使用服务连接器集成 Azure Blob 存储

2024-09-26

本页显示了使用服务连接器时支持的 Azure Blob 存储的身份验证类型、客户端类型和示例代码。此页面还显示了你在创建服务连接时获得的默认环境变量名称和值（或 Spring Boot 配置）。

受支持的计算服务

服务连接器可用于将以下计算服务连接到 Azure Blob 存储：

Azure 应用程序服务
Azure Container Apps
Azure Functions
Azure Kubernetes 服务 (AKS)
Azure Spring Apps

受支持的身份验证类型和客户端类型

下表显示了使用服务连接器将计算服务连接到 Azure Blob 存储时受支持的身份验证方法和客户端的组合。 “是”表示支持该组合，“否”表示不支持该组合。

客户端类型	系统分配的托管标识	用户分配的托管标识	机密/连接字符串	服务主体
.NET	是	是	是	是
Java	是	是	是	是
Java - Spring Boot	是	是	是	是
Node.js	是	是	是	是
Python	是	是	是	是
Go	是	是	是	是
无	是	是	是	是

此表明确指出支持客户端类型和身份验证方法的所有组合，但 Java - Spring Boot 客户端类型除外，它们仅支持机密/连接字符串方法。所有其他客户端类型都可通过服务连接器使用任何身份验证方法连接到 Azure Blob 存储。

默认环境变量名称或应用程序属性和示例代码

根据连接的身份验证类型和客户端类型，参考下表中的连接详细信息和示例代码，将计算服务连接到 Azure Blob 存储。有关详细信息，请参阅服务连接器环境变量命名约定。

系统分配的托管标识

SpringBoot 客户端

使用系统分配的托管标识进行身份验证仅适用于 Spring Cloud Azure 版本 4.0 或更高版本。

默认环境变量名称	说明	示例值
spring.cloud.azure.storage.blob.credential.managed-identity-enabled	是否要启用托管标识	`True`
spring.cloud.azure.storage.blob.account-name	存储帐户的名称	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`

其他客户端

默认环境变量名称	说明	示例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`

代码示例

请参考以下步骤和代码，使用系统分配的托管标识连接到 Azure Blob 存储。

可以使用 azure-identity 通过托管标识或服务主体进行身份验证。从服务连接器添加的环境变量中获取 Azure Blob 存储终结点 URL。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

安装依赖项

dotnet add package Azure.Identity

下面是使用托管标识或服务主体连接到 Blob 存储的示例代码。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

使用 azure-identity 进行身份验证，并从服务连接器添加的环境变量中获取终结点 URL。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安装依赖项

pip install azure-identity
pip install azure-storage-blob

使用 azure-identity 库进行身份验证，并从服务连接器添加的环境变量中获取终结点 URL。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安装依赖项。

pip install azure-identity
pip install django-storages[azure]

通过 azure-identity 库进行身份验证。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在设置文件中添加以下行。有关详细信息，请参阅 django-storages[azure]。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安装依赖项。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

在代码中，通过 azidentity 库进行身份验证。从服务连接器添加的环境变量中获取 Azure Blob 存储终结点 URL。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安装依赖项

npm install --save @azure/identity
npm install @azure/storage-blob

从服务连接器添加的环境变量中获取 Azure Blob 存储终结点 URL。通过 @azure/identity 库进行身份验证。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

用户分配的托管标识

SpringBoot 客户端

使用用户分配的托管标识进行身份验证仅适用于 Spring Cloud Azure 版本 4.0 或更高版本。

默认环境变量名称	说明	示例值
spring.cloud.azure.storage.blob.credential.managed-identity-enabled	是否要启用托管标识	`True`
spring.cloud.azure.storage.blob.account-name	存储帐户的名称	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.credential.client-id	用户分配的托管标识的客户端 ID	`00001111-aaaa-2222-bbbb-3333cccc4444`

其他客户端

默认环境变量名称	说明	示例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`
AZURE_STORAGEBLOB_CLIENTID	客户端 ID	`<client-ID>`

代码示例

请参考以下步骤和代码，使用用户分配的托管标识连接到 Azure Blob 存储。

安装依赖项

dotnet add package Azure.Identity

下面是使用托管标识或服务主体连接到 Blob 存储的示例代码。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安装依赖项

pip install azure-identity
pip install azure-storage-blob

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安装依赖项。

pip install azure-identity
pip install django-storages[azure]

通过 azure-identity 库进行身份验证。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在设置文件中添加以下行。有关详细信息，请参阅 django-storages[azure]。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安装依赖项。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安装依赖项

npm install --save @azure/identity
npm install @azure/storage-blob

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

连接字符串

警告

Microsoft 建议使用最安全的可用身份验证流。本过程中介绍的身份验证流程需要非常高的信任度，并携带其他流中不存在的风险。请仅在无法使用其他更安全的流（例如托管标识）时才使用此流。

SpringBoot 客户端

应用程序属性	说明	示例值
azure.storage.account-name	Blob 存储帐户名称	`<storage-account-name>`
azure.storage.account-key	Blob 存储帐户密钥	`<account-key>`
azure.storage.blob-endpoint	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.account-name	Spring Cloud Azure 4.0 或更高版本的 Blob 存储帐户名称	`<storage-account-name>`
spring.cloud.azure.storage.blob.account-key	Spring Cloud Azure 4.0 或更高版本的 Blob 存储帐户密钥	`<account-key>`
spring.cloud.azure.storage.blob.endpoint	Spring Cloud Azure 4.0 或更高版本的 Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`

其他客户端

默认环境变量名称	说明	示例值
AZURE_STORAGEBLOB_CONNECTIONSTRING	Blob 存储连接字符串	`DefaultEndpointsProtocol=https;AccountName=<account name>;AccountKey=<account-key>;EndpointSuffix=core.windows.net`

代码示例

请参考以下步骤和代码，使用连接字符串连接到 Azure Blob 存储。

从服务连接器添加的环境变量中获取 Azure Blob 存储连接字符串。

安装依赖项

dotnet add package Azure.Storage.Blob

using Azure.Storage.Blobs;
using Azure.Storage.Blobs.Models;
using System; 

// get Blob connection string
var connectionString = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CONNECTIONSTRING");

// Create a BlobServiceClient object 
var blobServiceClient = new BlobServiceClient(connectionString);

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>

从环境变量中获取连接字符串以连接到 Azure Blob 存储：

String connectionStr = System.getenv("AZURE_STORAGEBLOB_CONNECTIONSTRING");
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .connectionString(connectionStr)
    .buildClient();

安装依赖项
```
pip install azure-storage-blob
```

从服务连接器添加的环境变量中获取 Azure Blob 存储连接字符串。

from azure.storage.blob import BlobServiceClient
import os

connection_str = os.getenv('AZURE_STORAGEBLOB_CONNECTIONSTRING')

blob_service_client = BlobServiceClient.from_connection_string(connection_str)

安装依赖项。
```
pip install django-storages[azure]
```
根据 django 版本，在 Django 设置文件中配置并设置 Azure Blob 存储后端。有关详细信息，请参阅 django-storages[azure]。

在设置文件中添加以下行。

# in your setting file, eg. settings.py
AZURE_CONNECTION_STRING = os.getenv('AZURE_STORAGEBLOB_CONNECTIONSTRING')

安装依赖项。

go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

从服务连接器添加的环境变量中获取 Azure Blob 存储连接字符串。

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  connection_str = os.LookupEnv("AZURE_STORAGEBLOB_CONNECTIONSTRING")     
  client, err := azblob.NewClientFromConnectionString(connection_str, nil);
}

安装依赖项
```
npm install @azure/storage-blob
```

从服务连接器添加的环境变量中获取 Azure Blob 存储连接字符串。

const { BlobServiceClient } = require("@azure/storage-blob");

const connection_str = process.env.AZURE_STORAGEBLOB_CONNECTIONSTRING;
const blobServiceClient = BlobServiceClient.fromConnectionString(connection_str);

服务主体

SpringBoot 客户端

使用服务主体进行身份验证仅适用于 Spring Cloud Azure 版本 4.0 或更高版本。

默认环境变量名称	说明	示例值
spring.cloud.azure.storage.blob.account-name	存储帐户的名称	`storage-account-name`
spring.cloud.azure.storage.blob.endpoint	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`
spring.cloud.azure.storage.blob.credential.client-id	服务主体的客户端 ID	`00001111-aaaa-2222-bbbb-3333cccc4444`
spring.cloud.azure.storage.blob.credential.client-secret	用于执行服务主体身份验证的客户端密码	`Aa1Bb~2Cc3.-Dd4Ee5Ff6Gg7Hh8Ii9_Jj0Kk1Ll2`

其他客户端

默认环境变量名称	说明	示例值
AZURE_STORAGEBLOB_RESOURCEENDPOINT	Blob 存储终结点	`https://<storage-account-name>.blob.core.windows.net/`
AZURE_STORAGEBLOB_CLIENTID	客户端 ID	`<client-ID>`
AZURE_STORAGEBLOB_CLIENTSECRET	客户端密码	`<client-secret>`
AZURE_STORAGEBLOB_TENANTID	租户 ID	`<tenant-ID>`

代码示例

请参考以下步骤和代码，使用服务主体连接到 Azure Blob 存储。

安装依赖项

dotnet add package Azure.Identity

下面是使用托管标识或服务主体连接到 Blob 存储的示例代码。

using Azure.Identity;
using Azure.Storage.Blobs;

// get Blob endpoint
var blobEndpoint = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_RESOURCEENDPOINT");

// Uncomment the following lines corresponding to the authentication type you want to use.
// system-assigned managed identity
// var credential = new DefaultAzureCredential();

// user-assigned managed identity
// var credential = new DefaultAzureCredential(
//     new DefaultAzureCredentialOptions
//     {
//         ManagedIdentityClientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
//     });

// service principal 
// var tenantId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_TENANTID");
// var clientId = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTID");
// var clientSecret = Environment.GetEnvironmentVariable("AZURE_STORAGEBLOB_CLIENTSECRET");
// var credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

var blobServiceClient = new BlobServiceClient(
        new Uri(blobEndpoint),
        credential);

将以下依赖项添加到 pom.xml 文件：

<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-storage-blob</artifactId>
</dependency>
<dependency>
    <groupId>com.azure</groupId>
    <artifactId>azure-identity</artifactId>
    <version>1.1.5</version>
</dependency>

String url = System.getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT");  

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder().build();

// for user assigned managed identity
// DefaultAzureCredential defaultCredential = new DefaultAzureCredentialBuilder()
//     .managedIdentityClientId(System.getenv("AZURE_STORAGEBLOB_CLIENTID"))
//     .build();

// for service principal
// ClientSecretCredential defaultCredential = new ClientSecretCredentialBuilder()
//   .clientId(System.getenv("<AZURE_STORAGEBLOB_CLIENTID>"))
//   .clientSecret(System.getenv("<AZURE_STORAGEBLOB_CLIENTSECRET>"))
//   .tenantId(System.getenv("<AZURE_STORAGEBLOB_TENANTID>"))
//   .build();

BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
    .endpoint(url)
    .credential(defaultCredential)
    .buildClient();

安装依赖项

pip install azure-identity
pip install azure-storage-blob

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
from azure.storage.blob import BlobServiceClient
import os

account_url = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret) 

blob_service_client = BlobServiceClient(account_url, credential=cred)

安装依赖项。

pip install azure-identity
pip install django-storages[azure]

通过 azure-identity 库进行身份验证。使用下面的代码时，请对要使用的身份验证类型的代码片段的一部分取消评论。

from azure.identity import ManagedIdentityCredential, ClientSecretCredential
import os

# Uncomment the following lines corresponding to the authentication type you want to use.
# system assigned managed identity
# cred = ManagedIdentityCredential()

# user assigned managed identity
# managed_identity_client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# cred = ManagedIdentityCredential(client_id=managed_identity_client_id)

# service principal
# tenant_id = os.getenv('AZURE_STORAGEBLOB_TENANTID')
# client_id = os.getenv('AZURE_STORAGEBLOB_CLIENTID')
# client_secret = os.getenv('AZURE_STORAGEBLOB_CLIENTSECRET')
# cred = ClientSecretCredential(tenant_id=tenant_id, client_id=client_id, client_secret=client_secret)

在设置文件中添加以下行。有关详细信息，请参阅 django-storages[azure]。

# in your setting file, eg. settings.py
AZURE_CUSTOM_DOMAIN = os.getenv('AZURE_STORAGEBLOB_RESOURCEENDPOINT')
AZURE_ACCOUNT_NAME = AZURE_CUSTOM_DOMAIN.split('.')[0].removeprefix('https://')    
AZURE_TOKEN_CREDENTIAL = cred # this is the cred acquired from above step.

安装依赖项。

go get "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
go get "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"

import (
  "context"

  "github.com/Azure/azure-sdk-for-go/sdk/azidentity"
  "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
)


func main() {

  account_endpoint = os.Getenv("AZURE_STORAGEBLOB_RESOURCEENDPOINT")

  // Uncomment the following lines corresponding to the authentication type you want to use.
  // for system-assigned managed identity
  // cred, err := azidentity.NewDefaultAzureCredential(nil)

  // for user-assigned managed identity
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // azidentity.ManagedIdentityCredentialOptions.ID := clientid
  // options := &azidentity.ManagedIdentityCredentialOptions{ID: clientid}
  // cred, err := azidentity.NewManagedIdentityCredential(options)

  // for service principal
  // clientid := os.Getenv("AZURE_STORAGEBLOB_CLIENTID")
  // tenantid := os.Getenv("AZURE_STORAGEBLOB_TENANTID")
  // clientsecret := os.Getenv("AZURE_STORAGEBLOB_CLIENTSECRET")
  // cred, err := azidentity.NewClientSecretCredential(tenantid, clientid, clientsecret, &azidentity.ClientSecretCredentialOptions{})

  if err != nil {
    // error handling
  }

  client, err := azblob.NewBlobServiceClient(account_endpoint, cred, nil)
}

安装依赖项

npm install --save @azure/identity
npm install @azure/storage-blob

import { DefaultAzureCredential,ClientSecretCredential } from "@azure/identity";

const { BlobServiceClient } = require("@azure/storage-blob");

const account_url = process.env.AZURE_STORAGEBLOB_RESOURCEENDPOINT;

// Uncomment the following lines corresponding to the authentication type you want to use.
// for system assigned managed identity
// const credential = new DefaultAzureCredential();

// for user assigned managed identity
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const credential = new DefaultAzureCredential({
//     managedIdentityClientId: clientId
// });

// for service principal
// const tenantId = process.env.AZURE_STORAGEBLOB_TENANTID;
// const clientId = process.env.AZURE_STORAGEBLOB_CLIENTID;
// const clientSecret = process.env.AZURE_STORAGEBLOB_CLIENTSECRET;
// const credential = new ClientSecretCredential(tenantId, clientId, clientSecret);

const blobServiceClient = new BlobServiceClient(account_url, credential);

后续步骤

参考教程来详细了解服务连接器。

了解服务连接器的概念

通过

使用服务连接器集成 Azure Blob 存储

受支持的计算服务

受支持的身份验证类型和客户端类型

默认环境变量名称或应用程序属性和示例代码

系统分配的托管标识

SpringBoot 客户端

其他客户端

代码示例

用户分配的托管标识

SpringBoot 客户端

其他客户端

代码示例

连接字符串

SpringBoot 客户端

其他客户端

代码示例

服务主体

SpringBoot 客户端

其他客户端

代码示例

后续步骤

反馈

其他资源