|
149 | 149 | "source": [ |
150 | 150 | "## Work with files in Azure Blob Storage using Managed Identities\n", |
151 | 151 | "\n", |
152 | | - "First, follow the instructions here: [Enable Managed Identity in Azure SQL](./azure-sql-enable-msi.ipynb) to enable Managed Identity for your Azure SQL database. Next, add the Azure SQL Database to the Storage Blob Data Owner role. This is done via Access Control (IAM) in the Azure Portal or via Azure CLI.\n", |
| 152 | + "### Enabling Managed Identity in Azure SQL\n", |
| 153 | + "\n", |
| 154 | + "First, follow the instructions here: [Enable Managed Identity in Azure SQL](./azure-sql-enable-msi.ipynb) to enable Managed Identity for your Azure SQL database. \n", |
| 155 | + "\n", |
| 156 | + "### Adding the database to a storage role\n", |
| 157 | + "\n", |
| 158 | + "Next, we need to add the Azure SQL Database to the Storage Blob Data Owner role. This is done via Access Control (IAM) in the Azure Portal or via Azure CLI.\n", |
153 | 159 | "To start, navigate to the container page and click **+ Add**. Then in the dropdown, click **Add role assignment**.\n", |
154 | 160 | "\n", |
155 | 161 | "\n", |
|
178 | 184 | "\n", |
179 | 185 | "\n", |
180 | 186 | "\n", |
| 187 | + "You can verify the role has been assigned on the **Role assignments** tab.\n", |
181 | 188 | "\n", |
182 | | - " , and then check how to grant to right permission on Event Hubs to the Azure SQL Manage Identity, following the instructions here: [Grant permissions to a managed identity in Azure AD](https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest#grant-permissions-to-a-managed-identity-in-azure-ad).\n", |
| 189 | + "\n", |
183 | 190 | "\n", |
184 | | - "Once that is done you just need to create a Database Scoped Credentials with the string `Managed Identity` as identity and `https://eventhubs.azure.net` as the `resourceid`:" |
| 191 | + "### Create the database scoped credentials for managed identity\n", |
| 192 | + "\n", |
| 193 | + "We need to create a new set of database scoped credentials. Use the following code to create a set of credentials for communicating with Azure Blob Storage." |
185 | 194 | ] |
186 | 195 | }, |
187 | 196 | { |
|
199 | 208 | "end\n", |
200 | 209 | "\n", |
201 | 210 | "-- create database scoped credential\n", |
202 | | - "if exists(select * from sys.database_scoped_credentials where [name] = 'https://azure-event-hubs.servicebus.windows.net') begin\n", |
203 | | - " drop database scoped credential [https://azure-event-hubs.servicebus.windows.net];\n", |
| 211 | + "if exists(select * from sys.database_scoped_credentials where [name] = 'blobby.blob.core.windows.net') begin\n", |
| 212 | + " drop database scoped credential [https://blobby.blob.core.windows.net];\n", |
204 | 213 | "end;\n", |
205 | | - "create database scoped credential [https://azure-event-hubs.servicebus.windows.net]\n", |
| 214 | + "create database scoped credential [https://blobby.blob.core.windows.net]\n", |
206 | 215 | "with identity = 'Managed Identity', \n", |
207 | | - "secret = '{\"resourceid\": \"https://eventhubs.azure.net\" }';" |
| 216 | + "secret = '{\"resourceid\": \"https://storage.azure.com\" }';" |
208 | 217 | ] |
209 | 218 | }, |
210 | 219 | { |
|
214 | 223 | "azdata_cell_guid": "59fb3012-317e-4aba-a59e-d4f97efea998" |
215 | 224 | }, |
216 | 225 | "source": [ |
217 | | - "Once this is done you can send the message using the same code as before:" |
| 226 | + "Once this is done, you can send a request to Azure Blob Storage with the managed identity credentials. In this example, we will create a new container. Just note, you need to update the date (\"x-ms-date\" : \"2023年8月09日 19:54:40 GMT\") to a recent timestamp otherwise you will get an error on submission of the request." |
218 | 227 | ] |
219 | 228 | }, |
220 | 229 | { |
|
226 | 235 | }, |
227 | 236 | "outputs": [], |
228 | 237 | "source": [ |
229 | | - "declare @payload nvarchar(max) = '{\"UserId\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\", \"FirstName\": \"John\", \"LastName\": \"Doe\"}';\n", |
230 | | - "declare @headers nvarchar(4000) = N'{\"BrokerProperties\": \"' + string_escape('{\"PartitionKey\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\"}', 'json') + '\"}'\n", |
231 | | - "declare @ret int, @response nvarchar(max)\n", |
232 | | - "\n", |
233 | | - "exec @ret = sp_invoke_external_rest_endpoint \n", |
234 | | - " @url = 'https://azure-event-hubs.servicebus.windows.net/myeventhub/messages',\n", |
235 | | - " @headers = @headers,\n", |
236 | | - " @payload = @payload,\n", |
237 | | - "\t\t@credential = [https://azure-event-hubs.servicebus.windows.net],\n", |
238 | | - " @response = @response output;\n", |
239 | | - "\n", |
240 | | - "select @response;" |
| 238 | + "declare @response nvarchar(max);\n", |
| 239 | + "declare @url nvarchar(max) = 'https://blobby.blob.core.windows.net/mycontainer?restype=container'\n", |
| 240 | + "exec sp_invoke_external_rest_endpoint\n", |
| 241 | + " @url = @url,\n", |
| 242 | + " @headers = '{\"Accept\":\"application/xml\",\"x-ms-version\" : \"2023年08月03日\",\"x-ms-date\" : \"2023年8月09日 19:54:40 GMT\"}',\n", |
| 243 | + " @method = 'PUT',\n", |
| 244 | + " @credential = [https://blobby.blob.core.windows.net],\n", |
| 245 | + " @response = @response output\n", |
| 246 | + "select cast(@response as xml)\n", |
| 247 | + "go" |
241 | 248 | ] |
242 | 249 | } |
243 | 250 | ], |
|
0 commit comments