Example not working with `azidentity.NewDefaultAzureCredential(nil)`
Opened this issue · 2 comments
This issue is for a: (mark with an x)
- [x] bug report -> please search issues before submitting
- [ ] feature request
- [ ] documentation issue or request
- [ ] regression (a behavior that used to work and stopped in a new release)
Minimal steps to reproduce
Run the example as documented in the README:
- create the storange account
- edit
storage-quickstart.goby replacing the<StorageAccountName>with the actual name to be used az login- go run storage-quickstart.go
Any log messages given by the failure
# go run storage-quickstart.go
Azure Blob storage quick start sample
Creating a container named quickstart-4817313775875140775
Creating a dummy file to test the upload and download
2022/05/06 13:24:35 Failure to upload to blob: ===== RESPONSE ERROR (ErrorCode=AuthorizationPermissionMismatch) =====
Description=This request is not authorized to perform this operation using this permission.
RequestId:8d3546a9-e01e-0063-453b-61bd38000000
Time:2022-05-06T11:24:15.5872142Z, Details: (none)
exit status 1
Expected/desired behavior
# go run storage-quickstart.go
Azure Blob storage quick start sample
Creating a container named quickstart-7859879233567791186
Creating a dummy file to test the upload and download
Listing the blobs in the container:
https://aoeuaoeuaoeuaoeu.blob.core.windows.net/quickstart-7859879233567791186/quickstartblob-7024034036063403663
hello world this is a blob
Press enter key to delete the blob fils, example container, and exit the application.
Cleaning up.
Deleting the blob quickstartblob-7024034036063403663
Deleting the blob quickstart-7859879233567791186
OS and Version?
Arch Linux, current
Versions
master branch
Mention any other details that might be useful
I have tried various things to get Blob access working with azidentity.NewDefaultAzureCredential(nil) but failed miserably (I am logged in as owner on the root management group, so the permissions should be all set). There is also a section in the README.md that suggest to take note of the storage account name as well as the storage account key for later use. However they are not used anymore in the quickstart.
The thing I got working is to replace the credentials, err := azidentity.NewDefaultAzureCredential(nil) with the following:
accountName, ok := os.LookupEnv("AZURE_STORAGE_ACCOUNT_NAME")
if !ok {
panic(errors.New("AZURE_STORAGE_ACCOUNT_NAME could not be found"))
}
accountKey, ok := os.LookupEnv("AZURE_STORAGE_ACCOUNT_KEY")
if !ok {
panic(errors.New("AZURE_STORAGE_ACCOUNT_KEY could not be found"))
}
credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)... and then...
serviceClient, err := azblob.NewServiceClientWithSharedKey(url, credential, nil)
// ...
blobClient := containerClient.NewBlockBlobClient(url + containerName + "/" + blobName)... instead of...
serviceClient, err := azblob.NewServiceClient(url, credential, nil)
// ...
blobClient, err := azblob.NewBlockBlobClient(url+containerName+"/"+blobName, credential, nil)
if err != nil {
log.Fatal(err)
}You might also want to drop a comment on https://stackoverflow.com/questions/72126128/how-to-fetch-blob-from-azure
Hi @sontags
if you using Azure Identity (RBAC roles) you also have to grant role on data plane (owner is control plane RBAC role)
https://learn.microsoft.com/en-us/azure/storage/blobs/assign-azure-role-data-access?tabs=portal
Btw, my example after trying to get it working with Storage Key:
credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
if err != nil {
logger.Warn("Invalid credentials with error: " + err.Error())
}
blobClient, err := blockblob.NewClientWithSharedKeyCredential(blobUrl, credential, nil)
if err != nil {
logger.Warn("Invalid credentials with error: " + err.Error())
}