Reputation: 171
Python Azure Function: blobclient.upload_blob authorization failure
I have a python azure function that triggers on queue message and uploads a json to blob storage. I am getting authentication errors on blob.client using storage account SAS URL and SAS token, as well as storage account connection string
function code: the # symbol used as I was swapping between blobclients instances
import json
import requests
import azure.functions as func
from azure.storage.blob import BlobClient
def main(msg: func.QueueMessage) -> None:
queuedata = msg.get_body().decode('utf-8')
data = json.loads(queuedata)
url = data['data']['url']
r = requests.get(url)
data = r.text
s1, s2 = (data.split(sep=';', maxsplit=1))
s1 = ''.join(s1.split())
dict1 = json.loads(s1)
dict1 = json.loads(s2)
mergedJson = {**dict1, **dict1}
#connectionstring = "DefaultEndpointsProtocol=https;AccountName=XXXXXX;AccountKey=XXXXXXXX/Jm4OPgSzWOju5hD/+XA4QXXXXXXfNEbUxuO9WoUQ7xn91cE3qlQeqRoHJx3SrJ+bdln9Q==;EndpointSuffix=core.windows.net"
sas_url = 'https://XXXXX.blob.core.windows.net/?sv=2019-10-10&ss=bq&srt=c&sp=rwdlacupx&se=2020-06-13T04:48:27Z&st=2020-06-12T20:48:27Z&spr=https&sig=1j2a6pQUFLI1B71D8oRoALHYgpF82pMiXbvrdZCY7gk%3D'
sas_token = '?sv=XXXXXXXXXX-10-10&ss=XXXXX&XXX=c&sp=rwdlacupx&se=2020-06-13T04:48:27Z&st=2020-06-12T20:48:27Z&spr=https&sig=1j2a6pQUFLI1B71D8oRoALHYgpF82pMiXbvrdZCY7gk%3D'
filename = dictA['FormId'] + '.json'
#blob_client = BlobClient.from_connection_string(conn_str= connectionstring, container_name='json', content_type='application/json', blob_name= filename)
#blob_client.upload_blob(mergedJson, blob_type='BlockBlob')
blob_client2 = BlobClient(account_url= sas_url, credential= sas_token, container_name='json', blob_name= filename, content_type='application/json')
blob_client2.upload_blob(mergedJson, blob_type='BlockBlob')
On connectionstring error using BlobClient.from_connection_string(conn_str, container_name, blob_name, snapshot=None, credential=None, **kwargs):
Result: Failure Exception: ClientAuthenticationError: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. RequestId:cdccbb2e-e01e-0007-6cfd-40c024000000 Time:2020-06-12T21:09:22.1504720Z ErrorCode:AuthenticationFailed Error:None AuthenticationErrorDetail:The MAC signature found in the HTTP request 'n+oKBbFHSn12Nhw3SIQk4OxUGLaxQRc32mh93GWEisM=' is not the same as any computed signature. Server used following string to sign: 'PUT 302 application/octet-stream * x-ms-blob-type:BlockBlob x-ms-client-request-id:fcba350c-acf0-11ea-b094-0242ac100105 x-ms-date:Fri, 12 Jun 2020 21:09:22 GMT x-ms-version:2019-07-07 /dmgenhwr/json/C1234567.json'. Stack: File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 315, in _handle__invocation_request self.run_sync_func, invocation_id, fi.func, args) File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 434, in __run_sync_func return func(**params) File "/home/site/wwwroot/TextQueue/__init.py", line 32, in main blob_client.upload_blob(mergedJson, blob_type='BlockBlob') File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/core/tracing/decorator.py", line 83, in wrapper_use_tracer return func(*args, **kwargs) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_blob_client.py", line 496, in upload_blob return upload_block_blob(**options) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_upload_helpers.py", line 153, in upload_block_blob process_storage_error(error) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_shared/response_handlers.py", line 147, in process_storage_error raise error
on SAS URL and SAS token error using BlobClient(account_url, container_name, blob_name, snapshot=None, credential=None, **kwargs):
Result: Failure Exception: HttpResponseError: This request is not authorized to perform this operation using this resource type. RequestId:62bb329f-b01e-0036-19fb-409bf3000000 Time:2020-06-12T20:56:14.5723115Z ErrorCode:AuthorizationResourceTypeMismatch Error:None Stack: File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 315, in _handle__invocation_request self.run_sync_func, invocation_id, fi.func, args) File "/usr/local/lib/python3.7/concurrent/futures/thread.py", line 57, in run result = self.fn(*self.args, **self.kwargs) File "/azure-functions-host/workers/python/3.7/LINUX/X64/azure_functions_worker/dispatcher.py", line 434, in __run_sync_func return func(**params) File "/home/site/wwwroot/TextQueue/__init.py", line 35, in main blob_client2.upload_blob(mergedJson, blob_type='BlockBlob') File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/core/tracing/decorator.py", line 83, in wrapper_use_tracer return func(*args, **kwargs) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_blob_client.py", line 496, in upload_blob return upload_block_blob(**options) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_upload_helpers.py", line 153, in upload_block_blob process_storage_error(error) File "/home/site/wwwroot/.python_packages/lib/site-packages/azure/storage/blob/_shared/response_handlers.py", line 147, in process_storage_error raise error
I have referenced azure storage BlobClient class
Does this function require an Http action method for the PUT? I do not see that referenced in the azure sdk for python. Any guidance is greatly appreciated.
Upvotes: 0
Views: 3107
Answers (1)
Reputation: 171
Following the guide from Use the Azure libraries with Azure Storage I added azure-identity and followed setup for authentication on the service principle "4a: Use blob storage with authentication"
The key was to grant permission to the blob container for the service principle.
My first attempt was to use guidance from "4b: Use blob storage with a connection string" but I had no success. Using service principle and following the directions from system assigned managed identity and authorize access to blob appears to have resolved this issue.
Now encountering "Runtime dependency of PyGObject is missing" - hoop jumping to setup an python azure function is fun NOT.
Upvotes: 0
Related Questions
- Upload image to azure blob storage using python
- There is currently a lease on the blob and no lease ID was specified in the request
- Upload files to a Container in Azure Blob Storage using Python
- Azure Python SDK for Blobs - ImportError: cannot import name 'BlobClient'
- python async upload_blob -- TypeError: object AccessToken can't be used in 'await' expression
- AuthorizationPermissionMismatch when Python Function App attempts to read file
- Uploading file to azure blob storage using python
- Problem to upload a file from local to Azure Blob Storage in python
- How to resolve "azure.common.AzureHttpError: This request is not authorized to perform this operation. ErrorCode: AuthorizationFailure"
- unable to upload file in azure blob