I am trying to create a bash shell script that lists containers in all my storage account. The problem is that the CLI generated sas token does not appear to be valid.
Here's what I am doing:
az login
storage_account_name=<storage account name>
end=`date -u -d "30 days" '+%Y-%m-%dT%H:%M:%SZ'`
start=`date -u -d "10 seconds" '+%Y-%m-%dT%H:%M:%SZ'`
sas="$(az storage account generate-sas --permissions acdlpruw --account-key 00000000 --account-name $storage_account_name --services bfqt --resource-types sco --start $start --expiry $end -o tsv)"
echo $sas
Results in:
st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED
Now if try and list the containers with the CLI generated sas token:
az storage container list --account-name $storage_account_name --query "[].{name:name}" --output tsv --sas-token "?st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED"
I get:
ERROR:
Authentication failure. This may be caused by either invalid account key, connection string or sas token value provided for your storage account.
But if I go into the Azure portal for the storage account and generate a sas from there I get:
?sv=2021-12-02&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2023-04-27T22:09:53Z&st=2023-04-27T14:09:53Z&spr=https&sig=REDACTED
Note the different order of the parameters and the date encoding differences.
Running exactly same command with the azure generated sas token works fine.
I expected that the CLI generated token should work no different than the token generated from the Azure portal.
I am trying to create a bash shell script that lists containers in all my storage account. The problem is that the CLI generated sas token does not appear to be valid.
Here's what I am doing:
Results in:
st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTEDNow if try and list the containers with the CLI generated sas token:
az storage container list --account-name $storage_account_name --query "[].{name:name}" --output tsv --sas-token "?st=2023-04-27T15%3A14%3A33Z&se=2023-05-27T15%3A14%3A23Z&sp=rwdlacup&sv=2018-03-28&ss=bqtf&srt=sco&sig=REDACTED"I get:
But if I go into the Azure portal for the storage account and generate a sas from there I get:
?sv=2021-12-02&ss=bfqt&srt=sco&sp=rwdlacupiytfx&se=2023-04-27T22:09:53Z&st=2023-04-27T14:09:53Z&spr=https&sig=REDACTEDNote the different order of the parameters and the date encoding differences.
Running exactly same command with the azure generated sas token works fine.
I expected that the CLI generated token should work no different than the token generated from the Azure portal.