Can anyone help with an error when using a SAS key to perform an azCopy?
I SSH onto my Azure VM and get a token using it's managed identity:
curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com' -H Metadata:true
I then build a postman request, with an 'Authorization' header of 'Bearer tokenFromAbove' and a JSON body of:
{
"signedServices":"b",
"signedResourceTypes":"co",
"signedPermission":"rwc",
"signedProtocol":"https",
"signedExpiry":"2020-02-22T00:06:00Z"
}
And returns a sas token. This token allows me to create a container with 'azcopy make.'
But I also want to use 'azcopy copy' to move files from my VM to the new container. I attempt this via the command:
azcopy copy 'mySourceDirectory' 'https://myStorageAccountName.blob.core.windows.net/myContainer?sv=2015-04-05&ss=b&srt=co&sp=rwc&se=2020-02-22T00:06:00Z&spr=https&sig=redacted' --recursive
But this fails with the following:
INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/[email protected]/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthenticationFailed) =====
Description=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:ef37087d-501e-0050-650b-e81cb4000000
Time:2020-02-20T16:35:50.6651356Z, Details:
AuthenticationErrorDetail: **Signature did not match**.
String to sign used was myStorageAccountName
rwc
b
co
2020-02-22T00:06:00Z
https
2015-04-05
Code: AuthenticationFailed
Note if I generate a similar SAS token in Azure portal, it works. My VM is an owner of the storage account.
list(l) permission to the SAS? So your permissions would berwcl.