azure 无法创建Blob容器：此请求无权执行此操作

umuewwlo 于 2022-12-14 发布在其他

关注(0)|答案(2)|浏览(222)

我正在尝试使用Azure的Python API在Azure存储帐户中创建blob容器。

def create_storage_container(storageAccountName: str, containerName: str):
    print(
        f"Creating storage container '{containerName}'",
        f"in storage account '{storageAccountName}'"
    )
    credentials = DefaultAzureCredential()
    url = f"https://{storageAccountName}.blob.core.windows.net"
    blobClient = BlobServiceClient(account_url=url, credential=credentials)
    containerClient = blobClient.get_container_client(containerName)
    containerClient.create_container()

在create_container()上，我得到错误：

Exception has occurred: HttpResponseError
This request is not authorized to perform this operation.
RequestId:8a3f8af1-101e-0075-3351-074949000000
Time:2022-12-03T20:00:25.5236364Z
ErrorCode:AuthorizationFailure
Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:8a3f8af1-101e-0075-3351-074949000000
Time:2022-12-03T20:00:25.5236364Z</Message></Error>

存储帐户的创建方式如下：

# Creates a storage account if it does not already exist.
# Returns the name of the storage account.
def create_storage_account(
    resourceGroupName: str, location: str,
    subscriptionId: str, storageAccountName: str
):

    credentials = AzureCliCredential()

    # Why does this have creation powers for storage accounts
    # instead of the ResourceManagementClient?
    storageClient = StorageManagementClient(
        credentials, subscriptionId, "2018-02-01"
    )
    params = {
        "sku": {"name": "Standard_LRS", "tier": "Standard"},
        "kind": "StorageV2",
        "location": location,
        "supportsHttpsTrafficOnly": True,
    }

    result = storageClient.storage_accounts.begin_create(
        resourceGroupName, storageAccountName, params
    )  # type:ignore
    storageAccount = result.result(120)
    print(f"Done creating storage account with name: {storageAccount.name}")

像这样生成的存储帐户似乎具有完全开放的网络访问，所以我认为这不会是一个问题。
存储帐户网络设置：

如何修复此错误或以编程方式以其他方式创建存储容器？
谢谢

Azure

来源：https://stackoverflow.com/questions/74670530/cant-create-blob-container-this-request-is-not-authorized-to-perform-this-oper

2条答案

按热度按时间

2ul0zpep1#

我在我的环境中尝试，但在结果中得到相同的错误：
控制台：

如果要访问存储帐户，则需要类似**Storage-blob-contributor或storage-blob-owner**的角色。
转到门户-〉存储帐户-〉访问控制（IAM）-〉添加-〉添加角色分配-〉存储blob贡献者或存储blob所有者。

门户网站：

将角色分配给我存储帐户后，我执行了相同代码，它成功创建了容器 *
代码：

from  azure.storage.blob  import  BlobServiceClient
from  azure.identity  import  DefaultAzureCredential

storageAccountName="venkat123"
containerName="test"

def create_storage_container():
    print(
        f"Creating storage container '{containerName}'",
        f"in storage account '{storageAccountName}'"
    )
    credentials = DefaultAzureCredential()
    url = f"https://{storageAccountName}.blob.core.windows.net"
    blobClient = BlobServiceClient(account_url=url, credential=credentials)
    containerClient = blobClient.get_container_client(containerName)
    containerClient.create_container()
    print("Container created")
create_storage_container()

控制台：