az storage blob generate-sas is broken after upgrading to 2.38.0 #23249
Description
Describe the bug
For 2+ years we were creating a policy w/o an expiration date and then generating SAS with this policy + expiration date. After upgrading to 2.38.0
az storage blob generate-sas --container-name myBlob --name pathInBlob --policy-name myPolicy --account-name storageAccountName --account-key storageAccessKey --https-only --expiry 2100-01-01
produces a SAS link that results in error "Access policy fields can be associated with signature or SAS identifier but not both" when attempting to download it.
To Reproduce:
- Create policy on container:
az storage container policy create --name myPolicy --container-name myContainer --account-name storageAccountName --account-key storageAccessKey --permissions r- note that policy does NOT specify expiry date. - Generate SAS link:
az storage blob generate-sas --container-name myBlob --name pathInBlob --policy-name myPolicy --account-name storageAccountName --account-key storageAccessKey --https-only --expiry 2100-01-01
Expected Behavior
SAS link gets generated, it's possible to use it to download content.
Environment Summary
Windows-10-10.0.19044-SP0
Python 3.10.5
Installer: MSI
azure-cli 2.38.0
Extensions:
aks-preview 0.5.91
azure-devops 0.25.0
front-door 1.0.16
log-analytics 0.2.1
resource-graph 2.1.0
Dependencies:
msal 1.18.0b1
azure-mgmt-resource 21.1.0b1