Abhijoyshirovmukherjee commented on issue #69:
URL: https://github.com/apache/polaris/issues/69#issuecomment-2777860846
In our case, we are using SAS token while creation of the catalog and trying
to create a table inside azure blob storage container.
Even, after the get request for catalogs, we are receiving this:
{
"catalogs": [
{
"type": "INTERNAL",
"name": "polariscatalog",
"properties": {
"default-base-location":
"abfss://[email protected]/test_table/"
},
"createTimestamp": 1743493839656,
"lastUpdateTimestamp": 1743493839656,
"entityVersion": 1,
"storageConfigInfo": {
"tenantId": "****",
"multiTenantAppName": "****",
"consentUrl": "****",
"storageType": "AZURE",
"allowedLocations": [
"abfss://[email protected]/test_table/"
]
}
}
]
}
But receiving the following error while table creation via spark or flinksql
or post api call:
<Failed to get subscoped credentials: If you are using a
StorageSharedKeyCredential, and the server returned an error message that says
'Signature did not match', you can compare the string to sign with the one
generated by the SDK. To log the string to sign, pass in the context key value
pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate method
call.\nIf you are using a SAS token, and the server returned an error message
that says 'Signature did not match', you can compare the string to sign with
the one generated by the SDK. To log the string to sign, pass in the context
key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate
generateSas method call.\nPlease remember to disable
'Azure-Storage-Log-String-To-Sign' before going to production as this string
can potentially contain PII.\nIf you are using a StorageSharedKeyCredential,
and the server returned an error message that says 'Signature did not match',
you can compare the string to sign with t
he one generated by the SDK. To log the string to sign, pass in the context
key value pair 'Azure-Storage-Log-String-To-Sign': true to the appropriate
method call.\nIf you are using a SAS token, and the server returned an error
message that says 'Signature did not match', you can compare the string to sign
with the one generated by the SDK. To log the string to sign, pass in the
context key value pair 'Azure-Storage-Log-String-To-Sign': true to the
appropriate generateSas method call.\nPlease remember to disable
'Azure-Storage-Log-String-To-Sign' before going to production as this string
can potentially contain PII.\nStatus code 403, \"�<?xml version=\"1.0\"
encoding=\"utf-8\"?><Error><Code>AuthorizationPermissionMismatch</Code><Message>This
request is not authorized to perform this operation using this
permission.\nRequestId:3d7f5b96-701e-000c-1067-a4187c000000\nTime:2025-04-03T07:12:09.4029021Z</Message></Error>\">
@dennishuo
@cgpoh
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
