Skip to content

Instantly share code, notes, and snippets.

@rhysjtevans

rhysjtevans/PutAzureBlob.sh

Last active September 3, 2020 15:31
Show Gist options
  • Save rhysjtevans/753d057869190605b14189ad55d90d7b to your computer and use it in GitHub Desktop.
Save rhysjtevans/753d057869190605b14189ad55d90d7b to your computer and use it in GitHub Desktop.
Download ZIP
Azure Based Gists
Raw
getAccessToken.sh
#!/bin/bash
# You need openssl, xxd, curl and jq installed and accessible via PATH.
# Docker cli example:
# > docker run -it --rm -v `PWD`/certificate.crt:/certificate.crt -v `PWD`/certificate.key:/certificate.key alpine
# Once you're in alpine run:
# > apk add --no-cache openssl xxd curl jq bash && /bin/bash
# or for a CentOS based image swap out alpine for centos:7 then run:
# > yum -y install https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
# > yum update && yum install -y vim-common openssl curl jq bash
TENANT_ID=b5eafc5c-40e1-45a9-90e7-c2479c30301a
CLIENT_ID=5bea7d89-7d21-420d-9871-e8e132c9f8a5
KEYPATH="certificate.key"
CERTPATH="certificate.crt"
# Don't edit anything below this line
PEM=$( cat -v $KEYPATH )
X5T=$(openssl x509 -in $CERTPATH -fingerprint -noout | sed 's/SHA1 Fingerprint=//g' | sed 's/://g' | xxd -r -ps | base64)
echo "X5T:" $X5T
NOW=$( date +%s )
# Let's start crafting the JWT payload
IAT="${NOW}"
EXP=$((${NOW} + 315360000))
HEADER_RAW='{"alg":"RS256","typ":"JWT","x5t":"'"${X5T}"'"}'
HEADER=$( echo -n "${HEADER_RAW}" | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
PAYLOAD_RAW='{"aud": "https://login.microsoftonline.com/'${TENANT_ID}'/oauth2/token","iat":'"${IAT}"',"nbf":'"${IAT}"',"exp":'"${EXP}"',"sub":"'${CLIENT_ID}'","iss":"'${CLIENT_ID}'"}'
PAYLOAD=$( echo -n "${PAYLOAD_RAW}" | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
HEADER_PAYLOAD="${HEADER}"."${PAYLOAD}"
# Let's sign the payload and header.
SIGNATURE=$( openssl dgst -sha256 -sign <(echo -n "${PEM}") <(echo -n "${HEADER_PAYLOAD}") | openssl base64 | tr -d '=' | tr '/+' '_-' | tr -d '\n' )
# Create the final JWT token
JWT="${HEADER_PAYLOAD}"."${SIGNATURE}"
#${JWT} now has our token
PAYLOAD="grant_type=client_credentials&client_id=${CLIENT_ID}&client_assertion_type=urn:ietf:params:oauth:client-assertion-type:jwt-bearer&client_assertion=${JWT}&resource=https://storage.azure.com/"
RESPONSE=$(curl -X POST --data $PAYLOAD https://login.microsoftonline.com/$TENANT_ID/oauth2/token)
ACCESS_TOKEN=$(echo $RESPONSE | jq -r .access_token)
echo $ACCESS_TOKEN
Raw
PutAzureBlob.sh
# This is built on the getAccessToken.sh script.
# More info can be found https://docs.microsoft.com/en-us/rest/api/storageservices/blob-service-rest-api
FILEUPLOAD="my_file.txt"
MD5=$(md5sum ${FILEUPLOAD} | awk '{print $1}' | tr -d "\n" | xxd -r -ps | base64 )
curl -X PUT --upload-file $FILEUPLOAD \
-H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "x-ms-blob-type: BlockBlob" \
-H "x-ms-version: 2017-11-09" \
-H "Content-MD5: ${MD5}" \ # Microsoft will use this to validate the file integrity when it finishes transferring the contents.
https://weljra.blobs.flexciton.com/seagate-3a222658c7fa/$FILEUPLOAD
# OR GET a file from Azure Blob Service
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "x-ms-version: 2017-11-09" \
-o $FILEUPLOAD.azure \ #This is the filename that the content will be written to.
-s \
https://weljra.blobs.flexciton.com/seagate-3a222658c7fa/$FILEUPLOAD
# Get the content md5 hash from azure blob properties
curl -H "Authorization: Bearer ${ACCESS_TOKEN}" \
-H "x-ms-version: 2017-11-09" \
-X HEAD -I -s \
https://weljra.blobs.flexciton.com/seagate-3a222658c7fa/$FILEUPLOAD | grep md5 \
| awk '{print $2}'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment