0

I am using python sdk to copy blobs from one container to another, Here is the code,

from azure.storage.blob import BlobServiceClient

src_blob = '{0}/{1}'.format(src_url,blob_name)
destination_client = BlobServiceClient.from_connection_string(connectionstring)
copied_blob = destination_client.get_blob_client(dst_container,b_name)
copied_blob.start_copy_from_url(src_blob)

It throws the below error,

 Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>CannotVerifyCopySource</Code><Message>Public access is not permitted on this storage account.

I already gone through this post here and in my case the public access is disabled enter image description here.

I do not have sufficient privilege to enable public access on the storage and test? Is there a work around solution to accomplish copy without changing that setting?

Azcopy 409 Public access is not permitted on this storage account

Do I need to change the way I connect to the account?

Deepak Kothari
  • 1,601
  • 24
  • 31
  • Are you copying in same storage account or across storage accounts? – Gaurav Mantri Sep 14 '22 at 01:02
  • @GauravMantri Its across storage accounts – Deepak Kothari Sep 14 '22 at 02:06
  • 1
    You need to use SAS URL for source blob. – Gaurav Mantri Sep 14 '22 at 02:14
  • @GauravMantri Can you help with the syntax? Apparently this is the source blob in my case https://host.blob.core.windows.net/standardfeed/feeds/standard_feed/2022/09/13/19/20220913224652/11820.pb.gz. – Deepak Kothari Sep 14 '22 at 03:11
  • Do you have access to source storage account? In that case you will need to generate SAS token for the source blob. – Gaurav Mantri Sep 14 '22 at 03:13
  • @GauravMantri Yes I generated it both Blob SAS token and Blob SAS URL, but where to use it? – Deepak Kothari Sep 14 '22 at 03:23
  • 1
    Please change the following `src_blob = '{0}/{1}'.format(src_url,blob_name)` to something like `src_blob = '{0}/{1}?{2}'.format(src_url,blob_name,src_blob_sas_token)` where `src_blob_sas_token` is the SAS token for source blob with at least `read` permission. This assumes that your SAS token does not start with `?`. If it does, then remove `?` character. – Gaurav Mantri Sep 14 '22 at 03:33
  • Awesome! Posted my comments as an answer. – Gaurav Mantri Sep 14 '22 at 04:06
  • @GauravMantri Can you help on this one https://stackoverflow.com/questions/73721820/how-to-generate-azure-storage-container-sas-url-using-python – Deepak Kothari Sep 14 '22 at 18:49

2 Answers2

2

When copying a blob across storage accounts, the source blob must be publicly accessible so that Azure Storage Service can access the source blob. You were getting the error because you were using just the blob's URL. If the blob is in a private blob container, Azure Storage Service won't be able to access the blob using just its URL.

To fix this issue, you would need to generate a SAS token on the source blob with at least Read permission and use that SAS URL as copy source.

So your code would be something like:

src_blob_sas_token = generate_sas_token_somehow()
src_blob = '{0}/{1}?{2}'.format(src_url,blob_name, src_blob_sas_token)
Gaurav Mantri
  • 128,066
  • 12
  • 206
  • 241
0

check the privilege of your SAS token.

In your example, it doesn't look like you are passing the SAS token

SoySolisCarlos
  • 736
  • 1
  • 6
  • 13
  • I do have check all privileges and generated a SAS token url. When I pass SAS Token url instead of connection string, I get this error ValueError("Connection string missing required connection details.") – Deepak Kothari Sep 13 '22 at 23:11
  • Well, iam using below connection string which has SAS token in it https://i.stack.imgur.com/XpTla.png – Deepak Kothari Sep 13 '22 at 23:39