You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@jclouds.apache.org by "Stefan H. (Jira)" <ji...@apache.org> on 2021/06/10 14:14:00 UTC
[jira] [Commented] (JCLOUDS-1579) SharedKeyLite authentication
against Azure Blob with Premium SKU fails
[ https://issues.apache.org/jira/browse/JCLOUDS-1579?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17360942#comment-17360942 ]
Stefan H. commented on JCLOUDS-1579:
------------------------------------
Microsoft confirmed that this behavior is not bug and SharedKeyLite is not intended to function with premium *page* accounts. They'll fix their documentation to reflect that. They say they will consider implementing the feature for premium page accounts however there's no time-frame or decision whether they'll do so at all.
> SharedKeyLite authentication against Azure Blob with Premium SKU fails
> ----------------------------------------------------------------------
>
> Key: JCLOUDS-1579
> URL: https://issues.apache.org/jira/browse/JCLOUDS-1579
> Project: jclouds
> Issue Type: Bug
> Components: jclouds-blobstore
> Affects Versions: 2.3.0, 2.4.0
> Reporter: Stefan H.
> Priority: Major
> Labels: azureblob
>
> We have been using jclouds with Azure Blob Storage successfully. However when changing the SKU of one of the Storage Accounts from Standard to [Premium|https://azure.microsoft.com/en-us/blog/azure-premium-block-blob-storage-is-now-generally-available/] jclouds was suddenly no longer able to authenticate against the storage event though the credentials were valid. E.g. checking the existence of a container results in:
> request: HEAD https://XXX.blob.core.windows.net/test?restype=container HTTP/1.1 failed with response: HTTP/1.1 403 Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
> After some investigation this seems to be caused by Premium storage not supporting the SharedKeyLite authenticatication method jclouds uses. Other projects seem to also have stumbled over this issue (e.g. [https://github.com/khenidak/dysk/issues/6#issuecomment-355877888] , [https://github.com/terraform-providers/terraform-provider-azurerm/issues/3939#issuecomment-524401721] ).
> My reading of [https://docs.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key] would have been that auth is the same for the SKUs and we have opened a support case with Microsoft to get further information. But given that at least one of the issues I linked before also mentioned raising this with them it is unlikely this behavior is unintended or will change.
> Everyone else encountering this seems to switch to SharedKey authentication instead to resolve the issue and their code changes seem quite contained at first glance. This would also resolve the local development workflow issue of the Azurite storage emulator from Microsoft not supporting SharedKeyLite on blob storage.
> To reproduce the problem just create Standard and a Premium SKU storage account and try to use them with jclouds to do a call like containerExists. With all else being the same Standard SKU will work while Premium SKU 403s.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)