Remote for Azure Gen 1, using service principal

vijay · August 4, 2021, 7:08am

What is the problem you are having with rclone?

Rclone is great!

I have been trying to create a remote for azure gen 1 storage account using service principal option. Created the service principal file, put it in the path and Rclone is reading it but unfortunately receiving the following error:

2021/08/04 06:47:09 ERROR : : error listing: -> github.com/Azure/azure-storage-blob-go/azblob.newStorageError, github.com/Azure/azure-storage-blob-go@v0.13.0/azblob/zc_storage_error.go:42
===== RESPONSE ERROR (ServiceCode=) =====
Description=failed to unmarshal response body, Details: (none)
   GET https://storageaccountname.azuredatalakestore.net/webhdfs/v1/?comp=list&include=&maxresults=5000&timeout=31536001
   Authorization: REDACTED
   User-Agent: [rclone/v1.56.0]
   X-Ms-Client-Request-Id: [xxxxxxx]
   X-Ms-Version: [2019-12-12]
   --------------------------------------------------------------------------------
   RESPONSE Status: 401 Unauthorized
   Cache-Control: [private, no-cache, no-store, max-age=0]
   Content-Type: [application/json; charset=utf-8]
   Date: [Wed, 04 Aug 2021 06:47:08 GMT]
   Strict-Transport-Security: [max-age=15724800; includeSubDomains]
   Www-Authenticate: [Bearer authorization_uri="https://login.windows.net/xxxxxxxx", error="invalid_token", error_description="The access token audience is invalid.", resource="https://datalake.azure.net/"]
   X-Content-Type-Options: [nosniff]
   X-Ms-Request-Id: [xxxxxxxx] 


$ rclone config show azure
--------------------
[azure]
type = azureblob
account = xxxxxxx
service_principal_file = ./azure-principal.json
endpoint = azuredatalakestore.net/webhdfs/v1/
--------------------

What is your rclone version (output from `rclone version`)

rclone v1.56.0

Which OS you are using and how many bits (eg Windows 7, 64 bit)

linux , 64 bit

Which cloud storage system are you using? (eg Google Drive)

Azure Gen 1 Storage

The command you were trying to run (eg `rclone copy /tmp remote:tmp`)

rclone lsd azure:

The rclone config contents with secrets removed.

[azure]
type = azureblob
account = xxxxxxx
service_principal_file = ./azure-principal.json
endpoint = azuredatalakestore.net/webhdfs/v1/

A log from the command with the `-vv` flag

Paste  log here

Job_Maelane · September 27, 2021, 12:15pm

Hey vijay

Did you manage to resolve this issue? Im facing the exact same problem and would appreciate your experience in resolving it.

Thanks

vijay · September 27, 2021, 3:37pm

Hi Job_Maelane,

I tried editing the reclone codes but unfortunately came to a conclusion that it’s not supported for Azure blob gen 1.

Let me know if you got some plans.

Job_Maelane · September 28, 2021, 7:38am

Thank you Vijay.
I think I came to the same conclusion yesterday when i exhausted all avenues.
Appreciate your response.

vijay · September 28, 2021, 12:15pm

You are welcome !!

asdffdsa · September 28, 2021, 1:36pm

hello,

could this help?
https://stackoverflow.com/questions/40336275/azure-aad-the-audience-is-invalid

system · October 1, 2021, 1:37pm

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.