https://pulumi.com logo
Title
l

late-diamond-14259

04/21/2021, 3:55 PM
Having an issue creating a stack with Azure blob state management: "Signature did not match. String to sign used was racwdl"
$Env:AZURE_STORAGE_SAS_TOKEN="sp=racwdl&st=2021-04-21T15:25:39Z&se=2022-04-21T23:25:39Z&spr=https&sv=2020-02-10&sr=c&sig=REDACTED"
PS C:\repos\prft\skills-app> pulumi stack init skills-dev
error: could not create stack: An IO error occurred while writing the new snapshot file: blob (key ".pulumi/stacks/skills-dev.json") (code=Unknown): write error: -> <http://github.com/Azure/azure-storage-blob-go/azblob.newStorageError|github.com/Azure/azure-storage-blob-go/azblob.newStorageError>, D:/a/pulumi/pulumi/pkg/mod/github.com/!azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=AuthenticationFailed) =====
Description=Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
RequestId:15572c0a-101e-000e-49c2-3621a3000000
Time:2021-04-21T15:28:27.4473913Z, Details:
   AuthenticationErrorDetail: Signature did not match. String to sign used was racwdl
2021-04-21T15:25:39Z
2022-04-21T23:25:39Z
/blob/REDACTED/REDACTED.blob.core.windows.net


https
2020-02-10
c






   Code: AuthenticationFailed
   PUT <https://REDACTED.blob.core.windows.net/REDACTED.blob.core.windows.net/pulumi/.pulumi/stacks/skills-dev.json?blockid=gsvxdmkkske8ya1c%2Bbfe1waaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa%3D%3D&comp=block&se=2022-04-21t23%3A25%3A39z&sig=REDACTED&sp=racwdl&spr=https&sr=c&st=2021-04-21t15%3A25%3A39z&sv=2020-02-10&timeout=61>
   Content-Length: [77]
   User-Agent: [go-cloud/blob/0.1.0 Azure-Storage/0.13 (go1.16.3; Windows_NT)]
   X-Ms-Client-Request-Id: [da124201-4b94-4358-7152-18aa3dfa73a3]
   X-Ms-Version: [2019-12-12]
   --------------------------------------------------------------------------------
   RESPONSE Status: 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
   Content-Length: [553]
   Content-Type: [application/xml]
   Date: [Wed, 21 Apr 2021 15:28:26 GMT]
   Server: [Microsoft-HTTPAPI/2.0]
   X-Ms-Error-Code: [AuthenticationFailed]
   X-Ms-Request-Id: [15572c0a-101e-000e-49c2-3621a3000000]
w

worried-knife-31967

04/21/2021, 4:45 PM
try setting the subscription with
az account -s <subscription>
l

late-diamond-14259

04/21/2021, 5:08 PM
I have a subscription set, I was previously using local state and deploying to the correct subscription. I am now trying to move from local state to blob state. I switched over to using AZURE_STORAGE_KEY and I'm not getting the auth error. Now I'm getting "The specified resource name contains invalid characters." so I assume I have passed the auth.
I'm wondering if I need a specific version/configuration for the storage account. Is there any documentation the specifies what type of blob storage is required?
Figured it out, the issue was I was using a full url of the store and container for the azblob://..., I corrected this and am just using the container name.