Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Uploading blob with container client fails with auth error but succeeds with blob client when using Azure CDN #23163

Closed
JeffreyCA opened this issue Feb 21, 2022 · 7 comments
Assignees
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)

Comments

@JeffreyCA
Copy link

  • Package Name: azure-storage-blob
  • Package Version: 12.9.0
  • Operating System: Windows 10
  • Python Version: 3.10.2

Describe the bug
I have an Azure Storage account that is configured with an Azure CDN. When using BlobServiceClient with the account URL set to an Azure CDN, uploading a file using the container client fails with an authentication error, while it succeeds when using a blob client.

Both succeed when the account URL is set to the actual Storage Account URL.

To Reproduce
Steps to reproduce the behavior:

from azure.storage.blob import BlobServiceClient

edge_url = 'https://edgeaccount.azureedge.net'
storage_url = 'https://account.blob.core.windows.net'
service = BlobServiceClient(account_url=edge_url, credential={'account_name': 'abc', 'account_key': 'xyz'})

blob_client = service.get_blob_client('container', 'blobname')
container_client = service.get_container_client('container')

with open("./testfile", "rb") as stream:
    # This succeeds
    blob_client.upload_blob(stream, overwrite=True)
    # This fails with authentication error
    container_client.upload_blob('blobname', stream, overwrite=True)

Authentication error

authenticationerrordetail:The MAC signature found in the HTTP request '5dC3N7RcRW9V...' is not the same as any computed signature. Server used following string to sign: 'PUT


1

application/octet-stream






x-ms-blob-type:BlockBlob
x-ms-client-request-id:xxxx
x-ms-date:Mon, 21 Feb 2022 07:34:35 GMT
x-ms-version:2020-10-02
Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed 
correctly including the signature.
RequestId:xxx
Time:2022-02-21T07:34:35.1058206Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request '5dC3N7RcRW9V...' is not the same as any computed 
signature. Server used following string to sign: 'PUT

Expected behavior
The container client should upload the blob successfully.

@ghost ghost added needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Feb 21, 2022
@JeffreyCA JeffreyCA changed the title Container client fails with Authentication error but blob client succeeds when using Azure CDN Uploading blob with container client fails with auth error but succeeds with blob client when using Azure CDN Feb 21, 2022
@azure-sdk azure-sdk added Client This issue points to a problem in the data-plane of the library. needs-team-triage Workflow: This issue needs the team to triage. Storage Storage Service (Queues, Blobs, Files) labels Feb 21, 2022
@ghost ghost removed the needs-triage Workflow: This is a new issue that needs to be triaged to the appropriate team. label Feb 21, 2022
@jalauzon-msft jalauzon-msft self-assigned this Feb 23, 2022
@jalauzon-msft jalauzon-msft removed the needs-team-triage Workflow: This issue needs the team to triage. label Feb 23, 2022
@jalauzon-msft
Copy link
Member

Hi @JeffreyCA, thanks for reporting this. We will look into it and get back to you.

@jalauzon-msft
Copy link
Member

Hi again @JeffreyCA, I have tried out your sample with an Azure CDN configured on a Storage Account and was not able to reproduce the auth error. Both the BlobClient and ContainerClient method worked as expected with no errors. I tried a couple different combinations of how the container was initially created, etc.

Is this a consistent or intermittent? Is there anything special (outside of default) configured on your Storage Account or CDN? I was testing with a pretty much default Storage Account and CDN configuration.

Could you share a recent request id from a failed request? I can look at it on the service side to see if that reveals anything. (The more recent, the better, since the service logs roll over fairly quickly, ~2 days)

@JeffreyCA
Copy link
Author

JeffreyCA commented Feb 24, 2022

Strange I cannot reproduce it anymore now, the uploads are succeeding again. My storage account is a Blob storage not the V2 one.

I did manage to save one request: d81ed268-301e-0068-63f7-263995000000

Content: <?xml version="1.0" encoding="utf-8"?><Error><Code>AuthenticationFailed</Code><Message>Server failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.
api_1          | RequestId:d81ed268-301e-0068-63f7-263995000000
api_1          | Time:2022-02-21T07:46:18.3875170Z</Message><AuthenticationErrorDetail>The MAC signature found in the HTTP request 'Ge9LF9U/IxrXWwnRDkxLL5+JCv/Sz2kGIbEmVG9SWR0=' is not the same as any computed signature. Server used following string to sign: 'PUT
api_1          |
api_1          |
api_1          | 109264
api_1          |
api_1          | application/octet-stream
api_1          |
api_1          |
api_1          |
api_1          |
api_1          |
api_1          |
api_1          | x-ms-blob-content-disposition:attachment
api_1          | x-ms-blob-content-type:audio/mpeg
api_1          | x-ms-blob-type:BlockBlob
api_1          | x-ms-client-request-id:5ab7e560-92ea-11ec-9174-0242ac120006
api_1          | x-ms-date:Mon, 21 Feb 2022 07:46:18 GMT
api_1          | x-ms-version:2020-10-02
api_1          | /spleeterweb/gpu/uploads/dd50891f-cd77-48f6-aef1-76f5d928cb20/a.mp3
api_1          | timeout:20'.</AuthenticationErrorDetail></Error>

@jalauzon-msft
Copy link
Member

Hi @JeffreyCA Jeffery, unfortunately the service logs for this request have rolled over (I did check soon after you provided it). Are you able to reproduce the issue again and provide another request id? Thanks

@JeffreyCA
Copy link
Author

Hi @JeffreyCA Jeffery, unfortunately the service logs for this request have rolled over (I did check soon after you provided it). Are you able to reproduce the issue again and provide another request id? Thanks

No I'm not able to reproduce it anymore

@jalauzon-msft
Copy link
Member

@JeffreyCA so the issue is no longer happening and requests to the CDN endpoint are working as expected now?

If that is the case, I would probably say this was an intermittent issue with the service. Perhaps it took longer than expected for your CDN settings to take affect or there was a problem on the backend that got resolved.

@jalauzon-msft
Copy link
Member

Looks like this may have been a service issue that recovered. I'm going to close this but please feel free to re-open if this reoccurs. Thanks.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 11, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Development

No branches or pull requests

3 participants