how to generate storage account SAS token through curl

Question

I need to generate a SAS token for blob container using curl command. Can someone guide me on how do i do that

i tried

curl -X PUT -T LICENSE.TXT --user client id of sp:client secret of sp https://axxx.blob.core.windows.net/etcd-backup

but this says that auth is not in proper format

Answer 1

Please refer the two links:

1. Get an access token and use it to call Azure Storage

2. Get a SAS credential from Azure Resource Manager to make storage calls

Code sample:

# get access token
response=$(curl 'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fstorage.azure.com%2F' -H Metadata:true -s)
access_token=$(echo $response | python -c 'import sys, json; print (json.load(sys.stdin)["access_token"])')
echo The managed identities for Azure resources access token is $access_token

# get the SAS token with access token
curl https://management.azure.com/subscriptions/<SUBSCRIPTION ID>/resourceGroups/<RESOURCE GROUP>/providers/Microsoft.Storage/storageAccounts/<STORAGE ACCOUNT NAME>/listServiceSas/?api-version=2017-06-01 -X POST -d "{\"canonicalizedResource\":\"/blob/<STORAGE ACCOUNT NAME>/<CONTAINER NAME>\",\"signedResource\":\"c\",\"signedPermission\":\"rcw\",\"signedProtocol\":\"https\",\"signedExpiry\":\"<EXPIRATION TIME>\"}" -H "Authorization: Bearer $access_token"

Be sure to replace the <SUBSCRIPTION ID>, <RESOURCE GROUP>, <STORAGE ACCOUNT NAME>, <CONTAINER NAME>, and <EXPIRATION TIME> parameter values with your own values.