none
ADLS Gen 2 - File system and permissions using powershell

    Question

  • Hi there,

    I already have HierarchicalNamespace enabled ADLS Gen 2 account

    I want to create powershell which will create file system on the above account and grant permissions.  


    when I try to create file system using : New-AzureStorageContainer, I get this error: Blob API is not yet supported for hierarchical namespace accounts

    If I need to use rest API please tell me how to authenticate and pass bearer token

    Let me know how can I create file system and grant permissions

    Thanks


    Saturday, April 6, 2019 10:40 PM

Answers

All replies

  • The below example in curl will help you with REST API calls .  

    Acquire an access token

    All requests to the server must include an OAuth 2 access token for authorization. By providing cURL the client ID (which is a Service Principal ID) and an account client secret, the server returns a Bearer token.

    Run the following command to generate an access token.

    ACCESS_TOKEN=$(curl -X POST -H "Content-Type: application/x-www-form-urlencoded" --data-urlencode "client_id=$CLIENT_ID1" --data-urlencode  "client_secret=$CLIENT_SECRET1" --data-urlencode  "scope=https://storage.azure.com/.default" --data-urlencode  "grant_type=client_credentials" "https://login.microsoftonline.com/$TENANT_NAME/oauth2/v2.0/token" | jq -r '.access_token')

    Create a file system

    With the token now available, you can send a request to create a file system.

    curl -i -X PUT -H "x-ms-version: 2018-11-09" -H "content-length: 0" -H "Authorization: Bearer $ACCESS_TOKEN" "https://$STORAGE_ACCOUNT_NAME.dfs.core.windows.net/mydata?resource=filesystem"

    Once complete, the server returns a 201 Created response.

    Set default permissions on the root directory

    Adjust the default permissions so that all users can traverse ‘x’ the directories in the filesystem. Note that this does not assign read or write access, but is necessary to be able to access files that are granted that permission.

    curl -i -X PATCH -H "x-ms-version: 2018-11-09" -H "content-length: 0" -H "x-ms-acl: user::rwx,group::r-x,other::--x,default:user::rwx,default:group::r-x,default:other::--x" -H "Authorization: Bearer $ACCESS_TOKEN" "https://$STORAGE_ACCOUNT_NAME.dfs.core.windows.net/mydata/?action=setAccessControl"

    Once complete, the server returns a 200 OK response.

    Create a directory

    To create a directory in the file system, use the following command:

    curl -i -X PUT -H "x-ms-version: 2018-11-09" -H "content-length: 0" -H "Authorization: Bearer $ACCESS_TOKEN" "https://$STORAGE_ACCOUNT_NAME.dfs.core.windows.net/mydata/data?resource=directory"

    Once complete, the server returns a 201 Created response.

    Create a file

    Next, issue some PUT commands to the server to create a few files. Make sure to create both files as each are used in subsequent examples.

    curl -i -X PUT -H "x-ms-version: 2018-11-09" -H "content-length: 0" -H "Authorization: Bearer $ACCESS_TOKEN" "https://$STORAGE_ACCOUNT_NAME.dfs.core.windows.net/mydata/data/file1?resource=file"

    curl -i -X PUT -H "x-ms-version: 2018-11-09" -H "content-length: 0" -H "Authorization: Bearer $ACCESS_TOKEN" "https://$STORAGE_ACCOUNT_NAME.dfs.core.windows.net/mydata/data/file2?resource=file"

    Once complete, the server returns a 201 Created response for each command.


    Thanks Himanshu

    Monday, April 8, 2019 6:09 AM
    Moderator
  • This answer did not help. I have three questions

    1. I am asking for power-Shell, why the above example is in curl and not power-shell?

    2. I have tried to convert the curl commands to power-shell and I was able to convert the the command which creates file system but when I try the same for permissions it fails. After acquiring tokens. here is my code and error. please tell me what am I missing

    ## Get the token

    $header = @{

                    "Content-Length"="0";

                    "x-ms-version"="2018-11-09";

                    "Authorization"="Bearer $token";

                    "x-ms-acl"="user::rwx,group::r-x,other::--x,default:user::rwx,default:group::r-x,default:other::--x"

    }

     

    $uri = "https://$AccountName.dfs.core.windows.net/" + $ContainerName + "?action=setAccessControl" 

    Write-Host $uri                

    Invoke-WebRequest -Uri $uri -Method "PATCH" -Headers $header

     

    Error: Invoke-WebRequest : {"error":{"code":"InvalidQueryParameterValue","message":"Value for one of the query parameters specified in the request URI is invalid.\nRequestId:4202eaac-801f-00e5-2a6e-ee533d000000\nTime:2019-04-09T00:50:45.1660732Z"}}

    3. Which user is getting permission in the above curl code? I want a specific user to get permissions on a file system. e.g. xyz@abc.com

    Thanks

    Tuesday, April 9, 2019 1:29 AM
  • Tuesday, April 9, 2019 9:15 AM
    Moderator
  • I bet you did not read and understand my question and hence the above link does not answer my questions either. Anyways I have found my answer, it had absolutely nothing to do with what you said

    Thanks

    Tuesday, April 9, 2019 10:02 PM
  • Hello,

    Thanks for the update, please do share the resolution, which might be beneficial to other community members reading this thread. 

    Wednesday, April 10, 2019 5:16 AM
    Moderator
  • I was missing / before ?action=setAccessControl

    Tuesday, April 23, 2019 8:04 PM
  • Hello,

    Thanks for sharing the solution, which might be beneficial to other community members reading this thread. 

    Wednesday, April 24, 2019 8:15 AM
    Moderator