Skip to content

AZCOPY_AUTO_LOGIN_TYPE="MSI" fails due to host port number interfering with trusted domain suffix detection #2792

New issue
New issue
Open
#3068
Open
AZCOPY_AUTO_LOGIN_TYPE="MSI" fails due to host port number interfering with trusted domain suffix detection#2792
#3068
Assignees
dphulkar-msftcopilot-swe-agent
Labels
bug
@ohads-MSFT

Description

@ohads-MSFT
ohads-MSFT
opened on Aug 26, 2024

Which version of the AzCopy was used?

10.26.0

Which platform are you using? (ex: Windows, Mac, Linux)

Linux

What command did you run?

# In an ACI container with an associated USer-Assigned identity
`$env:AZCOPY_AUTO_LOGIN_TYPE = "MSI"`
azcopy copy "https://[account].blob.core.windows.net/[container]/[path/to/blob]?[SAS]" "https://[account].blob.core.windows.net/[container]/[path/to/blob]"

What problem was encountered?

failed to perform copy command due to error: the URL requires authentication. If this URL is in fact an Azure service, you can enable Azure authentication to XXX.blob.core.windows.net:443. To enable, view the documentation for the parameter --trusted-microsoft-suffixes, by running 'AzCopy copy --help'. BUT if this URL is not an Azure service, do NOT enable Azure authentication to it. Instead, see if the URL host supports authentication by way of a token that can be included in the URL's query string

It looks like the port number (which I didn't add/specify) is tripping up the suffix matching code:

azure-storage-azcopy/cmd/credentialUtil.go

Line 218 in 6413253

isResourceInSuffixList := func(suffixes []string) (string, bool) {

How can we reproduce the problem in the simplest way?

Run the command as above

Have you found a mitigation/solution?

Add --trusted-microsoft-suffixes "*.${StorageDnsSuffix}:443"

Output

INFO: Scanning...
INFO: Login with identity succeeded.
INFO: Authenticating to destination using Unknown, Please authenticate using Microsoft Entra ID ( https://aka.ms/AzCopy/AuthZ) , use AzCopy login, or append a SAS token to your Azure URL.

Log file

2024/08/26 18:47:46 AzcopyVersion 10.26.0
2024/08/26 18:47:46 OS-Environment linux
2024/08/26 18:47:46 OS-Architecture amd64
2024/08/26 18:47:46 Log times are in UTC. Local time is 26 Aug 2024 18:47:46
2024/08/26 18:47:46 Closing Log
2024/08/26 18:47:44 AzcopyVersion 10.26.0
2024/08/26 18:47:44 OS-Environment linux
2024/08/26 18:47:44 OS-Architecture amd64
2024/08/26 18:47:44 Log times are in UTC. Local time is 26 Aug 2024 18:47:44
2024/08/26 18:47:46 ISO 8601 START TIME: to copy files that changed before or after this job started, use the parameter --include-before=2024-08-26T18:47:39Z or --include-after=2024-08-26T18:47:39Z
2024/08/26 18:47:46 Authenticating to destination using Unknown, Please authenticate using Microsoft Entra ID ( https://aka.ms/AzCopy/AuthZ) , use AzCopy login, or append a SAS token to your Azure URL.

Metadata

Metadata

Assignees

Labels

bug

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions