Azure CLI (PS) | az storage blob generate-sas | Https connection failure - powershell

I am using the Azure CLI to create a blob level user delegated SAS, using steps from this article.
I have hidden the name of my storage account for the purpose of this post.
The PowerShell az storage blob generate-sas cmdlet is returning;
HTTPSConnectionPool(host='https', port=443): Max retries exceeded with
url:
//storeageAccountName.blob.core.windows.net?restype=service&comp=userdelegationkey
(Caused by
NewConnectionError(': Failed to establish a new connection: [Errno -2]
Name or service not known',))
and I noticed that the URL = //storeageAccountName.blob.core.windows.net, and not, https://storeageAccountName.blob.core.windows.net.
The PowerShell code:
$sasToken = az storage blob generate-sas `
--account-name $storageAccount `
--container-name $container `
--name $blob `
--permissions acdrw `
--expiry "2020-04-10T14:50Z" `
--auth-mode login `
--as-user `
--full-uri

The Azure CLI mode was set to classic and not set to ARM.
Ran azure config mode arm.
Executed az storage blob generate-sas again and SAS was returned.

Related

How to get the command line for AZCopy?

I want to send dump files to a storage container and for the copy to work we need to obtain a SAS key for the container we’re copying to.
When you use Azure Storage Explorer you can copy a file to a container and then copy the command it used to the clipboard which looks something like this:
$env:AZCOPY_CRED_TYPE = "Anonymous";
./azcopy.exe copy "C:\temp\test.txt" "https://dbbackups.blob.core.windows.net/memorydumps/test.txt?{SAS-TOKEN}" --overwrite=prompt --from-to=LocalBlob --blob-type Detect --follow-symlinks --put-md5 --follow-symlinks --recursive;
$env:AZCOPY_CRED_TYPE = "";
I copied this from AZ Storage Explorer when copying a file called test.txt from c:\temp to the memorydumps container in a Storage Account.
What I would need help with is creating a PowerShell script that generates the above command line so I can run it on azcopy-less nodes and have the dumps end up in the storage container. Any ideas?
You could use the Azure PowerShell equivalent to upload blobs to your container. The Set-AzStorageBlobContent uploads a local file to an Azure Storage blob.
Set-AzStorageBlobContent -File "C:\Temp\test.txt" `
-Container $containerName `
-Blob "Image001.jpg" `
-Context $ctx
Refer to this blog post for a detailed walkthough: File Transfers to Azure Blob Storage Using Azure PowerShell

Generate Azure Storage Account SAS Key using PowerShell

I am trying to generate an azure storage account shared access key so that i can use it with azcopy to retrieve files from all containers in my storage account.
I have generated a key successfully using the Azure Portal and proven this works with azcopy
But i am struggling to get an equivalent key to generate using PowerShell that works.
Powershell Query
az storage container generate-sas --account-name $SaName --account-key $accountKey --permissions 'rl' --start $start --expiry $expiry --name $SaName --https-only --output tsv
Azure Portal (GUI) Result
sv=2019-12-12
&ss=b
&srt=sco
&sp=rl
&se=2021-02-08T17:40:26Z
&st=2021-02-08T09:40:26Z
&spr=https
&sig=REDACTED
Powershell Result
st=2021-02-08T17%3A17%3A47Z
&se=2021-02-08T17%3A47%3A47Z
&sp=rl
&spr=https
&sv=2018-11-09
&sr=c
&sig=REDACTED
I guess the first problem is that i have not found a way of adding the missing and ss=b srt=sco (not sr) there doesn't seem to be those parameters available, perhaps if they were there the sig would have the correct hash.
I have tried this in Azure Cloudshell as well as on my own machine with az 1.12.1
The command az storage container generate-sas is not powershell command, it's azure cli command.
Because in Azure portal, you're generating an account level sas-token, but in azure cli, you're actually generating a container level sas-token by using az storage container generate-sas.
To generate an account level sas-token, you should use this azure cli command: az storage account generate-sas.
The sample like below:
az storage account generate-sas --account-key "xxxxx" --account-name your_storage_account_name --expiry 2020-02-10 --https-only --permissions rl --resource-types sco --services b
Here is the test result, the ss=b srt=sco are generated:
If you want to use powershell to generate an account level sas-token, please use this powershell command: New-AzStorageAccountSASToken. The sample is as below(you can add other parameters as per your need):
$account_name = "yy1"
$account_key = "xxxxxxx"
$context = New-AzStorageContext -StorageAccountName $account_name -StorageAccountKey $account_key
#you can also add other parameter as per your need, like StartTime, ExpiryTime etc.
New-AzStorageAccountSASToken -Service Blob -ResourceType Service,Container,Object -Permission rl -Context $context
Here is the test result:

Publish Test Results on Azure from Azure Storage account

I have a container that creates a report.xml file that I wish to use to create a test report in Azure.
I was thinking to do this during the pipeline, but I am missing how to get this file during the Azure pipeline.
What is the way to download a file in storage account and use it on a Test Result during the pipeline?
If I understood, you want to copy a file from blob storage in pipeline?
For that you can use Azure Cli task with this command:
az storage blob download
But can you esplain what you mean by this use it on a Test Result during the pipeline??
Try to use Azure Powershell to handle this get files from Azure Storage Blob:
$storage = Get-AzStorageAccount -ResourceGroupName xxx -Name yyy
$ctx = $storageAccount.Context
# download blob
Get-AzStorageblobcontent -Blob "report.xml" `
-Container $containerName `
-Destination " $(System.DefaultWorkingDirectory)" `
-Context $Context
According to this question:How to copy a file from Azure Storage fileshare to Release pipeline agent
Seems you were trying to download file from Azure File share (not blob), please simply refer my reply in that link.
After some digging this is the solution.
What I have done is mount a Storage volume during the container instances to my container that generates the report.
Afterwards in the pipeline I have copied the files that are stored in the storage account to the Pipeline agent.
$storageAcct = Get-AzStorageAccount -ResourceGroupName XXX -Name YYY
Get-AzStorageFileContent -Context $storageAcct.context -ShareName "Sharename" -Path "report.xml" -Destination $(System.DefaultWorkingDirectory)
Then its just matter of getting that files from the agent when using the test reporter during the release pipeline.

Export bacpac to a Azure storage account using powershell

I'm trying to create a powershell script to backup a SQL database on Azure to a storage account as below,
$exportRequest = New-AzureRmSqlDatabaseExport -ResourceGroupName
$ResourceGroupName -ServerName $ServerName `
-DatabaseName $DatabaseName -StorageKeytype $StorageKeytype -StorageKey
$StorageKey -StorageUri $BacpacUri `
-AdministratorLogin $creds.UserName -AdministratorLoginPassword $creds.Password
This is the document i'm following,
https://learn.microsoft.com/en-us/azure/sql-database/sql-database-export
I assume the following,
$ResourceGroupName - my azure resource group
$ServerName - db server name
$DatabaseName - database name
**$StorageKeytype - NOT SURE WHAT VALUE SHOULD BE PLACED HERE**
**$StorageKey - I'm hoping this is one of the access keys under the azure storage account**
$BacpacUri - Azure storage account bacpac URI path
Please advice what parameters need to passed here.
Please advice what parameters need to passed here.
StorageKey : Specifies the access key for the storage account.
StorageKeyType:
Specifies the type of access key for the storage account.
The acceptable values for this parameter are:
StorageAccessKey. This value uses a storage account key.
SharedAccessKey. This value uses a Shared Access Signature (SAS) key.
For more details, refer to this link.

Azure Powershell: Restore Services backup restore location

I can issue a request to start a recovery job using Restore-AzureRmRecoveryServicesBackupItem, which will restore the given recovery point (in this case, a VHD) to the storage account provided. Is there a way to derive the location that the blob is being written to from the AzureRM API or Powershell commandlets?
Getting the recovery job:
$recoveryJob = Restore-AzureRmRecoveryServicesBackupItem `
-RecoveryPoint $recoveryPoint `
-StorageAccountName $storageAccount.name `
-StorageAccountResourceGroupName $storageAccount.resourceGroupName
... but $recoveryJob does not have the storage destination. Get-AzureRmRecoveryServicesBackupJobDetails does not provide this information either, and I'm out of ideas.