Azure blob 存储在使用 sas 连接时出现身份验证错误(没有签名标识符的访问不能有时间 window 超过 1 小时)

Azure blob storage gives authentication error when connecting using sas (Access without signed identifier cannot have time window more than 1 hour)

我正在尝试连接到 azure blob 存储(列出一个容器以检查它是否有效),但是当我连接时出现身份验证错误。这是我的代码

from azure.storage.blob import BlockBlobService

top_level_container_name = "top_container"
sas_url ="https://secret.blob.core.windows.net/table?sv=2020-10-02&st=2022-05-16T10%3A11%3A57Z&se=2022-05-28T21%3A59%3A00Z&sr=c&sp=rl&sig=secret"
service=BlockBlobService(account_name="thi" ,sas_token=sas_url)

containers = service.list_containers() 
for c in containers: 
     print(c.name)

当 运行 给我以下错误时:

Traceback (most recent call last):
  File "C:\Users\thijser\codes\python\listblobs.py", line 11, in <module>
    containers = service.list_containers()
  File "C:\Python310\lib\site-packages\azure\storage\blob\baseblobservice.py", line 514, in list_containers
    resp = self._list_containers(**kwargs)
  File "C:\Python310\lib\site-packages\azure\storage\blob\baseblobservice.py", line 558, in _list_containers
    return self._perform_request(request, _convert_xml_to_containers, operation_context=_context)
  File "C:\Python310\lib\site-packages\azure\storage\storageclient.py", line 280, in _perform_request
    raise ex
  File "C:\Python310\lib\site-packages\azure\storage\storageclient.py", line 248, in _perform_request
    raise ex
  File "C:\Python310\lib\site-packages\azure\storage\storageclient.py", line 235, in _perform_request
    _http_error_handler(HTTPError(response.status, response.message, response.headers, response.body))
  File "C:\Python310\lib\site-packages\azure\storage\_error.py", line 114, in _http_error_handler
    raise AzureHttpError(message, http_error.status)
azure.common.AzureHttpError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:2bc0650b-d01e-0050-511b-69cc86000000
Time:2022-05-16T11:54:26.0333719Z</Message><AuthenticationErrorDetail>Access without signed identifier cannot have time window more than 1 hour: Start [Mon, 16 May 2022 10:11:57 GMT] - Expiry [Sat, 28 May 2022 21:59:00 GMT]</AuthenticationErrorDetail></Error>

我能够使用相同的 sas link 查看 azure 存储资源管理器中的文件。我通过 pip 新安装了 1.5.0 版的 azure blob 存储。

有人知道如何消除错误吗? sas 令牌不是我生成的,实际上应该持续整整一周。我怀疑它可能以某种方式涉及我的密码(假设将 account_name 更改为无效的内容会更改错误)但我找不到如何正确添加它。我尝试了 service=BlockBlobService(account_name="thi", account_key = "my secret password", sas_token=sas_url) 但这只是将错误更改为 The MAC signature found in the HTTP request 'c5w+tYbWVvibQ1NGFq0sHDwfvMS4wP0nO0d/iv5KuFo=' is not the same as any computed signature. Server used following string to sign: 'GET

编辑:

所以我发现我有服务 SAS link 而不是 SAS 帐户。因此,这将我的问题稍微改变为如何列出服务 sas url 中包含的所有内容?为此,我已经尝试了几个在线教程,但它们一直 运行 错误:ImportError: cannot import name 'ContainerClient' from 'azure.storage.blob'。有谁知道如何修复 that/list 这样 link 中的所有文件?

上次编辑:已解决。我不得不卸载所有与 azure 相关的包并安装 azure-cli 包。其次是 azure-storage-blob 包。

您收到此错误的原因是您使用的是 Service SAS to perform an operation that requires an Account SAS。列出 blob 容器操作需要帐户 SAS,因为您正在帐户级别执行操作。

要修复此错误,您需要一个至少具有以下属性的帐户 SAS:

  • 签名服务:Blob
  • 签名资源类型:服务(列出 blob 容器)和容器(列出容器内的 blob)
  • Signed Permission: List(用于列表操作)