使用 generate_blob_sas() 时为 blob 生成的 SAS URL 不正确?
Incorrect SAS URL produced for blob when using generate_blob_sas()?
我正在尝试检索 Azure 美国政府帐户的存储帐户容器中的 blob URL。特别是,我正在尝试通过此函数 return 最近 updated/uploaded blob 的 URL。但是,生成的 URL 末尾有不正确的 SAS 令牌,我不确定为什么。这是我的代码:
import pytz
import keys as key
from datetime import datetime, timedelta
from azure.storage.blob import BlobServiceClient, BlobSasPermissions, generate_blob_sas
"""
Access contents of the Azure blob storage. Retrieve the most recently uploaded block blob URL.
@param blob_service_client: BlobServiceClient object
@param container_name: string name of container (can change this parameter in the driver code)
@return URL of the most recently uploaded blob to the storage container with the SAS token at the end
@return name of the blob that was most recently updated/uploaded
"""
def retrieve_blob_from_storage(account_name, container_name):
# Instantiate a BlobServiceClient using a connection string
blob_service_client = BlobServiceClient.from_connection_string(key.CONNECTION_STRING_1)
container_client = blob_service_client.get_container_client(container_name)
# Get the most recently uploaded (modified) blob on the container
now = datetime.now(pytz.utc)
datetime_list = []
for blob in container_client.list_blobs():
datetime_list.append(blob.last_modified)
youngest = max(dt for dt in datetime_list if dt < now)
blob_name = ""
for blob in container_client.list_blobs():
if blob.last_modified == youngest:
blob_name = blob.name
# Generate SAS token to place at the end of the URL of the last uploaded (modified) blob on the container
sas = generate_blob_sas(account_name = account_name,
account_key = key.CONNECTION_STRING_1,
container_name = container_name,
blob_name = blob_name,
permission = BlobSasPermissions(read = True),
expiry = datetime.utcnow() + timedelta(hours = 2))
sas_url = 'https://' + account_name + '.blob.core.usgovcloudapi.net/' + container_name + '/' + blob_name + '?' + sas
return sas_url, blob_name
当我尝试使用给定的 sas_url 时,我收到以下身份验证错误:
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:fd40ba66-b01e-008b-7350-5a1de4000000 Time:2021-06-05T21:22:51.5265808Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was rt 2021-06-05T23:22:33Z /blob/weedsmedia/weeds3d/MD-C2M-1-CALIB-1-GX010215.MP4 2020-06-12 b </AuthenticationErrorDetail>
</Error>
有谁知道为什么会出现这个错误?为进一步澄清,正在 return 编辑正确的 blob(最近 updated/uploaded)名称。我怀疑这与 Azure 美国政府和权限有关,但我不确定如何修复此错误。我该如何解决这个问题?
这是我正在使用的 Azure 依赖项:
azure-cli-core 2.24.0
azure-cli-telemetry 1.0.6
azure-common 1.1.26
azure-core 1.14.0
azure-identity 1.6.0
azure-nspkg 3.0.2
azure-storage 0.36.0
azure-storage-blob 12.8.1
azure-storage-common 2.1.0
azure-storage-nspkg 3.1.0
我认为问题出在您的 generate_blob_sas 方法中的以下代码行:
account_key = key.CONNECTION_STRING_1
您似乎正在使用 storage account connection string 签署您的 SAS 令牌参数。您将需要使用 storage account key(key1 或 key2)对 SAS 令牌参数进行签名以获取 SAS 令牌。
我正在尝试检索 Azure 美国政府帐户的存储帐户容器中的 blob URL。特别是,我正在尝试通过此函数 return 最近 updated/uploaded blob 的 URL。但是,生成的 URL 末尾有不正确的 SAS 令牌,我不确定为什么。这是我的代码:
import pytz
import keys as key
from datetime import datetime, timedelta
from azure.storage.blob import BlobServiceClient, BlobSasPermissions, generate_blob_sas
"""
Access contents of the Azure blob storage. Retrieve the most recently uploaded block blob URL.
@param blob_service_client: BlobServiceClient object
@param container_name: string name of container (can change this parameter in the driver code)
@return URL of the most recently uploaded blob to the storage container with the SAS token at the end
@return name of the blob that was most recently updated/uploaded
"""
def retrieve_blob_from_storage(account_name, container_name):
# Instantiate a BlobServiceClient using a connection string
blob_service_client = BlobServiceClient.from_connection_string(key.CONNECTION_STRING_1)
container_client = blob_service_client.get_container_client(container_name)
# Get the most recently uploaded (modified) blob on the container
now = datetime.now(pytz.utc)
datetime_list = []
for blob in container_client.list_blobs():
datetime_list.append(blob.last_modified)
youngest = max(dt for dt in datetime_list if dt < now)
blob_name = ""
for blob in container_client.list_blobs():
if blob.last_modified == youngest:
blob_name = blob.name
# Generate SAS token to place at the end of the URL of the last uploaded (modified) blob on the container
sas = generate_blob_sas(account_name = account_name,
account_key = key.CONNECTION_STRING_1,
container_name = container_name,
blob_name = blob_name,
permission = BlobSasPermissions(read = True),
expiry = datetime.utcnow() + timedelta(hours = 2))
sas_url = 'https://' + account_name + '.blob.core.usgovcloudapi.net/' + container_name + '/' + blob_name + '?' + sas
return sas_url, blob_name
当我尝试使用给定的 sas_url 时,我收到以下身份验证错误:
<Error>
<Code>AuthenticationFailed</Code>
<Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:fd40ba66-b01e-008b-7350-5a1de4000000 Time:2021-06-05T21:22:51.5265808Z</Message>
<AuthenticationErrorDetail>Signature did not match. String to sign used was rt 2021-06-05T23:22:33Z /blob/weedsmedia/weeds3d/MD-C2M-1-CALIB-1-GX010215.MP4 2020-06-12 b </AuthenticationErrorDetail>
</Error>
有谁知道为什么会出现这个错误?为进一步澄清,正在 return 编辑正确的 blob(最近 updated/uploaded)名称。我怀疑这与 Azure 美国政府和权限有关,但我不确定如何修复此错误。我该如何解决这个问题?
这是我正在使用的 Azure 依赖项:
azure-cli-core 2.24.0
azure-cli-telemetry 1.0.6
azure-common 1.1.26
azure-core 1.14.0
azure-identity 1.6.0
azure-nspkg 3.0.2
azure-storage 0.36.0
azure-storage-blob 12.8.1
azure-storage-common 2.1.0
azure-storage-nspkg 3.1.0
我认为问题出在您的 generate_blob_sas 方法中的以下代码行:
account_key = key.CONNECTION_STRING_1
您似乎正在使用 storage account connection string 签署您的 SAS 令牌参数。您将需要使用 storage account key(key1 或 key2)对 SAS 令牌参数进行签名以获取 SAS 令牌。