0
from azure.storage.blob import BlobClient, BlobServiceClient
from azure.storage.blob import ResourceTypes, AccountSasPermissions
from azure.storage.blob import generate_account_sas    
from datetime import datetime, timedelta

#Credentials for Source Container Blob
dest_connection_string = '<connectionString>'
dest_account_key = "<storageKey>"
src_container_name = 'con1' # Name of container which has blob to be copied
src_blob_name = "demo1/folder1/file.txt" 
src_acct_name = "demo1"

#Credentials for Destination Container Blob
dest_container_name = 'demo/file.txt' # Name of container where blob will be copied
dest_connection_string = '<connectionString>'
dest_account_key = "<storageKey>"
dest_container = "con1"
dest_blob_name = "demo2/file.txt"
dest_account_name = "demo2"

# Create Src client
src_client = BlobServiceClient.from_connection_string(src_connection_string) 

# Create Dest client
dest_client = BlobServiceClient.from_connection_string(dest_connection_string) 


# Create sas token for Src blob
src_sas_token = generate_account_sas(
    account_name = src_client.account_name,
    account_key = src_account_key,
    resource_types = ResourceTypes(object=True, container=True),
    permission= AccountSasPermissions(read=True,list=True),
    start = datetime.now(),
    expiry = datetime.utcnow() + timedelta(hours=4) # Token valid for 4 hours
)

# Create sas token for Dest blob
dest_sas_token = generate_account_sas(
    account_name = dest_client.account_name,
    account_key = dest_account_key,
    resource_types = ResourceTypes(object=True, container=True),
    permission= AccountSasPermissions(read=True,list=True),
    start = datetime.now(),
    expiry = datetime.utcnow() + timedelta(hours=4) # Token valid for 4 hours
)

# Create blob client for source blob
src_source_blob = BlobClient(
    src_client.url,
    container_name = src_container_name, 
    blob_name = src_blob_name,
    credential = src_sas_token
)

# Create blob client for Dest blob
dest_source_blob = BlobClient(
    dest_client.url,
    container_name = dest_container_name, 
    blob_name = dest_blob_name,
    credential = dest_sas_token
)

# Start copy from Src to Destination.
try:
    copy = dest_source_blob.start_copy_from_url(src_source_blob.url)

    # Get the copy properties and print status
    props = dest_source_blob.get_blob_properties()
    print(props.copy.status)
    
except Exception as e:
    print("Failed to copy blob. Error:" + str(e))

I have tried the above solution, but getting the Unauthorized error. Could not understand the issue.

Failed to copy blob. Error:This request is not authorized to perform this operation using this permission.
RequestId:8a33f614-601e-011b-7df6-51dc91000000
Time:2023-03-08T19:43:17.3158296Z
ErrorCode:AuthorizationPermissionMismatch
Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This request is not authorized to perform this operation using this permission.
RequestId:8a33f614-601e-011b-7df6-51dc91000000
Time:2023-03-08T19:43:17.3158296Z</Message></Error>
avariant
  • 2,234
  • 5
  • 25
  • 33
SidharthPradhan
  • 3
  • 2
  • Not sure why you need SAS, since you have all the keys and there's no need, but... you forgot to add write privileges to your destination SAS; you only assigned `read` and `list`. – David Makogon Mar 09 '23 at 20:31
  • 1
    @DavidMakogon - SAS is needed for the source blob and not the destination blob considering source and destination accounts are separate and copy blob requires a publicly accessible URL for the source blob in this scenario. But you are right - destination SAS needs `write` permission. – Gaurav Mantri Mar 10 '23 at 03:41

1 Answers1

0

Thanks and I do agree with @David Makogon and @Gaurav Mantri, that you need write permission and you can change the following code as below:

Taken your code and updated it:

Updated Part of Code:

# Create sas token for Dest blob

    dest_sas_token = generate_account_sas(
        account_name = dest_client.account_name,
        account_key = dest_account_key,
        resource_types = ResourceTypes(object=True, container=True),
        permission= AccountSasPermissions(read=True,list=True,Write=True,create=True),
        start = datetime.now(),
        expiry = datetime.utcnow() + timedelta(hours=4) # Token valid for 4 hours
    )

Here you need AccountSasPermissions(read=True,list=True,Write=True,create=True) write and create permission.

Note: Here create permission used to create a file if there is no file

By changing this I could able to easily copy file.

RithwikBojja
  • 5,069
  • 2
  • 3
  • 7