|
| 1 | +{ |
| 2 | + "cells": [ |
| 3 | + { |
| 4 | + "attachments": {}, |
| 5 | + "cell_type": "markdown", |
| 6 | + "metadata": { |
| 7 | + "azdata_cell_guid": "3f79ad9b-7872-479a-9813-26e34e49ba4f" |
| 8 | + }, |
| 9 | + "source": [ |
| 10 | + "# Work with Azure Blob Storage\n", |
| 11 | + "\n", |
| 12 | + "To start, ensure that you have a Azure Blob Storage account. Reference the documentation on how to create a storage account if needed. [Create a storage account](https://learn.microsoft.com/azure/storage/common/storage-account-create?tabs=azure-portal)\n", |
| 13 | + "\n", |
| 14 | + "Also, have a container created in the Azure Blob Storage account. You can use this quick-start to help guide you in creating a container. [Quickstart: Upload, download, and list blobs with the Azure portal](https://learn.microsoft.com/azure/storage/blobs/storage-quickstart-blobs-portal)\n", |
| 15 | + "\n", |
| 16 | + "Blob Storage REST endpoint are documented here: [Azure Blob Storage REST API](https://learn.microsoft.com/rest/api/storageservices/blob-service-rest-api). \n", |
| 17 | + "The samples use the [Get Blob](https://learn.microsoft.com/rest/api/storageservices/get-blob?tabs=azure-ad), [Put Blob](https://learn.microsoft.com/en-us/rest/api/storageservices/put-blob?tabs=azure-ad), and the (Create Container)[https://learn.microsoft.com/rest/api/storageservices/create-container?tabs=azure-ad] APIs.\n", |
| 18 | + "\n", |
| 19 | + "The following samples assume that there is an Azure Blob Storage Account deployed at `https://blobby.blob.core.windows.net/` and a container named `myblobs`. To have the samples working in your environment, make sure adjust URL and container name so that they will match your account." |
| 20 | + ] |
| 21 | + }, |
| 22 | + { |
| 23 | + "attachments": {}, |
| 24 | + "cell_type": "markdown", |
| 25 | + "metadata": { |
| 26 | + "azdata_cell_guid": "ad7d9205-5d90-47aa-916a-56f9378a9fcc" |
| 27 | + }, |
| 28 | + "source": [ |
| 29 | + "## Work with files in Azure Blob Storage using a SAS Token\n", |
| 30 | + "\n", |
| 31 | + "Only authenticated requests can send events to Event Hubs. One way to authenticate a request is to provide a Shared Access Signature token: \n", |
| 32 | + "- [Authorizing access to Event Hubs resources using Shared Access Signatures](https://learn.microsoft.com/en-us/azure/event-hubs/authorize-access-shared-access-signature)\n", |
| 33 | + "- [Generate SAS token](https://learn.microsoft.com/en-us/rest/api/eventhub/generate-sas-token). \n", |
| 34 | + "\n", |
| 35 | + "At the moment is not possible to generate a SAS token directly from Azure SQL database, but you can put the code for generating such a token in an Azure Function and call it from Azure SQL database using `sp_invoke_external_rest_point` as well.\n", |
| 36 | + "\n", |
| 37 | + "Once you have the token you can add it into a Database Scoped Credential:" |
| 38 | + ] |
| 39 | + }, |
| 40 | + { |
| 41 | + "cell_type": "code", |
| 42 | + "execution_count": null, |
| 43 | + "metadata": { |
| 44 | + "azdata_cell_guid": "3fdacfa3-b5ac-4c3a-8cd3-e77f287cd992", |
| 45 | + "language": "sql", |
| 46 | + "tags": [] |
| 47 | + }, |
| 48 | + "outputs": [], |
| 49 | + "source": [ |
| 50 | + "-- make sure a database master key exists\n", |
| 51 | + "if not exists(select * from sys.symmetric_keys where [name] = '##MS_DatabaseMasterKey##') begin\n", |
| 52 | + " create master key encryption by password = 'LONg_Pa$$_w0rd!'\n", |
| 53 | + "end\n", |
| 54 | + "\n", |
| 55 | + "-- create database scoped credential\n", |
| 56 | + "create database scoped credential [https://azure-event-hubs.servicebus.windows.net]\n", |
| 57 | + "with identity = 'HTTPEndpointHeaders', \n", |
| 58 | + "secret = '{\"Authorization\": \"SharedAccessSignature sr=azure-event-hubs.servicebus.windows.net%2fmyeventhub&sig=RVDJM1cSo71j73%2bWR0t7ZCZukIjMEvBn%2bWWqSlqkJeM%3d&se=1697310598&skn=RootManageSharedAccessKey\"}';" |
| 59 | + ] |
| 60 | + }, |
| 61 | + { |
| 62 | + "attachments": {}, |
| 63 | + "cell_type": "markdown", |
| 64 | + "metadata": { |
| 65 | + "azdata_cell_guid": "5e6e4469-209d-4946-9546-a6acd793b82a" |
| 66 | + }, |
| 67 | + "source": [ |
| 68 | + "You can then send messages to Event Hubs using the \"Send Event\" API, which is available at `https://azure-event-hubs.servicebus.windows.net/myeventhub/messages` :" |
| 69 | + ] |
| 70 | + }, |
| 71 | + { |
| 72 | + "cell_type": "code", |
| 73 | + "execution_count": null, |
| 74 | + "metadata": { |
| 75 | + "azdata_cell_guid": "a87411a4-84c5-493d-9a84-dea4eeffa98b", |
| 76 | + "language": "sql", |
| 77 | + "tags": [] |
| 78 | + }, |
| 79 | + "outputs": [], |
| 80 | + "source": [ |
| 81 | + "declare @payload nvarchar(max) = '{\"UserId\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\", \"FirstName\": \"John\", \"LastName\": \"Doe\"}';\n", |
| 82 | + "declare @headers nvarchar(4000) = N'{\"BrokerProperties\": \"' + string_escape('{\"PartitionKey\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\"}', 'json') + '\"}'\n", |
| 83 | + "declare @ret int, @response nvarchar(max)\n", |
| 84 | + "\n", |
| 85 | + "exec @ret = sp_invoke_external_rest_endpoint \n", |
| 86 | + " @url = 'https://azure-event-hubs.servicebus.windows.net/myeventhub/messages',\n", |
| 87 | + " @headers = @headers,\n", |
| 88 | + " @payload = @payload,\n", |
| 89 | + "\t\t@credential = [https://azure-event-hubs.servicebus.windows.net],\n", |
| 90 | + " @response = @response output;\n", |
| 91 | + "\n", |
| 92 | + "select @response;" |
| 93 | + ] |
| 94 | + }, |
| 95 | + { |
| 96 | + "attachments": {}, |
| 97 | + "cell_type": "markdown", |
| 98 | + "metadata": { |
| 99 | + "azdata_cell_guid": "0afadd91-d62b-4d30-80d2-b7f0c14753ec" |
| 100 | + }, |
| 101 | + "source": [ |
| 102 | + "## Send Events using Managed Identities\n", |
| 103 | + "\n", |
| 104 | + "Follow the instructions here: [Enable Managed Identity in Azure SQL](./azure-sql-enable-msi.ipynb) to make sure you have Managed Identity enabled for your Azure SQL database, and then check how to grant to right permission on Event Hubs to the Azure SQL Manage Identity, following the instructions here: [Grant permissions to a managed identity in Azure AD](https://learn.microsoft.com/azure/event-hubs/authenticate-managed-identity?tabs=latest#grant-permissions-to-a-managed-identity-in-azure-ad).\n", |
| 105 | + "\n", |
| 106 | + "Once that is done you just need to create a Database Scoped Credentials with the string `Managed Identity` as identity and `https://eventhubs.azure.net` as the `resourceid`:" |
| 107 | + ] |
| 108 | + }, |
| 109 | + { |
| 110 | + "cell_type": "code", |
| 111 | + "execution_count": null, |
| 112 | + "metadata": { |
| 113 | + "azdata_cell_guid": "8a8775d3-73cf-4e7b-a0d4-82d707c611f8", |
| 114 | + "language": "sql" |
| 115 | + }, |
| 116 | + "outputs": [], |
| 117 | + "source": [ |
| 118 | + "-- make sure a database master key exists\n", |
| 119 | + "if not exists(select * from sys.symmetric_keys where [name] = '##MS_DatabaseMasterKey##') begin\n", |
| 120 | + " create master key encryption by password = 'LONg_Pa$$_w0rd!'\n", |
| 121 | + "end\n", |
| 122 | + "\n", |
| 123 | + "-- create database scoped credential\n", |
| 124 | + "if exists(select * from sys.database_scoped_credentials where [name] = 'https://azure-event-hubs.servicebus.windows.net') begin\n", |
| 125 | + " drop database scoped credential [https://azure-event-hubs.servicebus.windows.net];\n", |
| 126 | + "end;\n", |
| 127 | + "create database scoped credential [https://azure-event-hubs.servicebus.windows.net]\n", |
| 128 | + "with identity = 'Managed Identity', \n", |
| 129 | + "secret = '{\"resourceid\": \"https://eventhubs.azure.net\" }';" |
| 130 | + ] |
| 131 | + }, |
| 132 | + { |
| 133 | + "attachments": {}, |
| 134 | + "cell_type": "markdown", |
| 135 | + "metadata": { |
| 136 | + "azdata_cell_guid": "59fb3012-317e-4aba-a59e-d4f97efea998" |
| 137 | + }, |
| 138 | + "source": [ |
| 139 | + "Once this is done you can send the message using the same code as before:" |
| 140 | + ] |
| 141 | + }, |
| 142 | + { |
| 143 | + "cell_type": "code", |
| 144 | + "execution_count": null, |
| 145 | + "metadata": { |
| 146 | + "azdata_cell_guid": "823b7c9d-0d13-4e45-914a-7c322db9bafe", |
| 147 | + "language": "sql" |
| 148 | + }, |
| 149 | + "outputs": [], |
| 150 | + "source": [ |
| 151 | + "declare @payload nvarchar(max) = '{\"UserId\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\", \"FirstName\": \"John\", \"LastName\": \"Doe\"}';\n", |
| 152 | + "declare @headers nvarchar(4000) = N'{\"BrokerProperties\": \"' + string_escape('{\"PartitionKey\": \"6C5E29A2-A5E7-449D-BD14-259D61ADC6BE\"}', 'json') + '\"}'\n", |
| 153 | + "declare @ret int, @response nvarchar(max)\n", |
| 154 | + "\n", |
| 155 | + "exec @ret = sp_invoke_external_rest_endpoint \n", |
| 156 | + " @url = 'https://azure-event-hubs.servicebus.windows.net/myeventhub/messages',\n", |
| 157 | + " @headers = @headers,\n", |
| 158 | + " @payload = @payload,\n", |
| 159 | + "\t\t@credential = [https://azure-event-hubs.servicebus.windows.net],\n", |
| 160 | + " @response = @response output;\n", |
| 161 | + "\n", |
| 162 | + "select @response;" |
| 163 | + ] |
| 164 | + } |
| 165 | + ], |
| 166 | + "metadata": { |
| 167 | + "kernelspec": { |
| 168 | + "display_name": "SQL", |
| 169 | + "language": "sql", |
| 170 | + "name": "SQL" |
| 171 | + }, |
| 172 | + "language_info": { |
| 173 | + "name": "sql", |
| 174 | + "version": "" |
| 175 | + } |
| 176 | + }, |
| 177 | + "nbformat": 4, |
| 178 | + "nbformat_minor": 2 |
| 179 | +} |
0 commit comments