Channels
announcements
automation-api
aws
azure
blog-posts
built-with-pulumi
cloudengineering
cloudengineering-support
content-share
contribex
contribute
docs
dotnet
finops
general
getting-started
gitlab
golang
google-cloud
hackathon-03-19-2020
hacktoberfest
install
java
jobs
kubernetes
learn-pulumi-events
linen
localstack
multi-language-hackathon
office-hours
oracle-cloud-infrastructure
package-authoring
pulumi-ai
pulumi-cdk
pulumi-cloud
pulumi-crosscode
pulumi-deployments
pulumi-kubernetes-operator
pulumiverse
python
registry
status
testingtesting123
testingtesting321
typescript
welcome
workshops
yaml
Title
l
late-diamond-14259
04/21/2021, 3:55 PMHaving an issue creating a stack with Azure blob state management: "Signature did not match. String to sign used was racwdl"
$Env:AZURE_STORAGE_SAS_TOKEN="sp=racwdl&st=2021-04-21T15:25:39Z&se=2022-04-21T23:25:39Z&spr=https&sv=2020-02-10&sr=c&sig=REDACTED"
PS C:\repos\prft\skills-app> pulumi stack init skills-dev
error: could not create stack: An IO error occurred while writing the new snapshot file: blob (key ".pulumi/stacks/skills-dev.json") (code=Unknown): write error: -> <http://github.com/Azure/azure-storage-blob-go/azblob.newStorageError|github.com/Azure/azure-storage-blob-go/azblob.newStorageError>, D:/a/pulumi/pulumi/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthenticationFailed) =====
Description=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:15572c0a-101e-000e-49c2-3621a3000000
Time:2021-04-21T15:28:27.4473913Z, Details:
AuthenticationErrorDetail: Signature did not match. String to sign used was racwdl
2021-04-21T15:25:39Z
2022-04-21T23:25:39Z
/blob/REDACTED/REDACTED.blob.core.windows.net
https
2020-02-10
c
Code: AuthenticationFailed
PUT <https://REDACTED.blob.core.windows.net/REDACTED.blob.core.windows.net/pulumi/.pulumi/stacks/skills-dev.json?blockid=gsvxdmkkske8ya1c%2Bbfe1waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%3D%3D&comp=block&se=2022-04-21t23%3A25%3A39z&sig=REDACTED&sp=racwdl&spr=https&sr=c&st=2021-04-21t15%3A25%3A39z&sv=2020-02-10&timeout=61>
Content-Length: [77]
User-Agent: [go-cloud/blob/0.1.0 Azure-Storage/0.13 (go1.16.3; Windows_NT)]
X-Ms-Client-Request-Id: [da124201-4b94-4358-7152-18aa3dfa73a3]
X-Ms-Version: [2019-12-12]
--------------------------------------------------------------------------------
RESPONSE Status: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
Content-Length: [553]
Content-Type: [application/xml]
Date: [Wed, 21 Apr 2021 15:28:26 GMT]
Server: [Microsoft-HTTPAPI/2.0]
X-Ms-Error-Code: [AuthenticationFailed]
X-Ms-Request-Id: [15572c0a-101e-000e-49c2-3621a3000000]w
worried-knife-31967
04/21/2021, 4:45 PMtry setting the subscription with
az account -s <subscription>l
late-diamond-14259
04/21/2021, 5:08 PMI have a subscription set, I was previously using local state and deploying to the correct subscription. I am now trying to move from local state to blob state. I switched over to using AZURE_STORAGE_KEY and I'm not getting the auth error. Now I'm getting "The specified resource name contains invalid characters." so I assume I have passed the auth.
I'm wondering if I need a specific version/configuration for the storage account. Is there any documentation the specifies what type of blob storage is required?
Figured it out, the issue was I was using a full url of the store and container for the azblob://..., I corrected this and am just using the container name.