SAS to access blob container (azure/python)
Question:
I want to give limited access to a single container in my account without sharing my entire storage account key. I generated a Shared Access Signature in Azure Storage Explorer specific to the container.
container right-click & generate SAS
example of output from generate SAS
When I attempt to use the blockblobservice to list files I get the following errors. Same sort of error when using get_blob_to_path.
from azure.storage.blob import BlockBlobService, BlobPermissions
sas_container = 'nwe-statements'
sas_token = '?st=2019-12-05T21%3A09%3A12Z&se=2020-01-31T21%3A13%3A00Z&sp=racwdl&sv=2018-03-28&sr=c&sig=YLk2UWxPcqkDl5a8nWtBYcw%3DxWuAsfFI1ch5TwrbAxvk'
example_file = '1470-4126.pdf'
def sas_list():
blob_service = BlockBlobService(account_name='pretend',sas_token=sas_token)
blob_list = blob_service.list_blobs(sas_container)
print(blob_list)
Traceback (most recent call last):
File “/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py”, line 24, in
sas_list()
File “/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py”, line 11, in sas_list
blob_list = blob_service.list_blobs(sas_container)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py”, line 1214, in list_blobs
resp = self._list_blobs(*args, **kwargs)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py”, line 1285, in _list_blobs
return self._perform_request(request, _convert_xml_to_blob_list, operation_context=_context)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 280, in _perform_request
raise ex
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 248, in _perform_request
raise ex
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 235, in _perform_request
_http_error_handler(HTTPError(response.status, response.message, response.headers, response.body))
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/_error.py”, line 114, in _http_error_handler
raise AzureHttpError(message, http_error.status)
azure.common.AzureHttpError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
AuthenticationFailed
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:2d2370dc-f01e-0028-0fb3-ab47c9000000
Time:2019-12-05T21:33:23.3062345ZSignature did not match. String to sign used was racwdl
2020-01-31T21:13:00Z
/blob/pretend/nwe-statements
2018-03-28
Answers:
I can reproduce your issue, the issue was caused by the package, please uninstall the azure-storage
which is old and install azure-storage-blob 2.1.0
, then it will work fine.
pip uninstall azure-storage
pip install azure-storage-blob==2.1.0
Besides, you should note there is a new version v12
of azure-storage-blob
, which is different from the v2.1
version.
v12 – https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-python
v2.1 – https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-python-legacy
Found a working version inspired by the other answers here, using ContainerClient
from azure.storage.blob import ContainerClient
credential="?sv=2021-04-10&st=2022-12-07T07%3A56%3A37Z&se=2022-12-08T07%3A56%3A37Z&sr=c&sp=racwdl&sig=3ge............."
cc = ContainerClient(account_url="https://yourAccount.blob.core.windows.net",container_name="yourOwnCointainerName",credential=credential)
#Example - List all blobs:
for i in cc.list_blobs():
print(i)
#Example - Upload file
with open('file.json','rb') as data:
cc.upload_blob(data=data,name="file.json")
I want to give limited access to a single container in my account without sharing my entire storage account key. I generated a Shared Access Signature in Azure Storage Explorer specific to the container.
container right-click & generate SAS
example of output from generate SAS
When I attempt to use the blockblobservice to list files I get the following errors. Same sort of error when using get_blob_to_path.
from azure.storage.blob import BlockBlobService, BlobPermissions
sas_container = 'nwe-statements'
sas_token = '?st=2019-12-05T21%3A09%3A12Z&se=2020-01-31T21%3A13%3A00Z&sp=racwdl&sv=2018-03-28&sr=c&sig=YLk2UWxPcqkDl5a8nWtBYcw%3DxWuAsfFI1ch5TwrbAxvk'
example_file = '1470-4126.pdf'
def sas_list():
blob_service = BlockBlobService(account_name='pretend',sas_token=sas_token)
blob_list = blob_service.list_blobs(sas_container)
print(blob_list)
Traceback (most recent call last):
File “/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py”, line 24, in
sas_list()
File “/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py”, line 11, in sas_list
blob_list = blob_service.list_blobs(sas_container)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py”, line 1214, in list_blobs
resp = self._list_blobs(*args, **kwargs)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py”, line 1285, in _list_blobs
return self._perform_request(request, _convert_xml_to_blob_list, operation_context=_context)
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 280, in _perform_request
raise ex
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 248, in _perform_request
raise ex
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py”, line 235, in _perform_request
_http_error_handler(HTTPError(response.status, response.message, response.headers, response.body))
File “/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/_error.py”, line 114, in _http_error_handler
raise AzureHttpError(message, http_error.status)
azure.common.AzureHttpError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
AuthenticationFailed
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:2d2370dc-f01e-0028-0fb3-ab47c9000000
Time:2019-12-05T21:33:23.3062345ZSignature did not match. String to sign used was racwdl2020-01-31T21:13:00Z
/blob/pretend/nwe-statements2018-03-28
I can reproduce your issue, the issue was caused by the package, please uninstall the azure-storage
which is old and install azure-storage-blob 2.1.0
, then it will work fine.
pip uninstall azure-storage
pip install azure-storage-blob==2.1.0
Besides, you should note there is a new version v12
of azure-storage-blob
, which is different from the v2.1
version.
v12 – https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-python
v2.1 – https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-python-legacy
Found a working version inspired by the other answers here, using ContainerClient
from azure.storage.blob import ContainerClient
credential="?sv=2021-04-10&st=2022-12-07T07%3A56%3A37Z&se=2022-12-08T07%3A56%3A37Z&sr=c&sp=racwdl&sig=3ge............."
cc = ContainerClient(account_url="https://yourAccount.blob.core.windows.net",container_name="yourOwnCointainerName",credential=credential)
#Example - List all blobs:
for i in cc.list_blobs():
print(i)
#Example - Upload file
with open('file.json','rb') as data:
cc.upload_blob(data=data,name="file.json")