Skip to content

Instantly share code, notes, and snippets.

@ChrisRomp
Created October 7, 2021 23:34
Show Gist options
  • Save ChrisRomp/844de85b40caca878a81e22ff93faefe to your computer and use it in GitHub Desktop.
Save ChrisRomp/844de85b40caca878a81e22ff93faefe to your computer and use it in GitHub Desktop.
Create Service SAS Token for Azure Storage REST API with Service Principal
# Using Service Principal
tenantid=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
clientid=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
clientsecret=xxx....xxxx
# Reqeust Bearer Token
token=$(curl -s -X POST -H 'Content-Type: application/x-www-form-urlencoded' \
-d "grant_type=client_credentials&resource=https%3A%2F%2Fmanagement.azure.com%2F&client_id=$clientid&client_secret=$clientsecret" \
"https://login.microsoftonline.com/$tenantid/oauth2/token" | jq -r .access_token)
# Format SAS Token Request (container read/write)
subscription=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx
rg=resourceGroupName
account=storageAccountName
container=containerName
end=`date -u -d "1 hour" '+%Y-%m-%dT%H:%M:%SZ'` # Expire token in 1h
data="{\"signedVersion\":\"2012-02-12\",\"canonicalizedResource\":\"/blob/$account/$container\",\"signedResource\":\"c\",\"signedPermission\":\"rwl\",\"signedProtocol\":\"https\",\"signedExpiry\":\"$end\"}"
# Request Service SAS Token
# https://docs.microsoft.com/en-us/rest/api/storagerp/storage-accounts/list-service-sas
# https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas
sastoken=$(curl -s -X POST --data $data "https://management.azure.com/subscriptions/$subscription/resourceGroups/$rg/providers/Microsoft.Storage/storageAccounts/$account/listServiceSas/?api-version=2017-06-01" -H "Authorization: Bearer $token" | jq -r .serviceSasToken)
echo "SAS Token: $sastoken"
# Download a blob
# Ref: Using SAS Tokens: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview
file=test2.txt
curl -X GET "https://$account.blob.core.windows.net/$container/$file?$sastoken"
# List blobs in container
# https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs
# Using libxml2-utils (optional) to format XML
curl -s -X GET "https://$account.blob.core.windows.net/$container?restype=container&comp=list&$sastoken" -H "x-ms-version: 2017-11-09" -H "x-ms-date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" | xmllint --format -
# Upload a blob
# https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob
newfile=testupload.txt
echo "This is my new file. - $(date)" > $newfile
curl -X PUT -d @$newfile "https://$account.blob.core.windows.net/$container/$newfile?$sastoken" -H "x-ms-version: 2017-11-09" -H "x-ms-date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" -H "Content-Type: text/plain" -H "x-ms-blob-type: BlockBlob"
# Download new blob to verify
curl -X GET "https://$account.blob.core.windows.net/$container/$newfile?$sastoken"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment