Bearer permissions (Rest API)
Currently I am no able to read blobs using Azure Rest API and bearer token
This is the simple script:
def authenticate():
proxies = {"http":"//ga2si13:" + urllib.parse.quote("mypassword") + "@pxvip02.intranet.commerzbank.com:8080",
"https":"//ga2si13:" + urllib.parse.quote("mypassword") + "@pxvip02.intranet.commerzbank.com:8080"}
request_payload = {
"grant_type": "client_credentials",
"client_id": client_id,
"client_secret": client_secret,
"resource": "https://storage.azure.com/"
}
bearer_token = requests.post(url='https://login.microsoftonline.com/' + tenant_id + '/oauth2/token',
data=request_payload, proxies=proxies).json()["access_token"]
return bearer_token
def readBlob(blob_name):
try:
#blob_name = "resourceId=/SUBSCRIPTIONS/82A234EE-1D2B-484B-A6D1-8E611A6CFB6B/RESOURCEGROUPS/014921-PGATAZURE-GWC-DEV-RG/PROVIDERS/MICROSOFT.DBFORPOSTGRESQL/FLEXIBLESERVERS/014921-PGATAZURE-GWC-DEV-08DV4/y=2022/m=06/d=23/h=17/m=00/PT1H.json"
headers = {
'x-ms-date': request_time,
'x-ms-version': api_version,
'Authorization': ('Bearer ' + authenticate())
}
url = (
'https://' + storage_account_name + '.privatelink.blob.core.windows.net/' + container_name + '/' + blob_name)
r = requests.get(url, headers=headers, verify=False)
except Exception as e:
# print(e)
logger.error(e)
Simple example:
Using this URL I am successful to list containers
https://014921storagwcdev01.privatelink.blob.core.windows.net/?restype=container&comp=list
<?xml version="1.0" encoding="utf-8"?><EnumerationResults ServiceEndpoint="https://014921storagwcdev01.privatelink.blob.core.windows.net/"><Containers><Container><Name>insights-logs-postgresqllogs</Name><Properties><Last-Modified>Tue, 12 Jul 2022 10:48:37 GMT</Last-Modified><Etag>"0x8DA63F4137F84F9"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold></Properties></Container><Container><Name>insights-metrics-pt1m</Name><Properties><Last-Modified>Tue, 12 Jul 2022 10:48:52 GMT</Last-Modified><Etag>"0x8DA63F41C641429"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold></Properties></Container><Container><Name>test</Name><Properties><Last-Modified>Tue, 12 Jul 2022 13:10:49 GMT</Last-Modified><Etag>"0x8DA6407F0ED0250"</Etag><LeaseStatus>unlocked</LeaseStatus><LeaseState>available</LeaseState><HasImmutabilityPolicy>false</HasImmutabilityPolicy><HasLegalHold>false</HasLegalHold></Properties></Container></Containers><NextMarker /></EnumerationResults>
I need to read blobs from specific container, but getting this error
https://014921storagwcdev01.privatelink.blob.core.windows.net/insights-logs-postgresqllogs?restype=container&comp=list
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:80ecfa3b-d01e-00b0-8012-9ca0a4000000
Time:2022-07-20T08:24:30.6830567Z</Message></Error>
The same url but using access key to storage account I am successful
https://014921storagwcdev01.privatelink.blob.core.windows.net/insights-logs-postgresqllogs?restype=container&comp=list
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(224.00000000000003, 97%, 31%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESD%3C/text%3E%3C/svg%3E)
and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.