We want to use User Delegation Key to generate a SAS token for blobs. azure-storage-ruby implements get_user_delegation_key method that can construct it as I get.
Azure::Storage::Blob::BlobService.create(storage_account_name: "***", storage_access_key: "***")
user_delegation_key = service.get_user_delegation_key(Time.now, Time.now + 1000)
=> lib/azure/core/http/http_request.rb:154:in `call': AuthenticationFailed (403): Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature. (Azure::Core::Http::HTTPError)
RequestId:f3bb5b57-d01e-0036-234f-af6c1d000000
Time:2023-07-05T14:45:07.8883282Z
from azure-storage-common-2.0.4/lib/azure/core/http/signer_filter.rb:28:in `call'
from azure-storage-common-2.0.4/lib/azure/core/http/signer_filter.rb:28:in `call'
from azure-storage-common-2.0.4/lib/azure/core/http/http_request.rb:111:in `block in with_filter'
from azure-storage-common-2.0.4/lib/azure/core/service.rb:36:in `call'
from azure-storage-common-2.0.4/lib/azure/core/filtered_service.rb:34:in `call'
from azure-storage-common-2.0.4/lib/azure/core/signed_service.rb:41:in `call'
from azure-storage-common-2.0.4/lib/azure/storage/common/service/storage_service.rb:60:in `call'
from azure-storage-blob-2.0.3/lib/azure/storage/blob/blob_service.rb:179:in `call'
from azure-storage-blob-2.0.3/lib/azure/storage/blob/blob_service.rb:279:in `get_user_delegation_key'
from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:70:in `start'
from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:19:in `start'
from railties-7.0.4.3/lib/rails/commands/console/console_command.rb:102:in `perform'
from thor-1.2.1/lib/thor/command.rb:27:in `run'
from thor-1.2.1/lib/thor/invocation.rb:127:in `invoke_command'
from thor-1.2.1/lib/thor.rb:392:in `dispatch'
In addition, it looks like constructing of User Delegation Key requires Active Directory credentials instead of a Storage Account.
Hello there!
We want to use User Delegation Key to generate a SAS token for blobs.
azure-storage-ruby
implementsget_user_delegation_key
method that can construct it as I get.Commit that implements this method: https://github.com/Azure/azure-storage-ruby/commit/89885cbfe856e7fbcf9be94656294ae895fd2a25. Please, pay attention to the test https://github.com/Azure/azure-storage-ruby/commit/89885cbfe856e7fbcf9be94656294ae895fd2a25#diff-79d4797ad5b5b1b730fe2fadc3d436e206bd6fa135ab9bc2ff4cb4dca35b7fd3R82.
But the given method doesn't send the required Authorization header to the request explained in the docs: https://learn.microsoft.com/en-us/rest/api/storageservices/get-user-delegation-key
In addition, it looks like constructing of User Delegation Key requires Active Directory credentials instead of a Storage Account.