search

Azure / azure-storage-fuse

A virtual file system adapter for Azure Blob storage
Other
674 stars 209 forks source link

Managed identity authentication fails #1469

Closed amir734jj closed 2 months ago

amir734jj commented 4 months ago

Which version of blobfuse was used?

> blobfuse2 --version
blobfuse2 version 2.3.0

Which OS distribution and version are you using?

> lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description:    Ubuntu 22.04.2 LTS
Release:        22.04
Codename:       jammy

If relevant, please share your mount command.

> blobfuse2 mount ./taha-mount --config-file=./config.yml
> cat config.yml
logging:
  type: syslog
  level: log_debug
  file-path: ./taha-temp

components:
  - libfuse
  - file_cache
  - attr_cache
  - azstorage

libfuse:
  attribute-expiration-sec: 120
  entry-expiration-sec: 120
  negative-entry-expiration-sec: 240

file_cache:
  path: ./taha-temp
  timeout-sec: 120
  max-size-mb: 4096

attr_cache:
  timeout-sec: 7200

azstorage:
  type: block
  account-name: <storage-account-name>
  endpoint: https://<storage-account-name>.blob.core.windows.net
  mode: msi
  container: initcontainershare
  # appid: 
  # objid: 
  resid: /subscriptions/<storage-account-subscription>/resourceGroups/<storage-account-resource-group>/providers/Microsoft.Storage/storageAccounts/<storage-account-name>

What was the issue encountered?

Have you found a mitigation/solution?

No

Please share logs if available.

Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [mount.go (408)]: Mount Command: [blobfuse2 mount ./taha-mount --config-file=./config.yml]
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_CRIT [mount.go (409)]: Logging level set to : LOG_DEBUG
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [mount.go (410)]: Mount allowed on nonempty path : false
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [libfuse.go (253)]: Libfuse::Configure : libfuse
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [libfuse.go (244)]: Libfuse::Validate : UID 1000, GID 1000
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [libfuse.go (304)]: Libfuse::Configure : read-only false, allow-other false, allow-root false, default-perm 493, entry-timeout 120, attr-time 120, negative-timeout 240, ignore-open-flags true, nonempty false, direct_io false, max-fuse-threads 128, fuse-trace false, extension , disable-writeback-cache false, dirPermission 509, mountPath /home/amir/taha-mount, umask 0
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [file_cache.go (219)]: FileCache::Configure : file_cache
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [file_cache.go (304)]: FileCache::Configure : Using default eviction policy
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [file_cache.go (331)]: FileCache::Configure : create-empty false, cache-timeout 120, tmp-path /home/amir/taha-temp, max-size-mb 4096, high-mark 80, low-mark 60, refresh-sec 0, max-eviction 5000, hard-limit false, policy , allow-non-empty-temp false, cleanup-on-start false, policy-trace false, offload-io false, sync-to-flush false, ignore-sync true, defaultPermission -rwxr-xr-x, diskHighWaterMark 0, maxCacheSize 4096, mountPath /home/amir/taha-mount
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [attr_cache.go (126)]: AttrCache::Configure : attr_cache
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [attr_cache.go (156)]: AttrCache::Configure : cache-timeout 7200, symlink false, cache-on-list true, max-files 5000000
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [azstorage.go (84)]: AzStorage::Configure : azstorage
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [config.go (296)]: ParseAndValidateConfig : Parsing config
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [config.go (410)]: ParseAndValidateConfig : using the following proxy address from the config file:
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [config.go (519)]: ParseAndReadDynamicConfig : Reparsing config
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [config.go (417)]: ParseAndValidateConfig : Getting auth type
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [config.go (505)]: ParseAndValidateConfig : account <storage-account-name>, container initcontainershare, account-type BLOCK, auth MSI, prefix , endpoint https://<storage-account-name>.blob.core.windows.net/, MD5 false false, virtual-directory true, disable-compression false, CPK false
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [config.go (508)]: ParseAndValidateConfig : use-HTTP false, block-size 0, max-concurrency 32, default-tier %!s(*generated.AccessTier=<nil>), fail-unsupported-op true, mount-all-containers false
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [config.go (509)]: ParseAndValidateConfig : Retry Config: retry-count 5, max-timeout 900, backoff-time 4, max-delay 60
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [config.go (512)]: ParseAndValidateConfig : Telemetry : , honour-ACL false, disable-symlink true
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (163)]: BlockBlob::SetupPipeline : Setting up
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (144)]: BlockBlob::createServiceClient : Getting service client
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [azauth.go (82)]: azAuth::getAzAuth : Account: <storage-account-name>, AccountType: BLOCK, Protocol: https, Endpoint: https://<storage-account-name>.blob.core.windows.net/
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (226)]: BlockBlob::SetPrefixPath : path
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (180)]: BlockBlob::TestPipeline : Validating
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : =====> Try=1
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : =====> Try=1
Wed Jul 24 15:13:16 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Request) : ==> OUTGOING REQUEST (Try=1)
   GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&msi_res_id=REDACTED&resource=https%3A%2F%2Fstorage.azure.com
   Metadata: REDACTED
   User-Agent: azsdk-go-azidentity/v1.5.2 (go1.22.1; linux)

Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Response) : ==> REQUEST/RESPONSE (Try=1/30

.007843067s)
   GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&msi_res_id=REDACTED&resource=https%3A%2F%2Fstorage.azure.com
   Metadata: REDACTED
   User-Agent: azsdk-go-azidentity/v1.5.2 (go1.22.1; linux)

   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Content-Length: 2027
   Content-Type: application/json; charset=utf-8
   Date: Wed, 24 Jul 2024 20:13:45 GMT

Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_INFO [msi.go (133)]: Msi::GetTokenUsingIMDS : Received new token from IMDS
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [azauth.go (116)]: azAuth::getAzAuth : token acquired.
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (121)] : BlockBlob::TestPipeline : Pipeline test successful.
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (132)]: BlockBlob::TestPipeline : Test pipeline is successful
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [blobfuse2.go (357)]: Mount : Setting up mount
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_TRACE [blobfuse2.go (374)]: Mount : Starting up mount.
Wed Jul 24 15:13:46 CDT 2024 : blobfuse2[505] : [/home/amir/taha-mount] LOG_DEBUG [libfuse.go (420)]: Libfuse::InitLibfuse : libfuse session created and started.
ashruti-msft commented 4 months ago

You are getting this error because you are sharing the resource id of your storage account but you have to give the res-id of your identity. We do mention to use only one of the three parameters in our README

amir734jj commented 4 months ago

Makes sense. I created a VM with managed identity enabled

image

and then installed ubuntu sub-system.

This is the updated config.yml

cat config.yml
logging:
  type: syslog
  level: log_debug
  file-path: ./taha-temp

components:
  - libfuse
  - file_cache
  - attr_cache
  - azstorage

libfuse:
  attribute-expiration-sec: 120
  entry-expiration-sec: 120
  negative-entry-expiration-sec: 240

file_cache:
  path: ./taha-temp
  timeout-sec: 120
  max-size-mb: 4096

attr_cache:
  timeout-sec: 7200

azstorage:
  type: block
  account-name: <storage-account-name>
  mode: msi
  container: deleteme
  resid: /subscriptions/<managed-identity-subscription>/resourcegroups/<managed-identity-resource-group>/providers/microsoft.managedidentity/userassignedidentities/<managed-identity-name>

and this is the logs

blobfuse2 mount ./taha-mount --config-file=./config.yml
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_CRIT [mount.go (407)]: Starting Blobfuse2 Mount : 2.3.0 on [Ubuntu 22.04.1 LTS]
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [mount.go (408)]: Mount Command: [blobfuse2 mount ./taha-mount --config-file=./config.yml]
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_CRIT [mount.go (409)]: Logging level set to : LOG_DEBUG
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [mount.go (410)]: Mount allowed on nonempty path : false
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [libfuse.go (253)]: Libfuse::Configure : libfuse
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [libfuse.go (244)]: Libfuse::Validate : UID 1000, GID 1000
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [libfuse.go (304)]: Libfuse::Configure : read-only false, allow-other false, allow-root false, default-perm 493, entry-timeout 120, attr-time 120, negative-timeout 240, ignore-open-flags true, nonempty false, direct_io false, max-fuse-threads 128, fuse-trace false, extension , disable-writeback-cache false, dirPermission 509, mountPath /home/amir/taha-mount, umask 0
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [file_cache.go (219)]: FileCache::Configure : file_cache
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [file_cache.go (304)]: FileCache::Configure : Using default eviction policy
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [file_cache.go (331)]: FileCache::Configure : create-empty false, cache-timeout 120, tmp-path /home/amir/taha-temp, max-size-mb 4096, high-mark 80, low-mark 60, refresh-sec 0, max-eviction 5000, hard-limit false, policy , allow-non-empty-temp false, cleanup-on-start false, policy-trace false, offload-io false, sync-to-flush false, ignore-sync true, defaultPermission -rwxr-xr-x, diskHighWaterMark 0, maxCacheSize 4096, mountPath /home/amir/taha-mount
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [attr_cache.go (126)]: AttrCache::Configure : attr_cache
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [attr_cache.go (156)]: AttrCache::Configure : cache-timeout 7200, symlink false, cache-on-list true, max-files 5000000
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [azstorage.go (84)]: AzStorage::Configure : azstorage
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [config.go (296)]: ParseAndValidateConfig : Parsing config
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_WARNING [config.go (367)]: ParseAndValidateConfig : account endpoint not provided, assuming the default .core.windows.net style endpoint
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [config.go (410)]: ParseAndValidateConfig : using the following proxy address from the config file:
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [config.go (519)]: ParseAndReadDynamicConfig : Reparsing config
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [config.go (417)]: ParseAndValidateConfig : Getting auth type
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [config.go (505)]: ParseAndValidateConfig : account <storage-account-name>, container deleteme, account-type BLOCK, auth MSI, prefix , endpoint https://<storage-account-name>.blob.core.windows.net/, MD5 false false, virtual-directory true, disable-compression false, CPK false
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [config.go (508)]: ParseAndValidateConfig : use-HTTP false, block-size 0, max-concurrency 32, default-tier %!s(*generated.AccessTier=<nil>), fail-unsupported-op true, mount-all-containers false
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [config.go (509)]: ParseAndValidateConfig : Retry Config: retry-count 5, max-timeout 900, backoff-time 4, max-delay 60
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_INFO [config.go (512)]: ParseAndValidateConfig : Telemetry : , honour-ACL false, disable-symlink true
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (163)]: BlockBlob::SetupPipeline : Setting up
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (144)]: BlockBlob::createServiceClient : Getting service client
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [azauth.go (82)]: azAuth::getAzAuth : Account: <storage-account-name>, AccountType: BLOCK, Protocol: https, Endpoint: https://<storage-account-name>.blob.core.windows.net/
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (226)]: BlockBlob::SetPrefixPath : path
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_TRACE [block_blob.go (180)]: BlockBlob::TestPipeline : Validating
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : =====> Try=1
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : =====> Try=1
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Request) : ==> OUTGOING REQUEST (Try=1)
   GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&msi_res_id=REDACTED&resource=https%3A%2F%2Fstorage.azure.com
   Metadata: REDACTED
   User-Agent: azsdk-go-azidentity/v1.5.2 (go1.22.1; linux)

Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Response) : ==> REQUEST/RESPONSE (Try=1/8.2216ms, OpTime=8.2526ms) -- RESPONSE RECEIVED
   GET http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&msi_res_id=REDACTED&resource=https%3A%2F%2Fstorage.azure.com
   Metadata: REDACTED
   User-Agent: azsdk-go-azidentity/v1.5.2 (go1.22.1; linux)
   --------------------------------------------------------------------------------
   RESPONSE Status: 200 OK
   Content-Length: 1953
   Content-Type: application/json; charset=utf-8
   Date: Thu, 25 Jul 2024 19:17:26 GMT
   Server: IMDS/150.870.65.1305
   X-Ms-Request-Id: d7179d66-1aaf-45fd-a432-6df675be04c8

Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : response 200
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : exit due to non-retriable status code
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Authentication) : ManagedIdentityCredential.GetToken() acquired a token for scope "https://storage.azure.com"
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Request) : ==> OUTGOING REQUEST (Try=1)
   GET https://<storage-account-name>.blob.core.windows.net/deleteme?comp=list&delimiter=%2F&maxresults=2&prefix=&restype=container
   Accept: application/xml
   Authorization: REDACTED
   User-Agent: Azure-Storage-Fuse/2.3.0 (Ubuntu 22.04.1 LTS) azsdk-go-azblob/v1.3.2 (go1.22.1; linux)
   x-ms-version: 2023-11-03

Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Response) : ==> REQUEST/RESPONSE (Try=1/188.294499ms, OpTime=188.327499ms) -- RESPONSE RECEIVED
   GET https://<storage-account-name>.blob.core.windows.net/deleteme?comp=list&delimiter=%2F&maxresults=2&prefix=&restype=container
   Accept: application/xml
   Authorization: REDACTED
   User-Agent: Azure-Storage-Fuse/2.3.0 (Ubuntu 22.04.1 LTS) azsdk-go-azblob/v1.3.2 (go1.22.1; linux)
   x-ms-version: 2023-11-03
   --------------------------------------------------------------------------------
   RESPONSE Status: 403 This request is not authorized to perform this operation.
   Content-Length: 246
   Content-Type: application/xml
   Date: Thu, 25 Jul 2024 19:17:26 GMT
   Server: Microsoft-HTTPAPI/2.0
   X-Ms-Error-Code: REDACTED
   X-Ms-Request-Id: be0386c9-801e-0013-48c7-ded21e000000

Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : response 403
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(Retry) : exit due to non-retriable status code
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_DEBUG [utils.go (151)]: SDK(ResponseError) : GET https://<storage-account-name>.blob.core.windows.net/deleteme
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:be0386c9-801e-0013-48c7-ded21e000000
Time:2024-07-25T19:17:27.3467009Z</Message></Error>
--------------------------------------------------------------------------------

Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_ERR [block_blob.go (199)]: BlockBlob::TestPipeline : Failed to validate account with given auth %!s(func() string=0x889cc0)
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_ERR [azstorage.go (161)]: AzStorage::configureAndTest : Failed to validate credentials [GET https://<storage-account-name>.blob.core.windows.net/deleteme
--------------------------------------------------------------------------------
RESPONSE 403: 403 This request is not authorized to perform this operation.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationFailure</Code><Message>This request is not authorized to perform this operation.
RequestId:be0386c9-801e-0013-48c7-ded21e000000
Time:2024-07-25T19:17:27.3467009Z</Message></Error>
--------------------------------------------------------------------------------
]
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_ERR [azstorage.go (101)]: AzStorage::Configure : Failed to validate storage account [failed to authenticate credentials for azstorage]
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_ERR [pipeline.go (69)]: Pipeline: error creating pipeline component azstorage [failed to authenticate credentials for azstorage]
Thu Jul 25 19:17:27 UTC 2024 : blobfuse2[6861] : [/home/amir/taha-mount] LOG_ERR [mount.go (413)]: mount : failed to initialize new pipeline [failed to authenticate credentials for azstorage]
Error: failed to initialize new pipeline [failed to authenticate credentials for azstorage

BTW, are you a MST employee? can we talk about this through internal channels?

ashruti-msft commented 4 months ago

Yes sure

ashruti-msft commented 3 months ago

@amir734jj Can you check if you have assigned the correct msi to your storage account with the necessary permissions.

vibhansa-msft commented 2 months ago

Closing this as there are no updates. Feel free to reopen when you have required information.