search

Azure / logicapps

Azure Logic Apps labs, samples, and tools
MIT License
348 stars 291 forks source link

Unable to upload to Blob Container using SAS token #1043

Open JWScheijgrond opened 2 months ago

JWScheijgrond commented 2 months ago

Describe the Bug

I have a storage account with a blob container. I have generated a SAS token for this container with all privileges. I have created a logic app with a statefull workflow and I want to upload a blob to that container. I use the in app connector and copy the SAS token URL in the connection string adding the BlobEndpoint= to the beginning.

When I try to upload a new blob I get the error message: 

{
  "code": "ServiceProviderActionFailed",
  "message": "The service provider action failed with error code 'BadRequest' and error message 'The requested URI does not represent any resource on the server.\nRequestId:7190f61a-701e-003d-8035-9229ca000000\nTime:2024-04-19T08:43:18.5379321Z\r\nStatus: 400 (The requested URI does not represent any resource on the server.)\r\nErrorCode: InvalidUri\r\n\r\nContent:\r\n<?xml version=\"1.0\" encoding=\"utf-8\"?>\n<Error><Code>InvalidUri</Code><Message>The requested URI does not represent any resource on the server.\nRequestId:7190f61a-701e-003d-8035-9229ca000000\nTime:2024-04-19T08:43:18.5379321Z</Message></Error>\r\n\r\nHeaders:\r\nServer: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0\r\nx-ms-request-id: 7190f61a-701e-003d-8035-9229ca000000\r\nDate: Fri, 19 Apr 2024 08:43:17 GMT\r\nContent-Length: 244\r\nContent-Type: application/xml\r\n'."
}

The connections.json

{
    "managedApiConnections": {},
    "serviceProviderConnections": {
        "AzureBlob": {
            "displayName": "TestJW",
            "parameterSetName": "connectionString",
            "parameterValues": {
                "connectionString": "@appsetting('AzureBlob_connectionString')"
            },
            "serviceProvider": {
                "id": "/serviceProviders/AzureBlob"
            }
        }
    }
}

The AzureBlob_connectionstring: BlobEndpoint=https://{accountname}.blob.core.windows.net/{containername}?sp=racwdli&st=2024-04-19T07:26:34Z&se=2024-05-19T15:26:34Z&spr=https&sv=2022-11-02&sr=c&sig={signature}

The items between brackets {} are ommited here but are present in the settings. This url matches what is generated for the container image

If I use the SAS token generated on account level then it does work.

Plan Type

Consumption

Steps to Reproduce the Bug or Issue

Create a workflow to upload a blob Add the connection to the blobstorage using the SAS token from the container Run the workflow

Workflow JSON

{
    "definition": {
        "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#",
        "actions": {
            "Upload_blob_to_storage_container": {
                "inputs": {
                    "parameters": {
                        "blobName": "@{workflow().run.name}.xml",
                        "containerName": "/testjw/",
                        "content": "<bla></bla>"
                    },
                    "serviceProviderConfiguration": {
                        "connectionName": "AzureBlob",
                        "operationId": "uploadBlob",
                        "serviceProviderId": "/serviceProviders/AzureBlob"
                    }
                },
                "runAfter": {},
                "type": "ServiceProvider"
            }
        },
        "contentVersion": "1.0.0.0",
        "outputs": {},
        "triggers": {
            "When_a_HTTP_request_is_received": {
                "kind": "Http",
                "type": "Request"
            }
        }
    },
    "kind": "Stateful"
}

Screenshots or Videos

No response

Additional context

No response

AB#27737383

Ibrahim-Ali81 commented 1 month ago

Hello please note this reported issue should not be a bug, as you can see in the screenshot below the authentication type is storage account connection string and it expects connection string for your storage account but not the shared access signature for the container.

image

image

still if you want to use the shared access signature URL for the container, you can use http action in your workflow as shown below to create blob file with name mytest.txt and content Hello All:

image

another option also is to use for authentication is managed identity authentication in the storage account connection
Thanks

github-actions[bot] commented 1 week ago

This issue is stale because it has been open for 45 days with no activity.