Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure::Storage::Blob::BlobService#get_user_delegation_key issue #229

Open
DmitryDrobotov opened this issue Jul 5, 2023 · 0 comments
Open

Azure::Storage::Blob::BlobService#get_user_delegation_key issue #229

DmitryDrobotov opened this issue Jul 5, 2023 · 0 comments

Comments

@DmitryDrobotov
Copy link

DmitryDrobotov commented Jul 5, 2023
edited

Hello there!

We want to use User Delegation Key to generate a SAS token for blobs. azure-storage-ruby implements get_user_delegation_key method that can construct it as I get.

Commit that implements this method: 89885cb. Please, pay attention to the test 89885cb#diff-79d4797ad5b5b1b730fe2fadc3d436e206bd6fa135ab9bc2ff4cb4dca35b7fd3R82.

But the given method doesn't send the required Authorization header to the request explained in the docs: https://learn.microsoft.com/en-us/rest/api/storageservices/get-user-delegation-key

Azure::Storage::Blob::BlobService.create(storage_account_name: "***", storage_access_key: "***")
user_delegation_key = service.get_user_delegation_key(Time.now, Time.now + 1000)

=> lib/azure/core/http/http_request.rb:154:in `call': AuthenticationFailed (403): Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. (Azure::Core::Http::HTTPError)
RequestId:f3bb5b57-d01e-0036-234f-af6c1d000000
Time:2023-07-05T14:45:07.8883282Z
        from azure-storage-common-2.0.4/lib/azure/core/http/signer_filter.rb:28:in `call'
        from azure-storage-common-2.0.4/lib/azure/core/http/signer_filter.rb:28:in `call'
        from azure-storage-common-2.0.4/lib/azure/core/http/http_request.rb:111:in `block in with_filter'
        from azure-storage-common-2.0.4/lib/azure/core/service.rb:36:in `call'
        from azure-storage-common-2.0.4/lib/azure/core/filtered_service.rb:34:in `call'
        from azure-storage-common-2.0.4/lib/azure/core/signed_service.rb:41:in `call'
        from azure-storage-common-2.0.4/lib/azure/storage/common/service/storage_service.rb:60:in `call'
        from azure-storage-blob-2.0.3/lib/azure/storage/blob/blob_service.rb:179:in `call'
        from azure-storage-blob-2.0.3/lib/azure/storage/blob/blob_service.rb:279:in `get_user_delegation_key'
        from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:70:in `start'
        from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:19:in `start'
        from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:102:in `perform'
        from thor-1.2.1/lib/thor/command.rb:27:in `run'
        from thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
        from thor-1.2.1/lib/thor.rb:392:in `dispatch'

In addition, it looks like constructing of User Delegation Key requires Active Directory credentials instead of a Storage Account.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@DmitryDrobotov