Not able to login using the user created through azure cli for sftp

[praveenm-symplr]

Describe the bug

Not able to login using the user created through azure cli for sftp.

I have two users one created from the azure cli with permissions and one manually from azure portal. The permissions are same for both.

When I use the ftp client to login with the user which created from azure portal works fine but it is failing for the user created through azure-cli.

On comparison of both users by getting all the users,
az storage account local-user list --account-name myAccountName -g myResourceGroup

There looks to be a "Blob" and "blob". If it is "Blob" (created from azure-cli) it looks to be not working

Related command

creating the user
az storage account local-user create --account-name $storageAccountName --resource-group $resourceGroupName --user-name $localUserName --home-directory $homeDirectory $scopes --has-ssh-password $true

To list the users and permissions
az storage account local-user list --account-name $storageAccountName -g $resourceGroupName

Errors

There were no errors observed.

Issue script & Debug output

Provided the info

Expected behavior

The user created using the azure-cli should be working when we try to login from sftp.
Should be ideally the same behavior as we are are creating a new user from azure portl.

Environment Summary

azure-cli 2.51.0

Additional context

No response

[azure-client-tools-bot-prd]

Hi @praveenm-symplr,

2.51.0 is not the latest Azure CLI(2.53.1).

If you haven't already attempted to do so, please upgrade to the latest Azure CLI version by following https://learn.microsoft.com/en-us/cli/azure/update-azure-cli.

[yonzhan]

Thank you for opening this issue, we will look into it.

[praveenm-symplr]

Related to #26723

[calvinhzy]

Hi @praveenm-symplr, wondering if you can show screenshots to the command that you have run. I am able to get it work with these commands.
az storage account local-user create --account-name satestlocaluser --resource-group rgtestlocaluser --user-name localuser2 --home-directory container1/home --permission-scope permissions=rwdlc service=blob resource-name=container1 --has-ssh-password true
az storage account local-user regenerate-password --name localuser2 --account-name satestlocaluser --resource-group rgtestlocaluser
You can see the permissionscope service is "blob".

[praveenm-symplr]

@calvinhzy It looks to be the problem in our code. we sent service="Blob" instead of "blob". There looks to be no validation from the azure-cli side or change the case before storing it.

When we sent "blob" instead of "Blob" for the service it worked fine. Thank you so much for checking.

[calvinhzy]

I am surprised that this capitalization difference would cause the issue, will look to add that validation in CLI.

[praveenm-symplr]

I am surprised that this capitalization difference would cause the issue, will look to add that validation in CLI.

Yeah you can try changing the service value to "Blob" and see if you are able to login for that user.

That is the only difference I could make out from the user created through code vs portal.