英文:
I am not getting any container info from my storage account when using the "get-azstoragecontainer" command powershell
问题
当尝试获取我的存储帐户的容器列表时,我遇到了以下两个错误:
Get-AzStorageContainer : Retry failed after 6 tries. Retry settings can be adjusted in ClientOptions.Retry.
或
Get-AzStorageContainer : This request is not authorized to perform this operation. RequestId:0000000...
在搜索互联网时,我找到了这篇微软的博客,它基本上说你的存储帐户的网络配置不允许您检索此类信息。
我有一个具有相同网络配置的存储帐户(正常工作,我可以使用相同的命令获取容器列表),所以我将该配置复制/复制到另一个存储帐户(存在问题的存储帐户),但没有起作用。
我在不提供容器列表的存储帐户上进行的配置如下:
- 我添加了一个虚拟网络(VNET)并创建了一个专用端点,并配置了方法"Enabled from selected virtual networks and IP addresses",但我仍然遇到了这两个错误之一。
我猜想这与网络配置有关,但我不知道还有什么其他检查项。
这是我能够获取容器列表的存储帐户的配置,它连接到一个带有专用端点的VNET(第一张图片):
第二张图片显示的是我无法获取容器列表的存储帐户的网络配置:
英文:
when try to get the containers list of my storage account I am getting these 2 errors
Get-AzStorageContainer : Retry failed after 6 tries. Retry settings can be adjusted in ClientOptions.Retry.
or
Get-AzStorageContainer : This request is not authorized to perform this operation.
RequestId:0000000...
when searching over the internet I found this Microsoft's blog
it basically says your network configuration on the storage account is not allowing you to retrieve such information.
I have 1 storage account with the same network configuration (t6hat is working fine and that I can get the list of containers using the same command) so I copied/replicated that config on a different storage account (which is having the issues) but did not work.
The config I did on the storage account not giving me the list of containers is :
- I added a VNET and created a private endpoint and configured the method "Enabled from selected virtual networks and IP addresses" but I am still getting one of those 2 errors
I am guessing is something related to the network config but I don't know what else to check.
this is the config of one of the storage accounts I am able to get the list of containers it is connected to a VNET with a private endpoint created (1st image)
the second image is to show the network config of the storage account I am not able to get the list of containers
答案1
得分: 1
已创建存储帐户并启用了所选虚拟网络和 IP 地址:
在虚拟网络内的存储帐户中创建了私有终结点:
当我尝试获取与私有终结点连接的容器列表时,出现了相同的错误:
Get-AzStorageContainer:此请求未获得授权执行此操作。请求标识:0000000...
要解决此问题,请执行以下步骤:
确保在防火墙设置中将客户端 IP 地址添加为允许从互联网或本地网络访问的地址。这些规则允许访问特定的基于互联网的服务和本地网络,并阻止一般的互联网流量,以便存储帐户检索容器列表:
- 检查与私有终结点连接的子网关联的任何网络安全组 (NSG)。即使私有终结点已正确配置,NSG 可能会阻止与存储帐户之间的流量。确保 NSG 规则允许与存储帐户之间的流量。
- 检查是否已为存储帐户添加了 RBAC 角色 "Storage Blob 数据贡献者",这应该为列出容器提供了必要的权限。
现在,在添加客户端 IP 后,使用以下命令获取容器列表:
$resourceGroupName="RGName"
$storageAccName="StorageName"
#Function to get all the containers
Function GetAllStorageContainer
{
Write-Host -ForegroundColor Green "Retrieving storage container.."
## Get the storage account from which container has to be retrieved
$storageAcc=Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName
## Get the storage account context
$ctx=$storageAcc.Context
## List all the containers
$containers=Get-AzStorageContainer -Context $ctx
foreach($container in $containers)
{
write-host -ForegroundColor Yellow $container.Name
}
}
GetAllStorageContainer
英文:
Created storage account and enabled from selected virtual networks and IP addresses:
Created private endpoint in storage account within the virtual network:
when I tried to get the list of containers it is connected to a VNET with a private endpoint and got the same error:
Get-AzStorageContainer : This request is not authorized to perform this operation. RequestId:0000000...
To resolve this issue, check the below steps:
Ensure that in firewall settings add the client IP addresses to allow access from the internet or on-premises network. These rules grant access to specific internet-based services and on-premises networks and block general internet traffic and allow your storage account to retrieve the container list:
- Check any NSGs associated with the subnet that the private endpoint is connected to. NSGs can block traffic to and from the storage account, even if the private endpoint is configured correctly. Make sure that the NSG rules allow traffic to and from the storage account.
- Check you have added RBAC role Storage blob data contributor for your storage account which should provide the necessary permissions to list containers.
Now, after adding client IP make use of below command to get the list of containers:
$resourceGroupName= "RGName"
$storageAccName="StorageName"
#Function to get all the containers
Function GetAllStorageContainer
{
Write-Host -ForegroundColor Green "Retrieving storage container.."
## Get the storage account from which container has to be retrieved
$storageAcc=Get-AzStorageAccount -ResourceGroupName $resourceGroupName -Name $storageAccName
## Get the storage account context
$ctx=$storageAcc.Context
## List all the containers
$containers=Get-AzStorageContainer -Context $ctx
foreach($container in $containers)
{
write-host -ForegroundColor Yellow $container.Name
}
}
GetAllStorageContainer
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论