Share via

azcopy cp fail to copy file from local to cloud

Xinming Zhuo 21 Reputation points
2021-10-05T16:32:34.83+00:00

azcopy login
azcopy make 'https://teststore.blob.core.windows.net/testcontainer'
INFO: Authenticating to destination using Azure AD
Successfully created the resource.

.\azcopy cp 'C:\Users\test\Downloads\azcopy_windows_amd64_10.12.2.zip' 'https://nfteststore.blob.core.windows.net/testcontainer/azcopy_windows_amd64_10.12.2.zip' --put-md5

INFO: Scanning...
INFO: Authenticating to destination using Azure AD
INFO: Any empty folders will not be processed, because source and/or destination doesn't have full folder support

Job 27550018-b68e-e947-5d0e-0eee01756d70 has started
Log file is located at: C:\Users\test.azcopy\27550018-b68e-e947-5d0e-0eee01756d70.log

INFO: Authentication failed, it is either not correct, or expired, or does not have the correct permission -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, /home/vsts/go/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.1-0.20210823171415-e7932f52ad61/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
RequestId:19a5830e-901e-0045-1f04-ba9ee4000000
Time:2021-10-05T16:14:46.1894124Z, Details:
Code: AuthorizationPermissionMismatch
PUT https://nfteststore.blob.core.windows.net/testcontainer/azcopy_windows_amd64_10.12.2.zip?blockid=MzA5MjkxNmUtMWEyMS1kNTQ3LTQwZTEtMDA1NjQxMGMwYjJj&comp=block&timeout=901
Authorization: REDACTED
Content-Length: [8388608]
User-Agent: [AzCopy/10.12.2 Azure-Storage/0.14 (go1.16; Windows_NT)]
X-Ms-Client-Request-Id: [aa507122-e7e2-441f-42dd-ee6895b2ad1e]
X-Ms-Version: [2019-12-12]

RESPONSE Status: 403 This request is not authorized to perform this operation using this permission.
Content-Length: [279]
Content-Type: [application/xml]
Date: [Tue, 05 Oct 2021 16:14:45 GMT]
Server: [Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0]
X-Ms-Client-Request-Id: [aa507122-e7e2-441f-42dd-ee6895b2ad1e]
X-Ms-Error-Code: [AuthorizationPermissionMismatch]
X-Ms-Request-Id: [19a5830e-901e-0045-1f04-ba9ee4000000]
X-Ms-Version: [2019-12-12]

0.0 %, 0 Done, 0 Failed, 1 Pending, 0 Skipped, 1 Total,

Job 27550018-b68e-e947-5d0e-0eee01756d70 summary
Elapsed Time (Minutes): 0.0334
Number of File Transfers: 1
Number of Folder Property Transfers: 0
Total Number of Transfers: 1
Number of Transfers Completed: 0
Number of Transfers Failed: 1
Number of Transfers Skipped: 0
TotalBytesTransferred: 0
Final Job Status: Cancelled

Azure Storage
Azure Storage
Globally unique resources that provide access to data management services and serve as the parent namespace for the services.
3,530 questions
0 comments
Accepted answer
  1. Sumarigo-MSFT 47,466 Reputation points Microsoft Employee Moderator
    2021-10-06T07:56:37.237+00:00

    @Xinming Zhuo Status: AuthorizationPermissionMismatch|This request is not authorized to perform this operation using this permission.

    It's like the oauth token isn't getting set correctly when trying to use that as the authentication mechanism also (re generate the SAS token and also cross verify allowed permissions)

    Refer to the suggestion mentioned in this GitHub link and let me know the status

    Reference: https://github.com/Azure/azure-storage-azcopy/issues/452#issuecomment-503812803
    https://github.com/Azure/azure-storage-azcopy/issues/819
    https://github.com/Azure/azure-storage-azcopy/issues/122

    Note: Every request made by the user to access/modify data from a storage account must be authenticated/authorized unless the resource being accessed is public resource.

    Now there are two broad categories of Authn/AuthZ we support :-

    Signature Based Auth:- Shared Key and Shared Access Signature (SAS).
    SAS avoids authentication as a specific user and grants restricted access rights to the resource. So the user gets granular level resource access in storage account without hampering security. You can create a SAS key for a resource from Azure_Portal/Storage_Explorer/REST_API etc. So, your copy request will look like
    azcopy cp "/path/to/file.txt" "https://[account].blob.core.windows.net/[container]/[path/to/blob]?[SAS]
    Please read this for more information.

    Identity Based Auth:- Azure AD and Anonymous(Public) Access.
    Azure AD is OAuth based token used for AuthN. A user can identify itself by running azcopy login command (OAuth Token). A user is assigned roles which essentially control access-rights such as read, modify, delete etc. Please read this for more information.

    For work around you can refer to this GitHub link

    Please let us know if you have any further queries. I’m happy to assist you further.
    Looking forward for your reply!

    ------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Please do not forget to 138065-image.png and “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.