You can create a SAS URL that includes the Private Link URL of your Azure Blob storage account by using the Azure Storage SDKs.
Here's an example of how you can create a SAS URL that includes the Private Link URL:
from azure.storage.blob import generate_account_sas, ResourceTypes, AccountSasPermissions, generate_blob_sas
account_name = "mystorageaccountname"
account_key = "myaccountkey"
private_link_domain = "mystorageaccountname.privatelink.blob.core.windows.net"
# Generate an account-level SAS token for the storage account
sas_token = generate_account_sas(
account_name=account_name,
account_key=account_key,
resource_types=ResourceTypes(object=True),
permission=AccountSasPermissions(read=True, write=True, list=True),
protocol="https",
start_time=datetime.utcnow(),
expiry=datetime.utcnow() + timedelta(hours=1)
)
# Create a blob-level SAS token that includes the Private Link URL
sas_url = generate_blob_sas(
account_name=account_name,
account_key=None,
container_name="mycontainer",
blob_name="myblob",
permission=BlobSasPermissions(read=True),
protocol="https",
start_time=datetime.utcnow(),
expiry=datetime.utcnow() + timedelta(hours=1),
ip=None,
user_delegation_key=None,
cache_control=None,
content_disposition=None,
content_encoding=None,
content_language=None,
content_type=None,
claims=None,
snapshot=None,
version=None,
encoded_account_sas=sas_token,
url_prefix=f"https://{private_link_domain}"
)
print(sas_url)
In this example, you first generate an account-level SAS token for the storage account, and then use it to generate a blob-level SAS token that includes the Private Link URL. The url_prefix
parameter is used to specify the Private Link URL of the storage account.
Note that in order to use the SAS URL with the Private Link URL, the client making the request must be connected to the same virtual network or Azure ExpressRoute circuit as the storage account.
Also there are some things you can acheck:
- Check that the client is connected to the same virtual network or Azure ExpressRoute circuit as the storage account. If the client is not connected to the same network, it will not be able to access the storage account over the Private Link.
- Ensure that the Private Endpoint for the Azure Blob storage account has been configured correctly. Check that the Private Endpoint has been provisioned in the same virtual network as the client and that the Private DNS zone has been configured correctly.
- Verify that the SAS URL has been correctly updated to include the Private Link URL. Double-check that you have replaced the storage account name in the URL with the Private Link URL of the storage account correctly, as described earlier.
- If you are still facing issues, check the logs and diagnostic information to see if there are any errors or issues that could be causing the problem. You can use the Azure Portal or Azure Storage SDKs to access the logs and diagnostics information for the storage account.
Hope I help.