-
Notifications
You must be signed in to change notification settings - Fork 2.9k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
az storage account generate-sas creating invalid token (Expiry format incorrect) #11190
Comments
@Juliehzl please take a look. |
@nofunatall Could you tell me if the generated SAS token works for you? |
Well when using it with azcopy it does not. I have not tested using a simple curl command. |
@nofunatall any update for this issue? |
Been away for awhile but have just tested again with wget and acopy and the SAS tokens generated from az cli don't work with either of them.
Response from AZCOPY:
Response from WGET:
|
I can get WGET working by running sed on the SAS token to convert So it seems like this issue might be with azcopy not az cli
|
@nofunatall Thanks a lot for your feedback. If we have time, CLI team can consider adding time details when user only specify the date for sas token generation to satisfy azcopy requirement. |
This is a snippet of a working example for AzCopy
|
I see. Thanks 😊 |
@nofunatall Thanks! Getting AzCopy working from Linux/Docker container is very difficult atm. |
add to S170 |
quoting sas token is a operation in python SDK. I see that there is the same quote issue in Storage Explorer. @zezha-msft Could we considering making quoted sas token work in AzCopy? |
Hi @Juliehzl, the diagnosis is probably not correct, since SAS generated from Storage Explorer works perfectly fine. Ex: The SAS should be URL encoded, and it should work with AzCopy. Have you been able to repro this issue on your end? |
I have tried with Azcopy 10.3.4 and the sas token generated with azure cli 2.6.0. it works to me. @nofunatall can you have a try again? and if there is any problem, could you provide log file to help figure out root cause?
|
A wild hunch here: is it possible that % signs need to be escaped in a script? |
cThis happens for me in ubuntu (WSL) in conjunction with $tokenExpiry = ((get-Date).AddMinutes(1).ToUniversalTime().ToString("s") + "Z")
$key = az storage account keys list -g $rg -n $stacc --query "[0].value" -otsv
# here the workaround is required
$sas = (az storage blob generate-sas --account-key $key --account-name $stacc -c $container -n $blob --permissions r --expiry $tokenExpiry -otsv).replace("%3A", ":")
az storage blob download -c $container -n $blob -f $filename --account-name $stacc --sas-token $sas | out-null Seems to be wildly inconsistent that I cannot reuse output between the same commadn group ( |
Expiry portion of the SAS token ends up like:
se=2019-12-12T03%3A21%3A25Z
Where it should be like:
se=2019-12-12T03:21:25Z
I have no idea where that format is valid but for most practical uses it seems like complete gibberish (e.g if passing token to azcopy)
Furthermore az cli should generate sas tokens in identical format to the Azure Portal for consistency sake.
Azure Portal generated SAS:
?sv=2019-02-02&ss=bfqt&srt=sco&sp=rwdlacup&se=2119-11-12T10:31:28Z&st=2019-11-12T02:31:28Z&spr=https&sig=REDACTED
Azure CLI generated SAS:
se=2019-12-12T03%3A21%3A25Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED
Command Name
az storage account generate-sas
az storage account generate-sas --account-name {} --services {} --permissions {} --resource-type {} --expiry {} --output {}
Environment Summary
The text was updated successfully, but these errors were encountered: