Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

StartCopyFromURL fails with CannotVerifyCopySource error when source and target blob are from two different storage account sitting in different region #308

Open
bhavin07 opened this issue Sep 28, 2021 · 4 comments
Open

StartCopyFromURL fails with CannotVerifyCopySource error when source and target blob are from two different storage account sitting in different region #308

bhavin07 opened this issue Sep 28, 2021 · 4 comments

Comments

@bhavin07
Copy link

Which version of the SDK was used?

v0.13.0

Which platform are you using? (ex: Windows, Linux, Debian)

Linux

What problem was encountered?

I am trying to copy all blobs and versions from one container to another container.
Source container (and storage account) is in AU region
Target container (and storage account) is in EU region
StartCopyFromURL fails with ServiceCode=CannotVerifyCopySource even though Source blob URL has SAS token and target blob URL is also authorized with account key

How can we reproduce the problem in the simplest way?

In resource group ABC, Create a storage account in AU region, Add a container, Add some files
In resource group DEF, Create a storage account in EU region, Add a container.
Call StartCopyFromURL specify SAS in source blob url and target authorised with account key.

Have you found a mitigation/solution?

No
@cbellee
Copy link

cbellee commented Oct 9, 2021

I’ve tested this scenario using a source storage account in AU East and destination in AU Southeast and it seems to work OK. Please take a look at my test repo and confirm it’s what you’re trying to achieve.

@bhavin07
Copy link
Author

The difference between your code and my code is that. I generate SAS token based on the Stored access policy set on the container.

	blobSASSignaure := azblob.BlobSASSignatureValues{
		Version: "",
		Identifier:    "mypolicy",
		ContainerName: "mycontainer",
		BlobName:      "",
	}

I generate container SAS and append it to the source blob's url. In my code, I am referring the Blob url with its version id in it. So, my source blob url looks something like this https://mystorageaccount.blob.core.windows.net/mycontainer/myblob?versionid=2021-07-05T04:27:35.0215248Z&si=mypolicy&sig=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx%3D&sr=c&sv=2019-12-12

"mypolicy" has these permissions racwdxltm

@bhavin07
Copy link
Author

I apologize, re-reading my previous reply, It feels incomplete.

I am sure that if you follow the steps where you set stored access policy on container, generate container SAS based on stored access policy and append it to the source blob's url (including its version id) and supply that source url to StartCopyFromUrl, you should be able to reproduce the issue (Given two storage accounts are in different region and different resource group)

Let me know, what you find

@bhavin07
Copy link
Author

bhavin07 commented Nov 7, 2021

@cbellee I was wondering, if you have anything to add to the comment above?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@cbellee @bhavin07