I am working on a cleanup script that deletes an Azure image and its underlying storage blob. I can find the storage blob for my image with this command:
az image list --query "[?name=='$IMAGE_NAME'] | [].storageProfile.osDisk.blobUri"
(This is bash, so $IMAGE_NAME gets replaced with the actual image name). The output of the above command is a JSON list of URIs, each looking something like this:
https://storage_account.blob.core.windows.net/container_name/blob_name.vhd
Looking at the documentation for az storage blob delete, I can tell that this blob can be deleted with a command like this:
az storage blob delete --account-name storage_account --container container_name --name blob_name.vhd
So, obviously I can parse the URI and then generate this command. However, this seems odd: what's the point of giving blobs a URI if you can't use them?
So my question is:
Is there a direct az cli command to delete a blob by using its URI?
Better yet, is there a way to delete the blob associated with a given Azure image?
There is no built-in CLI command to delete with blob url directly. There is a workaround to use az rest to call the Delete Blob REST API.
access_token = $(az account get-access-token --resource https://storage.azure.com/ --query accessToken -o tsv)
now = $(env LANG=en_US TZ=GMT date '+%a, %d %b %Y %T %Z')
headers = "Authorization=Bearer "+$access_token+" x-ms-date="+$now+" x-ms-version=2020-08-04"
az rest --method delete --uri $blob_url --headers $headers
Related
I generated SAS token in Azure Portal and trying to use it to upload files to blob storage:
az storage blob upload-batch --source ./test --destination '$web' --account-name 'myaccountname' --sas-token '"sp=racwl&st=2022-02-22T17:04:19Z&se=2022-12-23T01:04:19Z&spr=https&sv=2020-08-04&sr=c&sig=mXXXXXXXXXXXXXXXXXXXXXXXXXXONfAA%3D"'
But above command gives me following error in PowerShell:
<AuthenticationErrorDetail>Signature fields not well formed.</AuthenticationErrorDetail>
I am literally copying the SAS Token from Azure Portal so how on earth can it be malformed?
We have ran the same az storage blob upload-batch cmdlet in our local environment( which is running with powershell v5.1) & we are able to upload the files from local machine to the storage account as shown in below.
Here is the cmdlet we have used :
az storage blob upload-batch --account-name <strgAccountName> -s <sourcefilepath> -d 'https://xxxxxx.blob.core.windows.net/cont1' --sas-token '<generatedSAStoken from portal>'
Here is the sample Output for reference:
Note:
To the above cmdlet, We have tried passing the SAS token with appending(single quote+ question mark) '?' & without passing in single quote's to the --sas-token flag in both the cases we are able to upload the files from local machine to Azure storage container.
I don't know what was wrong, but suddenly it started to work with '"sastoken"' format. Thanks for your responses.
In order to programmatically automate enablement of the static website on blob service. What should be the property field allowed? I am unable to find something similar to this Microsoft.Storage/storageAccounts/blobService/staticWebsite.
Can anyone help me with this?
Indeed, you can do so with some Azure CLI commands.
# To query the current status of the property
az storage blob service-properties show --account-name <your-storage-account> --query 'staticWebsite.enabled'
To set toggle the staticWebsite.enabled property, you can use the az storage blob service-properties update command as follows:
az storage blob service-properties update --account-name <your-storage-account> --static-website
The Azure PowerShell equivalents for the above would be the Enable-AzStorageStaticWebsite and Disable-AzStorageStaticWebsite cmdlets.
I want to list (programmatically) the url of my blob storage. The url I am looking for is https://my_storageaccount_name.blob.core.windows.net/my_container_name/my_file_name
I tried az storage account list and az storage blob show but neither of them display the url.
There is a az storage blob url but that creates a url. I am interested in listing the url.
Does anyone know how to obtain this ?
If the url for the blobs is always
https://my_storageaccount_name.blob.core.windows.net/my_container_name/my_file_name
without any custom domains configured, just list all containers with blobs, take the container name and blob name, and put it in the URL.
Ref: https://my_storageaccount_name.blob.core.windows.net/my_container_name/my_file_name
You can get Storage account URL Using
az storage account show --name $storage_account_name --resource-group $ResourceGroup --query "primaryEndpoints.blob")
or all the properties without using query from which you can pick whichever property you want
az storage account show --name $storage_account_name --resource-group $ResourceGroup
I'm trying to create a file share in Azure CLI command:
az storage share create --account-name storeactjan --name filesharejan --account-key key1
but having below error:
The server failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
ErrorCode: AuthenticationFailed AuthenticationFailedServer
failed to authenticate the request. Make sure the value of
Authorization header is formed correctly including the signature.
RequestId:42b399c2-701a-006f-4630-1d9aad000000
Time:2020-04-28T07:39:27.0899771ZThe
MAC signature found in the HTTP request
'QVn0bi79ZIhaO+LS3w/VzaiI5cAMfJiVRav6RbgfbtA=' is not the same as any
computed signature. Server used following string to sign: 'PUT'
You haven't the right format for the account-key argument.
Here is what you have to do according to the microsoft documentation ( https://learn.microsoft.com/en-us/azure/storage/files/storage-how-to-create-file-share?tabs=azure-cli ). For your information, I use CLI in PowerShell.
1) Retrieve the key with the right format
$key1 = az storage account keys list --account-name storeactjan --query "[0].value" | tr -d '"'
2) Create your file share
az storage share create --account-name storeactjan --name filesharejan --account-key $key1
Hope it will help you.
I will say, you can create arm template for the same and can call it.
PFB the link -
https://github.com/Azure/azure-quickstart-templates/tree/master/101-storage-file-share
I am able to generate SAS token for the storage account from the Azure portal but the problem which I am facing is explained below-
Storage account consists of two Containers. One container file has to be given access for the users whom I will provide the SAS token and one container should be completely private means user cannot see this container.
Problem is if I am generating SAS token and login into Azure explorer using that SAS token,I am seeing both the containers but my requirement is to see only 1 container. Is there any way to give permission for only one container by generating SAS token using Azure portal without creating any custom application for generating these tokens.
Easiest way to do that would be to use powershell:
Set-AzureRmStorageAccount -Name 'name'
$sasToken = New-AzureStorageContainerSASToken -Permission r -ExpiryTime (Get-Date).AddHours(2.0) -Name 'container name'
you could issue this command with -debug switch, capture the rest call and use that call to mimic it, using arm client, or custom app or whatever.
The Azure CLI alternative:
az storage container generate-sas --account-name ACCOUNT_NAME --account-key ACCOUNT_KEY --https-only --expiry 'YYYY-MM-DD' --name CONTAINER_NAME --permissions r
Valid permissions: (a)dd (c)reate (d)elete (l)ist (r)ead (w)rite
For more information, check out: az storage container generate-sas -h