I want to give limited access to a single container in my account without sharing my entire storage account key. I generated a Shared Access Signature in Azure Storage Explorer specific to the container.
container right-click & generate SAS
example of output from generate SAS
When I attempt to use the blockblobservice to list files I get the following errors. Same sort of error when using get_blob_to_path.
from azure.storage.blob import BlockBlobService, BlobPermissions
sas_container = 'nwe-statements'
sas_token = '?st=2019-12-05T21%3A09%3A12Z&se=2020-01-31T21%3A13%3A00Z&sp=racwdl&sv=2018-03-28&sr=c&sig=YLk2UWxPcqkDl5a8nWtBYcw%3DxWuAsfFI1ch5TwrbAxvk'
example_file = '1470-4126.pdf'
def sas_list():
blob_service = BlockBlobService(account_name='pretend',sas_token=sas_token)
blob_list = blob_service.list_blobs(sas_container)
print(blob_list)
Traceback (most recent call last): File "/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py", line 24, in sas_list() File "/home/brett/jetco/django_jetco/O365/nwe_statements/blob_connect.py", line 11, in sas_list blob_list = blob_service.list_blobs(sas_container) File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py", line 1214, in list_blobs resp = self._list_blobs(*args, **kwargs) File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/blob/baseblobservice.py", line 1285, in _list_blobs return self._perform_request(request, _convert_xml_to_blob_list, operation_context=_context) File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py", line 280, in _perform_request raise ex File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py", line 248, in _perform_request raise ex File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/storageclient.py", line 235, in _perform_request _http_error_handler(HTTPError(response.status, response.message, response.headers, response.body)) File "/home/brett/jetco/env/lib/python3.6/site-packages/azure/storage/_error.py", line 114, in _http_error_handler raise AzureHttpError(message, http_error.status) azure.common.AzureHttpError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
AuthenticationFailed
Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:2d2370dc-f01e-0028-0fb3-ab47c9000000 Time:2019-12-05T21:33:23.3062345ZSignature did not match. String to sign used was racwdl2020-01-31T21:13:00Z /blob/pretend/nwe-statements
2018-03-28