New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azure-storage-blob - sas credentials break client accessing local Azurite container #11941
Comments
Here is a complete script (that runs a small flask server) from which above code snipped was taken away in case that's any help: import datetime
import azure.storage.blob
import flask
APP = flask.Flask("my_app")
@APP.route("/")
def index():
shared_access_token = azure.storage.blob.generate_account_sas(
account_name='devstoreaccount1',
account_key="Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==",
resource_types=azure.storage.blob.ResourceTypes(service=True, container=True, object=True),
permission=azure.storage.blob.AccountSasPermissions(read=True, list=True),
expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=100),
start=datetime.datetime.utcnow() - datetime.timedelta(hours=100))
print("shared access token is\n{}\n\n".format(shared_access_token))
storage_client = azure.storage.blob.BlobServiceClient.from_connection_string(
conn_str="DefaultEndpointsProtocol=http;AccountName=devstoreaccount1;AccountKey=Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw==;TableEndpoint=http://localhost:10002/devstoreaccount1;QueueEndpoint=http://localhost:10001/devstoreaccount1;BlobEndpoint=http://localhost:10000/devstoreaccount1",
credential=shared_access_token)
container_client = storage_client.get_container_client("sketchpad")
images_blobs = [blob for blob in container_client.list_blobs() if ".jpg" in blob.name]
urls = []
for image_blob in images_blobs:
blob_client = container_client.get_blob_client(image_blob)
urls.append('<a href="{}">blob here</a>'.format(blob_client.primary_endpoint))
images_data = "<br>".join(urls)
response = ("""
<html>
<body>
{}
</body>
</html>
""".format(images_data))
return response
APP.run(use_reloader=True) |
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage. |
Hi @kuba-lilz |
I'm seeing similar behavior with azure-storage-blob v12.4.0, which manifests in the dask/adlfs package as reported here. After starting azurite locally using docker, execution of the following:
returns the following error:
Execution with azure-storage-blob 12.3.2 returns:
|
Hi there, |
add datashare track2 config (Azure#11941)
Describe the bug
When using sas token credentials for BlobServiceClient, requests sent to Azurite container are malformed
To Reproduce
Start azurite container (e.g.
arafato/azurite:2.6.5
), then run following code that uses credentials and connection strings for azurite running locally:Expected behavior
Containers can be enumerated.
Additional context
When
BlobServiceClient
is created usingcredential=None
, then valid requests are sent to Azurite and results returned.Example of a valid request (from docker logs):
When
BlobServiceClient
is created usingcredential=shared_access_token
, then requests to Azurite contain two slashes afterdevstoreaccount1
part of url, instead of just one, e.g.:which of course means Azurite can't understand the request.
No such problems happen when using real azure storage blob accounts in Azure.
The text was updated successfully, but these errors were encountered: