SAS URL generation for VM publishing

[alexeyshishkin01]

Hello, all!

I'm going to generate SAS URL for VM publishing via Azure CLI using the following documentation: https://docs.microsoft.com/en-us/azure/marketplace-publishing/marketplace-publishing-vm-image-creation#52-get-the-shared-access-signature-uri-for-your-vm-images It says it can be done, but there're no Azure CLI commands provided. Instead of Azure CLI commands there're PowerShell commands specified. I tried to do it by myself using the following Azure CLI command: az storage container generate-sas \ --name \ --account-name \ --start 2018-02-13T00:00Z \ --expiry 2018-03-06T00:00Z \ --permissions rl It generates SAS URI for which I add VHD-file name to get SAS URL for VM publishing. But the issue is publishing process fails due to incorrect SAS URL. So my questions are:

• is it possible to add Azure CLI commands into documentation?

• while it's being added what's wrong with my Azure CLI command?

Environment summary

Install Method (e.g. pip, interactive script, apt-get, Docker, MSI, edge build) / CLI version (az --version) / OS version / Shell Type (e.g. bash, cmd.exe, Bash on Windows)

root@Alexey-HP:~# az --version | head -1 azure-cli (2.0.26)

Microsoft Windows [Version 10.0.17074.1000]

Bash on Windows

[alexeyshishkin01]

I generated SAS URI with GUI-tool Microsoft Azure Storage Explorer - in this case publishing process successfully finished, it means Azure CLI either generates wrong SAS URI or Azure CLI commands for generating SAS URI need to be better documented

[alexeyshishkin01]

it looks like an issue can be easily fixed: 1)

• the output of 'az storage container generate-sas -h' suggests to use datetime for '--start' and '--expiry' keys in the format of 'Y-m-d'T'H:M'Z' which is not correct, since Microsoft Azure Storage Explorer generates SAS URI with 'H:M:S' in mind (although it doesn't show 'S' in the GUI interface - this is the case for a fix as well) 2)
• if I provide datetime in format 'Y-m-d'T'H:M:S'Z' for '--start' and '--expire' for the 'az storage container generate-sas ...' SAS URI is correctly generated and I can successfully publish my VM 3)
• so the proposed fix is to amend datetime format for 'az storage container generate-sas -h' output

[alex-miro]

I have the same problem and it does not seem to resolve no matter what options and time formats I use. In the reference at https://docs.microsoft.com/en-us/azure/marketplace-publishing/marketplace-publishing-vm-image-creation#52-get-the-shared-access-signature-uri-for-your-vm-images the examples are simply wrong ( or probably refer to some old version ).

Can the developers please try the cli interface to actually obtain a valid sas string for publishing in the marketplace and fix the reference ? my environment:

# az --version
azure-cli (2.0.43)

acr (2.1.2)
acs (2.2.2)
advisor (0.6.0)
ams (0.2.1)
appservice (0.2.1)
backup (1.2.0)
batch (3.3.1)
batchai (0.4.0)
billing (0.2.0)
cdn (0.1.0)
cloud (2.1.0)
cognitiveservices (0.2.0)
command-modules-nspkg (2.0.2)
configure (2.0.18)
consumption (0.4.0)
container (0.3.2)
core (2.0.43)
cosmosdb (0.2.0)
dla (0.2.0)
dls (0.1.0)
dms (0.1.0)
eventgrid (0.2.0)
eventhubs (0.2.1)
extension (0.2.1)
feedback (2.1.4)
find (0.2.12)
interactive (0.3.27)
iot (0.2.0)
keyvault (2.2.1)
lab (0.1.0)
maps (0.3.1)
monitor (0.2.1)
network (2.2.2)
nspkg (3.0.3)
policyinsights (0.1.0)
profile (2.1.1)
rdbms (0.3.0)
redis (0.3.0)
reservations (0.3.1)
resource (2.1.1)
role (2.1.2)
search (0.1.0)
servicebus (0.2.1)
servicefabric (0.1.0)
sql (2.1.1)
storage (2.1.1)
vm (2.2.0)

Python location '/usr/lib64/az/bin/python'
Extensions directory '/root/.azure/cliextensions'

Python (Linux) 2.7.5 (default, Jul  3 2018, 06:28:28) 
[GCC 4.8.5 20150623 (Red Hat 4.8.5-28.0.1)]

[alexeyshishkin01]

alex-miro,

does it work for you?:

az storage container generate-sas \ --name \ --account-name \ --start 2018-08-22T02:03:04Z \ --expiry 2018-09-13T02:03:04Z \ --permissions rl

it works fine for my CLI 2.0.44

[alex-miro]

Yes, it worked, thank you !

My mistake was trying to generate a complete string for a vhd for Marketplace placement in one cli command. Now I stitch the url path with the output of az storage container generate-sas <...>.

Azure developers : the documentation update for the CLI is SERIOUSLY overdue

[tjprescott]

cc/ @williexu @adewaleo

[alexeyshishkin01]

alex-miro,

nice to hear that!

[alexeyshishkin01]

alex-miro,

are you able to create VM entirely in cloud, i.e. without moving VM's VHD-file back and forth?

[alexeyshishkin01]

I'm asking because this topic is not documented at all

[williexu]

@alexeyshishkin01 @alex-miro the format, 'Y-m-d'T'H:M'Z' should suffice, though adding seconds does not hurt. Please try the following:

start=`date -d "10 minutes ago" '+%Y-%m-%dT%H:%MZ'`
end=`date -d "30 minutes" '+%Y-%m-%dT%H:%MZ'`
sas=`az storage container generate-sas -n wilxcontainer --account-name wilxremove --https-only --permissions dlrw --start $start --expiry $end -otsv`
az storage blob upload -n newblob -c mycontainer --account-name myaccount -f ../temp/file.txt --sas-token $sas

An example of the value in start: 2018-08-24T23:32Z Also notice the addition of -otsv in the generate-sas command, which will output a raw string.

It does seem like users can benefit from examples, I will look into adding some.

[nbayle]

Every. Single. Document on Microsoft's various sites is wrong and damn near all the tools generate invalid SAS URLs. This product is an abomination.

[alexeyshishkin01]

we can fix it, ain't we?

[williexu]

@nbayle @alexeyshishkin01 I've added examples: https://github.com/Azure/azure-cli/pull/7153/files#diff-32882f7652ab67bdbdbf7815216079faR819 for the sas-url generation commands. They will be synced to our docs in our next release and will be available with our 2.0.46 release.

[alexeyshishkin01]

thanks, pls. think about the bigger documentation task: there's no doc so far which describes how to put vendors VM into the marketplace 'in the cloud', i.e. without on-premise VM vendor has to read a lot of documentation about it, this documentation is now always correct (you can look at my submitted issues here), creating VM for the marketplace differs from one Linux OS to another (CentOS, Debian, Ubuntu) if you think this is important to attract new vendors into the cloud, I can help you because I assembled such documentation by myself if you are not sure about importance of such doc you can forward this issue to upper mgmt thanks!

[williexu]

@alexeyshishkin01 I'll work to update the outdated doc. and make a PR to update: https://github.com/MicrosoftDocs/azure-docs/blob/master/articles/marketplace-publishing/marketplace-publishing-vm-image-creation.md

[alexeyshishkin01]

ok, will wait - it took me about half a year to compile such document for myself I'd suggest to cover CLI option as a must since it's universal tool and provides complete functionality (in comparison with browser) I'd also like you to cover the differences between free Linux OSes - CentOS, Ubuntu, Debian And the most important stuff - make sure to test each and every step of this big guide, otherwise it's going to be useless and irritable (see above) If you have questions about the guide - just let me know :-)