https://pulumi.com logo
Powered by
Title
i

important-holiday-25047

09/09/2021, 4:44 PM
Hi there, I have a problem regarding the creation of a sas for azure storage: I am using the function 'listStorageAccountServiceSAS' from 'pulumi/azure-native/storage' to generate a SAS Token but it is never accepted when I try it The code looks like this: 
const blobSAS = storage.listStorageAccountServiceSAS({
        accountName: storageAccountName,
        protocols: storage.HttpProtocol.Https,
        sharedAccessStartTime: "2021-08-08",//new Date(nowDate.getTime() - 60 * 60000).toISOString(),
        sharedAccessExpiryTime: "2021-10-10",//new Date(nowDate.getTime() + 600 * 60000).toISOString(),
        resource: storage.SignedResource.C,
        resourceGroupName: resourceGroupName,
        permissions: storage.Permissions.R + storage.Permissions.W + storage.Permissions.D + storage.Permissions.L + storage.Permissions.A + storage.Permissions.C + storage.Permissions.U,
        canonicalizedResource: "/blob/" + storageAccountName + "/" + storageContainerName,
    });
    return pulumi.interpolate `https://${storageAccountName}.<http://blob.core.windows.net/${storageContainerName}/?${blobSAS.then(x|blob.core.windows.net/${storageContainerName}/?${blobSAS.then(x> => x.serviceSasToken)}`;
I assume it's a problem with the canonicalizedResource, though I am not sure what value could be correct there, as it only allows a value starting with /blob/ When I compare a SAS Token created via azure storage directly and the one i get here I see that the Api Versions are very different: Azure Version: 2020-08-04 Pulumi Version: 2015-04-05 Also the used keywords seem to differ in these version so much that I can't compare them properly Thank in advance
t

tall-librarian-49374

09/09/2021, 7:08 PM
Will this example be helpful? https://github.com/pulumi/examples/blob/258d3bad0a00020704743e37911c51be63c06bb4/azure-ts-functions/helpers.ts#L17
One thing I see in your code is that you use 
pulumi.interpolate
for result but not for 
canonicalizedResource
Are 
storageAccountName
and/or 
storageContainerName
outputs?
i

important-holiday-25047

09/09/2021, 10:06 PM
I did actually use a pulumi.all(...).apply() call to ensure all outputs are already available, so the pulumi interpolate for the blobSAS object was solely for safetly if it is needed to resolve the blobSAS output. That shouldn't be any problem. I did switch now to the azure classic version to build the SAS and there it works as expected.
The example you posted is pretty much the same I already found, so thank you, but that sadly does not work. Especially as this example does focus to create a SAS that does modify one particular blob, I need a SAS that enables me to modify a whole container.
3 Views
#azureJoin Slack
Powered by