Azure函数无法在VNET-公共网络访问中访问密钥库
我有一个与VNET集成(具有单个子网)的函数应用程序。我在同一子网中也有两个服务端点,用于存储帐户和钥匙库。
使用密钥访问存储帐户,并在VNET上使用无问题。
密钥库有一个指定的访问策略,以使函数应用程序托管身份访问列表并获取秘密。当我从保险库中获取秘密时,我会收到以下消息:
“禁用了公共网络访问,请求不是来自受信任的服务,也不是通过批准的私人链接。”
功能应用程序 - > vnet->服务端点(存储 /库)
| - >使用存储密钥-OK
| - >使用金库和托管身份 - > “禁用公共网络访问...”
功能应用在VNET中。我需要其他路由吗?
请建议我很难过。谢谢
I have a function app that is integrated with a Vnet (with a single subnet). I also have two service endpoints in the same subnet for a storage account and key vault.
The storage account is accessed with a key and works on the vnet without issue.
The key vault has an access policy specified to give the function app managed identity access to list and get secrets. When I fetch a secret from the vault, I get the following message:
"Public network access is disabled and request is not from a trusted service nor via an approved private link."
Function app -> Vnet -> service endpoints (Storage / Vault)
|-> Uses Storage Key - OK
|-> Uses Vault and managed identity -> "Public network access is disabled ..."
Function app is in the Vnet. Do I need additional routing?
Please advice as I am stumped. Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我使用完全相同的设置重新创建了保险库,并且可以按预期工作。很奇怪。关于防火墙路由,保险库配置中的某些东西一定破裂。
I recreated the vault with the exact same settings and it worked as expected. Very weird. Something must have broken in the Vault configuration with regards to the Firewall routing.