generate_blob_shared_access_signature produces SAS incompatible with Azure when time format strings are not formatted correctly or datetime objects are not timezone aware

[spmp]

generate_blob_shared_access_signature produces SAS incompatible with Azure when time format strings are not formatted correctly or datetime objects are not timezone aware

blob SAS generation generate_blob_shared_access_signature

Issue relates to generate_blob_shared_access_signature, and by associate generate_blob etc

Which version of the SDK was used?

azure-storage-blob version 1.5.0

adal==1.2.1
aniso8601==6.0.0
antlr4-python3-runtime==4.7.2
applicationinsights==0.11.7
argcomplete==1.9.5
asn1crypto==0.24.0
atomicwrites==1.3.0
attrs==19.1.0
azure-cli-core==2.0.63
azure-cli-nspkg==3.0.3
azure-cli-telemetry==1.0.2
azure-common==1.1.20
azure-keyvault==1.1.0
azure-mgmt-resource==2.1.0
azure-mgmt-storage==3.3.0
azure-nspkg==3.0.2
azure-storage-blob==1.5.0
azure-storage-common==1.4.0
bcrypt==3.1.6
certifi==2019.3.9
cffi==1.12.3
chardet==3.0.4
Click==7.0
colorama==0.4.1
cryptography==2.6.1
ecdsa==0.13.2
Flask==1.0.2
Flask-JWT-Extended==3.18.1
Flask-RESTful==0.3.7
future==0.17.1
graphqlclient==0.2.4
gunicorn==19.9.0
humanfriendly==4.18
idna==2.8
isodate==0.6.0
itsdangerous==1.1.0
Jinja2==2.10.1
jmespath==0.9.4
knack==0.5.4
MarkupSafe==1.1.1
mock==3.0.4
more-itertools==7.0.0
msrest==0.6.6
msrestazure==0.6.0
oauthlib==3.0.1
paramiko==2.4.2
pkg-resources==0.0.0
pluggy==0.9.0
portalocker==1.2.1
psutil==5.6.2
py==1.8.0
pyasn1==0.4.5
pycparser==2.19
pycryptodome==3.8.1
Pygments==2.3.1
PyJWT==1.7.1
PyNaCl==1.3.0
pyOpenSSL==19.0.0
pyperclip==1.7.0
pytest==4.4.1
pytest-mock==1.10.4
python-dateutil==2.8.0
python-jose==3.0.1
pytz==2019.1
PyYAML==5.1
requests==2.21.0
requests-oauthlib==1.2.0
rsa==4.0
six==1.12.0
tabulate==0.8.3
urllib3==1.24.3
Werkzeug==0.15.2

What problem was encountered?

String time format in blob SAS generated by generate_blob_shared_access_signature causes Azure to reject the SAS and signature:

• If a datetime object is given as start and end dates which is not timezone aware.
• If a start and end time string is given where the format is not given exactly of the form YY-MM-DD:Thh:mm:ssZ ('%Y-%m-%dT%H:%M:%SZ').
• NOTE Start and end time strings are not checked at all, any random string is accepted.

As a consumer of generate_blob_shared_access_signature I should not need to be aware of the idiosyncrasies of the Azure Blob SAS stuff.

• String time formats should just work if they are in ISO8601 and an Exception thrown if the timeformat is invalid or cannot be parsed.
• datetime formats should just work however...

Have you found a mitigation/solution?

Reparse all start and end times into a string of this format: '%Y-%m-%dT%H:%M:%SZ' as:

start_time_str =  start_time.astimezone(timezone.utc).strftime('%Y-%m-%dT%H:%M:%SZ')

Note: for table service, please post the issue here instead: https://github.com/Azure/azure-cosmosdb-python.