Created
October 7, 2021 23:34
-
-
Save ChrisRomp/844de85b40caca878a81e22ff93faefe to your computer and use it in GitHub Desktop.
Create Service SAS Token for Azure Storage REST API with Service Principal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Using Service Principal | |
tenantid=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx | |
clientid=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx | |
clientsecret=xxx....xxxx | |
# Reqeust Bearer Token | |
token=$(curl -s -X POST -H 'Content-Type: application/x-www-form-urlencoded' \ | |
-d "grant_type=client_credentials&resource=https%3A%2F%2Fmanagement.azure.com%2F&client_id=$clientid&client_secret=$clientsecret" \ | |
"https://login.microsoftonline.com/$tenantid/oauth2/token" | jq -r .access_token) | |
# Format SAS Token Request (container read/write) | |
subscription=xxxxxxxx-xxxx-xxxx-xxxxxxxxxxxx | |
rg=resourceGroupName | |
account=storageAccountName | |
container=containerName | |
end=`date -u -d "1 hour" '+%Y-%m-%dT%H:%M:%SZ'` # Expire token in 1h | |
data="{\"signedVersion\":\"2012-02-12\",\"canonicalizedResource\":\"/blob/$account/$container\",\"signedResource\":\"c\",\"signedPermission\":\"rwl\",\"signedProtocol\":\"https\",\"signedExpiry\":\"$end\"}" | |
# Request Service SAS Token | |
# https://docs.microsoft.com/en-us/rest/api/storagerp/storage-accounts/list-service-sas | |
# https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas | |
sastoken=$(curl -s -X POST --data $data "https://management.azure.com/subscriptions/$subscription/resourceGroups/$rg/providers/Microsoft.Storage/storageAccounts/$account/listServiceSas/?api-version=2017-06-01" -H "Authorization: Bearer $token" | jq -r .serviceSasToken) | |
echo "SAS Token: $sastoken" | |
# Download a blob | |
# Ref: Using SAS Tokens: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview | |
file=test2.txt | |
curl -X GET "https://$account.blob.core.windows.net/$container/$file?$sastoken" | |
# List blobs in container | |
# https://docs.microsoft.com/en-us/rest/api/storageservices/list-blobs | |
# Using libxml2-utils (optional) to format XML | |
curl -s -X GET "https://$account.blob.core.windows.net/$container?restype=container&comp=list&$sastoken" -H "x-ms-version: 2017-11-09" -H "x-ms-date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" | xmllint --format - | |
# Upload a blob | |
# https://docs.microsoft.com/en-us/rest/api/storageservices/put-blob | |
newfile=testupload.txt | |
echo "This is my new file. - $(date)" > $newfile | |
curl -X PUT -d @$newfile "https://$account.blob.core.windows.net/$container/$newfile?$sastoken" -H "x-ms-version: 2017-11-09" -H "x-ms-date: $(date -u +"%a, %d %b %Y %H:%M:%S GMT")" -H "Content-Type: text/plain" -H "x-ms-blob-type: BlockBlob" | |
# Download new blob to verify | |
curl -X GET "https://$account.blob.core.windows.net/$container/$newfile?$sastoken" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment