccountKey $storageAccountKey)
# If the access is successful, exit the loop
       break
    }
    catch {
        # Wait for 10 seconds before trying again
        Start-Sleep -Seconds 5
    }
}

Output:

如何测试 Azure 存储帐户网络规则实际生效

Portal:

如何测试 Azure 存储帐户网络规则实际生效

huangapple
  • 本文由 发表于 2023年3月4日 08:56:54
  • 转载请务必保留本文链接:https://go.coder-hub.com/75633019.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定