https://pulumi.com logo
Join Slack
Powered by
Hi there, I have a problem regarding the creation ...
# azure
i
Hi there, I have a problem regarding the creation of a sas for azure storage: I am using the function 'listStorageAccountServiceSAS' from 'pulumi/azure-native/storage' to generate a SAS Token but it is never accepted when I try it The code looks like this:
Copy code
const blobSAS = storage.listStorageAccountServiceSAS({
        accountName: storageAccountName,
        protocols: storage.HttpProtocol.Https,
        sharedAccessStartTime: "2021-08-08",//new Date(nowDate.getTime() - 60 * 60000).toISOString(),
        sharedAccessExpiryTime: "2021-10-10",//new Date(nowDate.getTime() + 600 * 60000).toISOString(),
        resource: storage.SignedResource.C,
        resourceGroupName: resourceGroupName,
        permissions: storage.Permissions.R + storage.Permissions.W + storage.Permissions.D + storage.Permissions.L + storage.Permissions.A + storage.Permissions.C + storage.Permissions.U,
        canonicalizedResource: "/blob/" + storageAccountName + "/" + storageContainerName,
    });
    return pulumi.interpolate `https://${storageAccountName}.<http://blob.core.windows.net/${storageContainerName}/?${blobSAS.then(x|blob.core.windows.net/${storageContainerName}/?${blobSAS.then(x> => x.serviceSasToken)}`;
I assume it's a problem with the canonicalizedResource, though I am not sure what value could be correct there, as it only allows a value starting with /blob/ When I compare a SAS Token created via azure storage directly and the one i get here I see that the Api Versions are very different: Azure Version: 2020-08-04 Pulumi Version: 2015-04-05 Also the used keywords seem to differ in these version so much that I can't compare them properly Thank in advance
t
One thing I see in your code is that you use 
pulumi.interpolate
for result but not for 
canonicalizedResource
Are 
storageAccountName
and/or 
storageContainerName
outputs?
i
I did actually use a pulumi.all(...).apply() call to ensure all outputs are already available, so the pulumi interpolate for the blobSAS object was solely for safetly if it is needed to resolve the blobSAS output. That shouldn't be any problem. I did switch now to the azure classic version to build the SAS and there it works as expected.
The example you posted is pretty much the same I already found, so thank you, but that sadly does not work. Especially as this example does focus to create a SAS that does modify one particular blob, I need a SAS that enables me to modify a whole container.
4 Views
Open in Slack
PreviousNext
Powered by