Azure SAS authorization fails with <AuthenticationErrorDetail>Signature fields not well formed.

[xbrianh]

Environment

Delta-rs version: 0.6.2
Binding: python

Using a sas token to access a deltalake on AzureStorage throws an authorization error. The sas token was verified out of band.

Interestingly, the thrown error provides a failed blob url. Comparing this with a working url, the sas fields in the failed url are url-quoted. For instance:

>>> from urllib.parse import quote_plus
>>> failed_url_sas_sig == quote_plus(working_url_sas_sig)
True

[wjones127]

Hey @xbrianh, thanks for reporting. I'm working on improving our testing for Azure in #912.

Could you share exactly how you are passing credentials to DeltaTable? Are you passing through storage_options? Or using environment variables? And which variables are you passing?

[xbrianh]

Hi @wjones127, thanks for looking into this so quickly!

Here's my access pattern:

storage_options = dict(account_name=storage_account, sas_token=sas)
t = deltalake.DeltaTable(azure_uri, storage_options=storage_options)

I also tried some aliases for "account_name" and "sas_token" found here

[roeap]

@xbrianh - could you confirm really quick. I think we are expecting the sas token in the form as it would be if generated in the Storage Explorer. I that how you are passing it in?

[xbrianh]

Same issue with sas token generated in Storage Explorer.

[wjones127]

I'm not able to reproduce with Azurite, so the SAS token signature might not be validated there in full. We should test against the real API.

[roeap]

I was able to reproduce the error against a real account. Will have to do some digging, as we tested this quite throughly when integrating it into object store.

[dominik7680]

I faced the same problem with SAS tokens generated by Azure Portal or Azure Storage explorer.
I'm using deltalake-0.6.4

Any updates on this?