AzCopy v10.5.1: error copying from file share to blob container

1
votes

I'm getting an error trying to copy all files from an Azure File Share to a Blob Container within the same Storage account.

$rg = "[REDACTED]"
$storageAccount = "[REDACTED]"
$storageAccountKey = (Get-AzStorageAccountKey -ResourceGroupName $rg -AccountName $storageAccount ).Value[0]
$context = New-AzStorageContext -StorageAccountName $storageAccount -StorageAccountKey $storageAccountKey
$sourceSAS = New-AzStorageShareSASToken     -Context $context -ExpiryTime (Get-Date).AddHours(24*3) -Permission "rdw" -ShareName "[REDACTED]" -FullUri
$destSAS   = New-AzStorageContainerSASToken -Context $context -ExpiryTime (Get-Date).AddHours(24*3) -Permission "rdw" -Name "[REDACTED]" -FullUri
azcopy.exe copy $sourceSAS $destSAS --recursive=true

and getting this error:

INFO: Scanning...
INFO: Failed to create one or more destination container(s). Your transfers may still succeed if the container already exists.
INFO: Any empty folders will not be processed, because source and/or destination doesn't have full folder support

failed to perform copy command due to error: cannot start job due to error: cannot list files due to reason -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/[email protected]/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
RequestId:b0027090-a01e-0088-18c7-6ff7a6000000
Time:2020-08-11T10:08:06.6069744Z, Details: 
   Code: AuthorizationPermissionMismatch
   GET https://[REDACTED].blob.core.windows.net/[REDACTED]?comp=list&delimiter=%2F&include=metadata&restype=container&se=2020-08-14t10%3A03%3A25z&sig=-REDACTED-&sp=rwd&sr=c&sv=2018-11-09&timeout=901
   User-Agent: [AzCopy/10.5.1 Azure-Storage/0.10 (go1.13; Windows_NT)]
   X-Ms-Client-Request-Id: [efe44227-df00-47e1-74e4-f7a8670e0ace]
   X-Ms-Version: [2019-02-02]
   --------------------------------------------------------------------------------
   RESPONSE Status: 403 This request is not authorized to perform this operation using this permission.
   Content-Length: [279]
   Content-Type: [application/xml]
   Date: [Tue, 11 Aug 2020 10:08:06 GMT]
   Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0]
   X-Ms-Client-Request-Id: [efe44227-df00-47e1-74e4-f7a8670e0ace]
   X-Ms-Error-Code: [AuthorizationPermissionMismatch]
   X-Ms-Request-Id: [b0027090-a01e-0088-18c7-6ff7a6000000]
   X-Ms-Version: [2019-02-02]

if I try these 2 work fine:

azcopy.exe copy "C:\TEMP" $destSAS --recursive=true
azcopy.exe copy "C:\TEMP" $sourceSAS --recursive=true

I have Owner access role in the subscription.

I found this issue in github and posted there: https://github.com/Azure/azure-storage-azcopy/issues/518

Any ideas?

Cheers

1
azureazure-powershellazcopy

1 Answers

2
votes

When you request the SAS token, you need to make sure you grant list permission as well, the correct syntax for this is rwdl. I have included the reference for the command as well should you need it here.