Skip to content

Unable to list containers from CLI generated sas-token #26280

@RotateAt60MPH

Description

@RotateAt60MPH

I am trying to create a bash shell script that lists containers in all my storage account. The problem is that the CLI generated sas token does not appear to be valid.

Here's what I am doing:

az login
storage_account_name=<storage account name>
end=`date -u -d "30 days" '+%Y-%m-%dT%H:%M:%SZ'`
start=`date -u -d "10 seconds" '+%Y-%m-%dT%H:%M:%SZ'`
sas="$(az storage account generate-sas --permissions acdlpruw  --account-key 00000000 --account-name $storage_account_name --services bfqt --resource-types sco --start $start --expiry $end -o tsv)"
echo $sas

Results in:

st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED

Now if try and list the containers with the CLI generated sas token:

az storage container list --account-name $storage_account_name --query "[].{name:name}" --output tsv --sas-token "?st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED"

I get:

ERROR:
Authentication failure. This may be caused by either invalid account key, connection string or sas token value provided for your storage account.

But if I go into the Azure portal for the storage account and generate a sas from there I get:

?sv=2021-12-02&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2023-04-27T22:09:53Z&st=2023-04-27T14:09:53Z&spr=https&sig=REDACTED

Note the different order of the parameters and the date encoding differences.

Running exactly same command with the azure generated sas token works fine.

I expected that the CLI generated token should work no different than the token generated from the Azure portal.

Metadata

Metadata

Type

No type

Projects

No projects

Relationships

None yet

Development

No branches or pull requests

Issue actions