我正在使用 Nodejs 创建一个 API,它使用 Azure Identtiy 和 Arm-storage Sdk 创建存储帐户。问题是,当我运行下面的代码时,我会收到授权错误,我似乎无法解决。我已经设置了各种授权,但在 Azure AD 中的注册应用程序上不断收到此错误。
下面是我的代码:
const storageAccountName = params.CustomerID;
const location =params.SelectedRegion;
// Initialize the Azure Storage Management client
const credentials = new DefaultAzureCredential({
managedIdentityClientId: process.env.AZURE_CLIENT_ID,
clientSecret: process.env.AZURE_CLIENT_SECRET,
tenantId: process.env.AZURE_TENANT_ID
});
// const credentials = new DefaultAzureCredential();
const storageClient = new StorageManagementClient(credentials, subscriptionId);
// Define the properties of the storage account
const storageAccountParameters = {
sku: {
name: "Standard_LRS",
},
kind: "StorageV2",
location: location,
accessTier: "Hot",
};
try {
// Create the storage account
const operationResponse = await storageClient.storageAccounts.beginCreateAndWait(
resourceGroupName,
storageAccountName,
storageAccountParameters
);`
}catch (err) {
console.error("Error creating Storage Account:", err.message);
throw new Error(`${err.message}`);
}
我尝试授予应用程序注册和Azure广告权限。但错误仍然存在。我正在使用的帐户具有贡献者角色,因此这不应该是问题。问题出在应用程序注册上。
上述错误告诉我们您没有创建存储帐户的适当权限。
在代码中,您需要使用
clientsecretcredential
创建具有贡献者角色的存储帐户。
我有一个名为
testvenkat
的应用程序,它具有 contributor
角色,如下所示:
传送门:
现在,您可以使用以下代码通过应用程序注册来创建存储。
代码:
const {ClientSecretCredential} = require("@azure/identity");
const { StorageManagementClient } = require("@azure/arm-storage");
const subscriptionId = "your-subscription-id";
const resourceGroupName = "your-resource-group-name";
const storageAccountName = "venkat678";
const location = "East US";
const credentials = new ClientSecretCredential(
"your-tenant-id",
"your-client-id",
"your-client-secret"
);
const storageClient = new StorageManagementClient(credentials, subscriptionId);
const storageAccountParameters = {
sku: {
name: "Standard_LRS",
},
kind: "StorageV2",
location: location,
accessTier: "Hot",
};
try {
const operationResponse = storageClient.storageAccounts.beginCreateAndWait(
resourceGroupName,
storageAccountName,
storageAccountParameters
);
console.log("Storage account created successfully");
} catch (err) {
console.error("Error creating storage account:", err.message);
}
输出:
Storage account created successfully
传送门:
此外,如果您的应用程序注册没有贡献者角色,请尝试分配
Storage account contributor role
。