0

I want to get a list of empty containers in a storage account using Java.

Here is my initial approach to check if container does not have any blobs:

var defaultCredential = new DefaultAzureCredentialBuilder().build();

var containerClient = new BlobContainerClientBuilder()
              .endpoint("https://storageaccount.blob.core.windows.net/testcontainer/")
              .credential(defaultCredential)
              .buildClient();

var isEmpty = containerClient.listBlobs().stream().findAny().isEmpty();

Unfortunately, this simple approach does not work and throws "Signature did not match" exception

com.azure.storage.blob.models.BlobStorageException: If you are using a StorageSharedKeyCredential, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method call. If you are using a SAS token, and the server returned an error message that says 'Signature did not match', you can compare the string to sign with the one generated by the SDK. To log the string to sign, pass in the context key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate generateSas method call. Please remember to disable 'Azure-Storage-Log-String-To-Sign' before going to production as this string can potentially contain PII. Status code 403, "AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.

Credentials are fine, and even more

var exists = containerClient.exists();

works and returns true.

What is wrong with the .listBlobs().stream().findAny().isEmpty() call?

JoeBloggs
  • 89
  • 7

1 Answers1

0

403, "AuthorizationPermissionMismatchThis request is not authorized to perform this operation using this permission.

The above error it says that you don't have proper permission to list the containers in your storage account.

for authentication purpose you need to assign roles in your storage account.

  • Storage Blob Data Contributor
  • Storage Blob Data Reader

enter image description here

The code is correct and make sure you have proper permission to access the container in the storage account.

var defaultCredential = new DefaultAzureCredentialBuilder().build();

var containerClient = new BlobContainerClientBuilder()
              .endpoint("https://storageaccount.blob.core.windows.net/testcontainer/")
              .credential(defaultCredential)
              .buildClient();

var isEmpty = containerClient.listBlobs().stream().findAny().isEmpty();

Also check the firewall settings whether, In networking

  • If you are access in public enable the select all network
  • If you enabled selected networks add the virtual networks. and add your add your client iP address and also enable "Allow trusted Microsoft services to access this storage account" allows you to access storage account.

enter image description here

Also check the Blob Url is in correct state or make sure with credentials.

Reference: Azcopy error "This request is not authorized to perform this operation."

Venkatesan
  • 3,748
  • 1
  • 3
  • 15