we are using a service from AKS pods, one of the functionalities is to hit the azure translator service which is trying to access the file from the blob storage which Access level is set to private.
we have enabled all required private end points from Translator to blob, also added role assignments but still unable to access the file from blob. we are encountering below error:
{'id': 'xxxx-5d1b-4e20-8002-xxx', 'createdDateTimeUtc': '2024-10-10T09:02:52.0829033Z', 'lastActionDateTimeUtc': '2024-10-10T09:02:54.0855904Z', 'status': 'ValidationFailed', 'error': {'code': 'InvalidRequest', 'message': 'Cannot access target document location with the current permissions.', 'target': 'Operation', 'innerError': {'code': 'InvalidTargetDocumentAccessLevel', 'message': 'Cannot access target document location with the current permissions.'}}, 'summary': {'total': 0, 'failed': 0, 'success': 0, 'inProgress': 0 , 'notYetStarted': 0, 'cancelled': 0, 'totalCharacterCharged': 0}}
we are using translator path as below using sas urls for source and destination URLs. TRANSLATOR_PATH = "translator/text/batch/v1.0/batches" API_ENDPOINT = ENDPOINT + TRANSLATOR_PATH
Not able to understand what we are missing still to access the files for translation from AKS pod. file upload is successful but accessing the files are being causing access issues. Help me out to resolve this issue.
'InvalidTargetDocumentAccessLevel', 'message': 'Cannot access target document location with the current permissions.'
The above error occurs when you don't have proper permission to access the target container in the azure storage account.
You can use the below sample code which generate SAS token and translate specific file from one container(English) to another container(Spanish) using python code.
Code:
import os
from azure.storage.blob import BlobServiceClient,generate_container_sas, ContainerSasPermissions
from datetime import datetime, timedelta
import requests
import json
# Azure Blob Storage and Translator API credentials
STORAGE_ACCOUNT_NAME = "venkat326123"
STORAGE_ACCOUNT_KEY = "Txxxxx"
TRANSLATOR_ENDPOINT = "https://xxxx.cognitiveservices.azure.com/"
SUBSCRIPTION_KEY = "8xxxxxxx6"
# Containers and blob details
SOURCE_CONTAINER_NAME = "test"
TARGET_CONTAINER_NAME = "venkat"
SOURCE_BLOB_NAME = "testblob.txt"
TARGET_BLOB_NAME="sample.txt"
# Function to generate SAS token for a blob
def generate_container_sas_token(container_name,permissions,expiry_hours=1):
sas_token = generate_container_sas(
account_name=STORAGE_ACCOUNT_NAME,
container_name=container_name,
account_key=STORAGE_ACCOUNT_KEY,
permission=permissions, # Permissions for the container
expiry=datetime.utcnow() + timedelta(hours=expiry_hours)
)
return sas_token
def create_container_sas_urls():
blob_service_client = BlobServiceClient(account_url=f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net", credential=STORAGE_ACCOUNT_KEY)
source_sas_token = generate_container_sas_token(SOURCE_CONTAINER_NAME, ContainerSasPermissions(read=True,list=True))
source_blob_url = f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net/{SOURCE_CONTAINER_NAME}/{SOURCE_BLOB_NAME}?{source_sas_token}"
target_sas_token = generate_container_sas_token(TARGET_CONTAINER_NAME,ContainerSasPermissions(write=True,list=True))
target_blob_url = f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net/{TARGET_CONTAINER_NAME}/{TARGET_BLOB_NAME}?{target_sas_token}"
return source_blob_url, target_blob_url
def create_translation_batch(source_blob_url, target_blob_url):
translator_path = "translator/text/batch/v1.0/batches"
api_endpoint = TRANSLATOR_ENDPOINT + translator_path
headers = {
'Ocp-Apim-Subscription-Key': SUBSCRIPTION_KEY,
'Content-Type': 'application/json'
}
body = {
"inputs": [
{
"storageType": "File",
"source": {
"sourceUrl": source_blob_url,
},
"targets": [
{
"targetUrl": target_blob_url,
"language": "es"
}
]
}
]
}
# Print the request body for debugging
print(json.dumps(body, indent=4))
# Send the request
response = requests.post(api_endpoint, headers=headers, data=json.dumps(body))
# Print response details for debugging
print(f"Response Status Code: {response.status_code}")
# Main function to execute the steps
def main():
blob_service_client = BlobServiceClient(account_url=f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net", credential=STORAGE_ACCOUNT_KEY)
source_blob_url ,target_blob_ur = create_container_sas_urls()
print(f"Source Blob SAS URL: {source_blob_url}")
print(f"Target blob SAS URL: {target_blob_ur}")
create_translation_batch(source_blob_url, target_blob_ur)
if __name__ == "__main__":
main()
Output:
Source Blob SAS URL: https://venkat326123.blob.core.windows.net/test/testblob.txt?se=2024-10-14T12%3A51%3A41Z&sp=rl&sv=2023-11-03&sr=c&sig=xxxxx
Target blob SAS URL: https://venkat326123.blob.core.windows.net/venkat/sample.txt?se=2024-10-14T12%3A51%3A41Z&sp=wl&sv=2023-11-03&sr=c&sig=xxxxx
{
"inputs": [
{
"storageType": "File",
"source": {
"sourceUrl": "https://venkat326123.blob.core.windows.net/test/testblob.txt?se=2024-10-14T12%3A51%3A41Z&sp=rl&sv=2023-11-03&sr=c&sig=xxxxxxx
},
"targets": [
{
"targetUrl": "https://venkat326123.blob.core.windows.net/venkat/sample.txt?se=2024-10-14T12%3A51%3A41Z&sp=wl&sv=2023-11-03&sr=c&sig=xxxxxx",
"language": "es"
}
]
}
]
}
Response Status Code: 202
Reference: