azureazure-blob-storageazure-ai-translator

Facing issue while accessing file from private blob storage using AKS pods


we are using a service from AKS pods, one of the functionalities is to hit the azure translator service which is trying to access the file from the blob storage which Access level is set to private.

we have enabled all required private end points from Translator to blob, also added role assignments but still unable to access the file from blob. we are encountering below error:

{'id': 'xxxx-5d1b-4e20-8002-xxx', 'createdDateTimeUtc': '2024-10-10T09:02:52.0829033Z', 'lastActionDateTimeUtc': '2024-10-10T09:02:54.0855904Z', 'status': 'ValidationFailed', 'error': {'code': 'InvalidRequest', 'message': 'Cannot access target document location with the current permissions.', 'target': 'Operation', 'innerError': {'code': 'InvalidTargetDocumentAccessLevel', 'message': 'Cannot access target document location with the current permissions.'}}, 'summary': {'total': 0, 'failed': 0, 'success': 0, 'inProgress': 0 , 'notYetStarted': 0, 'cancelled': 0, 'totalCharacterCharged': 0}}

we are using translator path as below using sas urls for source and destination URLs. TRANSLATOR_PATH = "translator/text/batch/v1.0/batches" API_ENDPOINT = ENDPOINT + TRANSLATOR_PATH

Not able to understand what we are missing still to access the files for translation from AKS pod. file upload is successful but accessing the files are being causing access issues. Help me out to resolve this issue.


Solution

  • 'InvalidTargetDocumentAccessLevel', 'message': 'Cannot access target document location with the current permissions.'

    The above error occurs when you don't have proper permission to access the target container in the azure storage account.

    You can use the below sample code which generate SAS token and translate specific file from one container(English) to another container(Spanish) using python code.

    Code:

    import os
    from azure.storage.blob import BlobServiceClient,generate_container_sas, ContainerSasPermissions
    from datetime import datetime, timedelta
    import requests
    import json
    
    # Azure Blob Storage and Translator API credentials
    STORAGE_ACCOUNT_NAME = "venkat326123"
    STORAGE_ACCOUNT_KEY = "Txxxxx"
    TRANSLATOR_ENDPOINT = "https://xxxx.cognitiveservices.azure.com/"
    SUBSCRIPTION_KEY = "8xxxxxxx6"
    
    
    # Containers and blob details
    SOURCE_CONTAINER_NAME = "test"
    TARGET_CONTAINER_NAME = "venkat"
    SOURCE_BLOB_NAME = "testblob.txt"
    TARGET_BLOB_NAME="sample.txt"
    
    # Function to generate SAS token for a blob
    def generate_container_sas_token(container_name,permissions,expiry_hours=1):
        sas_token = generate_container_sas(
            account_name=STORAGE_ACCOUNT_NAME,
            container_name=container_name,
            account_key=STORAGE_ACCOUNT_KEY,
            permission=permissions,  # Permissions for the container
            expiry=datetime.utcnow() + timedelta(hours=expiry_hours)
        )
        return sas_token
    
    def create_container_sas_urls():
        blob_service_client = BlobServiceClient(account_url=f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net", credential=STORAGE_ACCOUNT_KEY)
    
        source_sas_token = generate_container_sas_token(SOURCE_CONTAINER_NAME, ContainerSasPermissions(read=True,list=True))
        source_blob_url = f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net/{SOURCE_CONTAINER_NAME}/{SOURCE_BLOB_NAME}?{source_sas_token}"
        
        target_sas_token = generate_container_sas_token(TARGET_CONTAINER_NAME,ContainerSasPermissions(write=True,list=True))
        target_blob_url = f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net/{TARGET_CONTAINER_NAME}/{TARGET_BLOB_NAME}?{target_sas_token}"
        
        return source_blob_url, target_blob_url
    
    def create_translation_batch(source_blob_url, target_blob_url):
        translator_path = "translator/text/batch/v1.0/batches"
        api_endpoint = TRANSLATOR_ENDPOINT + translator_path
    
        headers = {
            'Ocp-Apim-Subscription-Key': SUBSCRIPTION_KEY,
            'Content-Type': 'application/json'
        }
    
        body = {
            "inputs": [
                {
                    "storageType": "File",
                    "source": {
                        "sourceUrl": source_blob_url,
                    },
                    "targets": [
                        {
                            "targetUrl": target_blob_url,
                            "language": "es"  
                        }
                    ]
                }
            ]
        }
    
        # Print the request body for debugging
        print(json.dumps(body, indent=4))
    
        # Send the request
        response = requests.post(api_endpoint, headers=headers, data=json.dumps(body))
        
        # Print response details for debugging
        print(f"Response Status Code: {response.status_code}")
    
    
    # Main function to execute the steps
    def main():
    
        blob_service_client = BlobServiceClient(account_url=f"https://{STORAGE_ACCOUNT_NAME}.blob.core.windows.net", credential=STORAGE_ACCOUNT_KEY)   
    
        source_blob_url ,target_blob_ur = create_container_sas_urls()
        print(f"Source Blob SAS URL: {source_blob_url}")
        print(f"Target blob SAS URL: {target_blob_ur}")
    
        create_translation_batch(source_blob_url, target_blob_ur)
    
    if __name__ == "__main__":
        main()
    

    Output:

    Source Blob SAS URL: https://venkat326123.blob.core.windows.net/test/testblob.txt?se=2024-10-14T12%3A51%3A41Z&sp=rl&sv=2023-11-03&sr=c&sig=xxxxx
    Target blob SAS URL: https://venkat326123.blob.core.windows.net/venkat/sample.txt?se=2024-10-14T12%3A51%3A41Z&sp=wl&sv=2023-11-03&sr=c&sig=xxxxx
    {
        "inputs": [
            {
                "storageType": "File",
                "source": {
                    "sourceUrl": "https://venkat326123.blob.core.windows.net/test/testblob.txt?se=2024-10-14T12%3A51%3A41Z&sp=rl&sv=2023-11-03&sr=c&sig=xxxxxxx
                },
                "targets": [
                    {
                        "targetUrl": "https://venkat326123.blob.core.windows.net/venkat/sample.txt?se=2024-10-14T12%3A51%3A41Z&sp=wl&sv=2023-11-03&sr=c&sig=xxxxxx",
                        "language": "es"
                    }
                ]
            }
        ]
    }
    Response Status Code: 202
    

    enter image description here

    Reference: