通过托管身份通过 Azure SQL 数据库访问 Azure Blob 存储

Question

我尝试根据以下一组步骤通过托管标识通过 Azure SQK 数据库连接到 Azure Blob 存储：

为服务器分配身份
以贡献者身份访问 Blob 存储上的服务器

执行以下查询

创建主密钥

 CREATE DATABASE SCOPED CREDENTIAL MSI WITH IDENTITY = 'Managed Service Identity';


     CREATE EXTERNAL DATA SOURCE [BlobStorage] WITH
 (  
     TYPE = BLOB_STORAGE,
     LOCATION = 'https://<<blobnm>>.blob.core.windows.net/<<containerNm>>',
     CREDENTIAL = MSI
 )

 create table test
 (
 c1 varchar(5),
 c2 varchar(4)
 )

 BULK INSERT test from 'poly.csv' WITH ( DATA_SOURCE = 'BlobStorage',FORMAT='csv',FIRSTROW = 2 );

但是我收到以下错误：

Cannot bulk load because the file "msi/poly.csv" could not be opened. Operating system error code 86(The specified network password is not correct.)

那么谁能告诉我我错过了什么？

Answer 1

我认为您用于在 SQL 中创建 CREDENTIALS 的命令存在错误。必须是

CREATE CREDENTIAL ServiceIdentity WITH IDENTITY = 'Managed Identity';

而不是

'Managed Service Identity'

参考https://learn.microsoft.com/en-us/sql/t-sql/statements/create-credential-transact-sql?view=sql-server-ver15

Answer 2

“托管服务身份”的数据库范围凭据很好。但是存储帐户的 RBAC 权限需要是“Storage Blob Data Contributor”，而不是“Contributor”

Answer 3

Step 1: Creating a Master Key

CREATE MASTER KEY ENCRYPTION BY PASSWORD = '<password>';

--Step 2: Using Managed Identity

CREATE DATABASE SCOPED CREDENTIAL [ManagedID] WITH IDENTITY = 'Managed Service Identity';

--Step 3: Creating an External Data Source
CREATE EXTERNAL DATA SOURCE [exportcsv] WITH 
(TYPE = BLOB_STORAGE,
LOCATION = 'https://storageaccount.blob.core.windows.net/file',
CREDENTIAL = ManagedID);

-- Bulk Insert Operation
BULK INSERT [dbo].[ks] FROM 'filename.csv'
WITH ( DATA_SOURCE = 'exportcsv',
FIRSTROW = 2,
FIELDTERMINATOR = ',',
ROWTERMINATOR = '\n');

Answer 4

导致此错误的原因有很多。我列出了一些原因如下：

检查SAS密钥是否已过期？请检查允许的权限。
您创建 SECRET 时是否删除了问号？

CREATE DATABASE SCOPED CREDENTIAL UploadInvoices
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'sv=2019-12-12******2FspTCY%3D'

我也尝试了以下测试，效果很好。我的 csv 文件没有标题。

CREATE MASTER KEY ENCRYPTION BY PASSWORD = '***';
go

CREATE DATABASE SCOPED CREDENTIAL UploadInvoices
WITH IDENTITY = 'SHARED ACCESS SIGNATURE',
SECRET = 'sv=2019-12-12&ss=bfqt&srt=sco&sp******%2FspTCY%3D'; -- dl


CREATE EXTERNAL DATA SOURCE MyAzureInvoices
    WITH (
        TYPE = BLOB_STORAGE,
        LOCATION = 'https://***.blob.core.windows.net/<container_name>',
        CREDENTIAL = UploadInvoices
    );

BULK INSERT production.customer
FROM 'bs140513_032310-demo.csv'
WITH
    (
        DATA_SOURCE = 'MyAzureInvoices',
        FORMAT = 'CSV',
        ERRORFILE = 'load_errors_TABLE_B',
        ERRORFILE_DATA_SOURCE = 'MyAzureInvoices',
        FIRSTROW = 2
    )
GO

通过托管身份通过 Azure SQL 数据库访问 Azure Blob 存储

问题描述投票：0回答：4

4个回答

最新问题

通过托管身份通过 Azure SQL 数据库访问 Azure Blob 存储

问题描述 投票：0回答：4

4个回答

最新问题

问题描述投票：0回答：4