为 Azure 存储帐户创建专用终结点连接时出现 ResourceNotFound 错误

Posted

技术标签:

【中文标题】为 Azure 存储帐户创建专用终结点连接时出现 ResourceNotFound 错误【英文标题】:ResourceNotFound error when creating Private Endpoint connection for Azure storage account 【发布时间】:2022-01-03 00:36:20 【问题描述】:

我正在尝试基于此 docs 为我的 Azure 存储帐户配置专用终结点连接,但我收到此错误

  azure-native:storage:PrivateEndpointConnection (privateEndpointConnection):
    error: cannot check existence of resource '/subscriptions/my_sub_id/resourceGroups/my_resource_group_id /providers/Microsoft.Storage/storageAc
counts/my_storage_account_name/privateEndpointConnections/privateEndpointConnection': status code 400, "error":"code":"ResourceNotFound","message":"The Resource Microsoft.St
orage/storageAccounts/my_storage_account_name/privateEndpointConnections/privateEndpointConnection under resource group my_resource_group_id was not found."

这是我的 Pulumi 堆栈代码

var resourceGroup = new ResourceGroup(resourceGroupName, new ResourceGroupArgs

    ResourceGroupName = resourceGroupName,
);

var virtualNetwork = new VirtualNetwork("vnet", new VirtualNetworkArgs

    ResourceGroupName = resourceGroup.Name,
    Location = resourceGroup.Location,
    AddressSpace = new AddressSpaceArgs  AddressPrefixes = new []  "10.96.0.0/16"  ,
);

var publicSubnet = new Subnet("public-subnet", new Pulumi.AzureNative.Network.SubnetArgs

    ResourceGroupName = resourceGroup.Name,
    VirtualNetworkName = virtualNetwork.Name,
    AddressPrefix = "10.96.0.0/27",
    Delegations =
    
        new DelegationArgs  Name = "Microsoft.Web.serverFarms", ServiceName = "Microsoft.Web/serverFarms" ,
    
);

var privateEndpointSubnet = new Subnet("private-endpoint-subnet", new Pulumi.AzureNative.Network.SubnetArgs

    ResourceGroupName = resourceGroup.Name,
    VirtualNetworkName = virtualNetwork.Name,
    AddressPrefix = "10.96.1.0/27",
    PrivateEndpointNetworkPolicies = VirtualNetworkPrivateEndpointNetworkPolicies.Disabled,
    PrivateLinkServiceNetworkPolicies = VirtualNetworkPrivateLinkServiceNetworkPolicies.Enabled,
);

var storageAccount = new StorageAccount("storageaccount", new StorageAccountArgs

    ResourceGroupName = resourceGroup.Name,
    Sku = new SkuArgs
    
        Name = SkuName.Standard_LRS
    ,
    NetworkRuleSet = new NetworkRuleSetArgs
    
        Bypass = Bypass.AzureServices,
        DefaultAction = DefaultAction.Deny,
    ,
    Kind = Kind.StorageV2
);

var privateEndpointConnection = new PrivateEndpointConnection("privateEndpointConnection", new PrivateEndpointConnectionArgs

    AccountName = storageAccount.Name,
    ResourceGroupName = resourceGroup.Name,
    PrivateLinkServiceConnectionState = new PrivateLinkServiceConnectionStateArgs
    
        Description = "Auto-Approved",
        Status = "Approved",
        ActionRequired = "None"
    ,
);

无法弄清楚我错过了什么,非常感谢任何帮助。

【问题讨论】:

听起来和github.com/pulumi/pulumi-azure-native/issues/1219一样的问题 是的,创建了这个 GitHub 问题。想也许有人在这里遇到同样的问题。你知道有什么我可以帮助解决这个问题吗?是 Azure API 的问题还是 Pulumi 本身的问题? 【参考方案1】:

This (azure-ts-webapp-privateendpoint-vnet-injection) Pulumi 示例帮助我解决了我的问题,并且我能够为我的存储帐户使用私有终结点连接

var storageAccount = new StorageAccount("storageaccount", new StorageAccountArgs

    ResourceGroupName = resourceGroup.Name,
    Sku = new SkuArgs
    
        Name = SkuName.Standard_LRS
    ,
    Kind = Kind.StorageV2
);

var privateDnsZone = new PrivateZone("private-dns-zone", new PrivateZoneArgs

    ResourceGroupName = resourceGroup.Name,
    Location = "global",
    PrivateZoneName = "privatelink.azurewebsites.net",
);
var privateEndpoint = new PrivateEndpoint("account-storage-private-endpoint", new PrivateEndpointArgs

    ResourceGroupName = resourceGroup.Name,
    PrivateEndpointName = "account-storage-private-endpoint",
    PrivateLinkServiceConnections = 
    
        new PrivateLinkServiceConnectionArgs
        
            GroupIds = 
            
                "blob",
            ,
            Name = "private-link-connection",
            PrivateLinkServiceId = storageAccount.Id,
        ,
    ,
    Subnet = new SubnetArgs  Id = privateEndpointSubnet.Id, ,
);
new PrivateDnsZoneGroup("private-dns-zone-group", new PrivateDnsZoneGroupArgs

    ResourceGroupName = resourceGroup.Name,
    PrivateDnsZoneGroupName = privateEndpoint.Name,
    PrivateEndpointName = privateEndpoint.Name,
    PrivateDnsZoneConfigs =
    
        new PrivateDnsZoneConfigArgs
        
            Name = "config",
            PrivateDnsZoneId = privateDnsZone.Id,
        
    ,
);
new VirtualNetworkLink("virtual-network-link", new VirtualNetworkLinkArgs

    ResourceGroupName = resourceGroup.Name,
    PrivateZoneName = privateDnsZone.Name,
    RegistrationEnabled = false,
    Location = "global",
    VirtualNetwork = new SubResourceArgs  Id = virtualNetwork.Id 
);

【讨论】:

以上是关于为 Azure 存储帐户创建专用终结点连接时出现 ResourceNotFound 错误的主要内容,如果未能解决你的问题,请参考以下文章

从本地访问 Azure 专用终结点

尝试在 Logic 应用中创建存储帐户时出现“无效资源”消息

Azure 功能:访问存储帐户时出现 403 错误

创建 Azure 存储 Blob 容器时出现错误 403(已启用存储防火墙

尝试将数据库导出到 Azure 中的存储帐户时出现 403 错误

如何使用 Azure 数据工厂使用私有终结点访问 Azure Function?