Error processing SAS token generated in Python code

Question

Hello Everyone

I am trying to generate a SAS token using Python code as per below doc

https://learn.microsoft.com/en-us/python/api/overview/azure/storage-blob-readme?view=azure-python

from datetime import datetime, timedelta
from azure.storage.blob import BlobServiceClient, generate_account_sas, ResourceTypes, AccountSasPermissions

sas_token = generate_account_sas(
account_name="https://accountname.blob.core.windows.net",
account_key="entered accountkey",
resource_types=ResourceTypes(service=True),
permission=AccountSasPermissions(read=True,add=True,create=True,write=True,delete=True),
expiry=datetime.utcnow() + timedelta(hours=1)
)
print (sas_token)

SAS token I received I added in below azcopy command

azcopy rm "https://accountnameb.blob.core.windows.net/containername/filename?sas_token"

I am getting below error

RequestId:0d6b21bb-101e-006a-0775-7d38d6000000
Time:2021-07-20T14:41:47.5594591Z, Details:
AuthenticationErrorDetail: Signature did not match. String to sign used was accounname
rwdac
b
s

2021-07-20T15:41:20Z

2020-06-12

Code: AuthenticationFailed

RESPONSE Status: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.

Could someone please help on this

Answer 1

@Anonymous
The issue is you are only allowing access to the ResourceType of service. You need to allow Access to the object level if you wish to delete blobs. See here for more information.

Hope this helps! Let me know if it is still not working or if you have further questions.

-------------------------------

Please don’t forget to "Accept the answer" and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

Answer 2

@Anonymous : Code worked fine after making the below change

resource_types=ResourceTypes(object=True)

Thanks a lot !!