检查Azure存储队列是否存在

问题描述 投票:0回答:2

我想通过调用 Azure Storage v12 API 中的 

Azure.Storage.Queues.ExistsAsync(CancellationToken cancellationToken = default)
方法来检查 Azure 存储队列是否存在。我尝试根据业务要求通过 SAS 令牌执行此操作,但收到如下授权错误:

Azure.RequestFailedException: This request is not authorized to perform this operation.
Status: 403 
ErrorCode: AuthorizationFailure

在堆栈跟踪中,我可以看到这一行在 API 中引发了错误:

Azure.Storage.Queues.QueueRestClient.GetPropertiesAsync(Nullable`1 timeout, CancellationToken cancellationToken)

我使用的API如下所示:

var serviceQueueClient = new QueueClient(GetServiceSasToken());
return await serviceQueueClient.ExistsAsync(); // this line throws the exception

private Uri GetServiceSasToken()
{
    var queueSasBuilder = new QueueSasBuilder()
    {
        ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(15),
        QueueName = _queueName, // Name of my queue, which exists on Azure Portal
        Protocol = SasProtocol.Https
    };

    queueSasBuilder.SetPermissions(QueueSasPermissions.Read | QueueSasPermissions.Add | QueueSasPermissions.Process);
    StorageSharedKeyCredential storageSharedKeyCredential = new(_accountName, _accountKey); // storage account name, and the access key
    var sasQueryParams = queueSasBuilder.ToSasQueryParameters(storageSharedKeyCredential).ToString();
    return new UriBuilder()
    {
        Scheme = "https",
        Host = $"{_accountName}.queue.core.windows.net",
        Path = _queueName,
        Query = sasQueryParams
    }.Uri;
}

我还尝试使用帐户 SAS 令牌,如下所示,但这也失败并出现相同的错误。

var serviceQueueClient = new QueueClient(GetAccountSasToken());
return await serviceQueueClient.ExistsAsync(); // this line throws the exception

private Uri GetAccountSasToken()
{
    var queueSasBuilder = new AccountSasBuilder()
    {
        Services = AccountSasServices.Queues,
        ResourceTypes = AccountSasResourceTypes.Service | AccountSasResourceTypes.Container | AccountSasResourceTypes.Object,
        ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(15),
        Protocol = SasProtocol.Https
    };

    queueSasBuilder.SetPermissions(AccountSasPermissions.Create | AccountSasPermissions.List | AccountSasPermissions.Read);
    StorageSharedKeyCredential storageSharedKeyCredential = new(_accountName, _accountKey); // storage account name, and the access key
    var sasQueryParams = queueSasBuilder.ToSasQueryParameters(storageSharedKeyCredential).ToString();
    return new UriBuilder()
    {
        Scheme = "https",
        Host = $"{_accountName}.queue.core.windows.net",
        Path = _queueName,
        Query = sasQueryParams
    }.Uri;
}

我设法在同一个 kubernetes pod 中以类似的方式操作 Azure Blob,因此专用端点在我的环境中应该可以正常工作。 我错过了什么?

.net azure azure-storage azure-queues azure-storage-queues
2个回答
1
投票

从我这边复制后,我收到了同样的错误。

enter image description here

您遇到此问题是因为存储帐户启用了防火墙。

enter image description here

确保添加 IP 地址范围以允许从 Internet 或本地网络进行访问。

enter image description here

按照上述操作后我可以得到预期的结果。

enter image description here

0
投票

我有同样的问题,但存储帐户没有防火墙保护它。

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.