search

Azure / azure-powershell

Microsoft Azure PowerShell
Other
4.23k stars 3.84k forks source link

Get/Set-AzStorageBlob runs into 403 - AuthorizationPermissionMismatch #26353

Open crlgb opened 7 hours ago

crlgb commented 7 hours ago

Description

Running the command will end in an AuthorizationPermissionMismatch. I have tested and confirmed this behaviour on an Azure Function using -UseConnectedAccount. The needed permissions for the user / resource to access the storage account are given (Storage Blob Data Contributor).

Issue script & Debug output

$BlobContext = New-AzStorageContext -StorageAccountName <> -UseConnectedAccount
Set-AzStorageBlobContent -File <> -Container <> -Blob <> -Context $BlobContext -Container <> -Force

Environment data

Name                           Value
----                           -----
PSVersion                      7.2.22
PSEdition                      Core
GitCommitId                    7.2.22
OS                             Linux 5.15.164.1-1.cm2 #1 SMP Sun Aug 18 19:16:21 UTC 2024
Platform                       Unix
PSCompatibleVersions           {1.0, 2.0, 3.0, 4.0…}
PSRemotingProtocolVersion      2.3
SerializationVersion           1.1.0.1
WSManStackVersion              3.0

Module versions

Name              : Az.Accounts
Version           : 3.0.0

Name              : Az.KeyVault
Version           : 6.0.0

Name              : Az.Storage
Version           : 7.0.0

Error output

InnerException   : False
Exception        : Microsoft.PowerShell.Commands.WriteErrorException: At /home/site/wwwroot/PushTableToBlob/run.ps1:24 char:17
                   + …             Set-AzStorageBlobContent -File $CustomPath -Container $Ta …
                   +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                   Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code: 403 - HTTP Error Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   ErrorCode: AuthenticationFailed
                   ErrorMessage: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   RequestId:X
                   Time:2024-10-16T17:X
                   AuthenticationErrorDetail: Issuer validation failed. Issuer did not match.
Message          : At /home/site/wwwroot/PushTableToBlob/run.ps1:24 char:17
                   + …             Set-AzStorageBlobContent -File $CustomPath -Container $Ta …
                   +               ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
                   Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code: 403 - HTTP Error Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   ErrorCode: AuthenticationFailed
                   ErrorMessage: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   RequestId:X
                   Time:2024-10-16T17:X
                   AuthenticationErrorDetail: Issuer validation failed. Issuer did not match.
StackTrace       : 
HelpLink         : 
ErrorDetails     : 
ErrorCategory    : NotSpecified: (:) [Write-Error], WriteErrorException
InvocationInfo   : System.Management.Automation.InvocationInfo
ScriptStackTrace : at <ScriptBlock>, /home/site/wwwroot/PushTableToBlob/run.ps1: line 28

InnerException   : False
Exception        : Microsoft.Azure.Storage.StorageException: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. HTTP Status Code: 403 - HTTP Error Message: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   ErrorCode: AuthenticationFailed
                   ErrorMessage: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   RequestId:X
                   Time:2024-10-16T17:X
                   AuthenticationErrorDetail: Issuer validation failed. Issuer did not match.
                    ---> Microsoft.Azure.Storage.StorageException: Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                      at Microsoft.WindowsAzure.Commands.Storage.Common.DataMovementTransferHelper.DoTransfer(Func`1 doTransfer, ProgressRecord record, TaskOutputStream outputStream)
                      at Microsoft.WindowsAzure.Commands.Storage.Blob.SetAzureBlobContentCommand.Upload2Blob(Int64 taskId, IStorageBlobManagement localChannel, String filePath, CloudBlob blob)
                      at Microsoft.WindowsAzure.Commands.Storage.Common.LimitedConcurrencyTaskScheduler.RunConcurrentTask(Int64 taskId, Task task)
                   Request Information
                   RequestID:X
                   RequestDate:Wed, 16 Oct 2024 17:X
                   StatusMessage:Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
                   ErrorCode:AuthenticationFailed
crlgb commented 7 hours ago

Reopening after moving from user based issue to azure function context.