Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

"Incorrect padding" while attempting to check if blob exists #36379

Closed
roy-work opened this issue Jul 8, 2024 · 2 comments · Fixed by #36431
Closed

"Incorrect padding" while attempting to check if blob exists #36379

roy-work opened this issue Jul 8, 2024 · 2 comments · Fixed by #36431
Assignees
@jalauzon-msft @vincenttran-msft
Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team Service Attention Workflow: This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files)

Comments

@roy-work
Copy link

roy-work commented Jul 8, 2024

  • Package Name: azure-storage-blob
  • Package Version: 12.20.0
  • Operating System: macOS
  • Python Version: 3.12

Describe the bug
A call to BlobClient.exists fails after a huge delay with:

Traceback (most recent call last):
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/authentication.py", line 128, in _add_authorization_header
    signature = sign_string(self.account_key, string_to_sign)
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/__init__.py", line 45, in sign_string
    key = decode_base64_to_bytes(key)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/__init__.py", line 35, in decode_base64_to_bytes
    return base64.b64decode(data)
           ^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/Cellar/python@3.12/3.12.3/Frameworks/Python.framework/Versions/3.12/lib/python3.12/base64.py", line 88, in b64decode
    return binascii.a2b_base64(s, strict_mode=validate)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
binascii.Error: Incorrect padding

The above exception was the direct cause of the following exception:

Traceback (most recent call last):
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/eng-vm-releases-replicate/replicate-installers.py", line 83, in <module>
    if blob_client.exists():
       ^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_blob_client.py", line 1288, in exists
    process_storage_error(error)
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/response_handlers.py", line 88, in process_storage_error
    raise storage_error
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_blob_client.py", line 1278, in exists
    self._client.blob.get_properties(
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/tracing/decorator.py", line 94, in wrapper_use_tracer
    return func(*args, **kwargs)
           ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_generated/operations/_blob_operations.py", line 1881, in get_properties
    pipeline_response: PipelineResponse = self._client._pipeline.run(  # pylint: disable=protected-access
                                          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 229, in run
    return first_node.send(pipeline_request)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  [Previous line repeated 2 more times]
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/policies/_redirect.py", line 197, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/policies.py", line 555, in send
    raise err
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/policies.py", line 529, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 86, in send
    response = self.next.send(request)
               ^^^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_base.py", line 84, in send
    _await_result(self._policy.on_request, request)
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/core/pipeline/_tools.py", line 49, in await_result
    result = func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/authentication.py", line 151, in on_request
    self._add_authorization_header(request, string_to_sign)
  File "/Users/roy/workspace/infrastructure/tools/pk-vm-bootstrap/argus-crawl/venv/lib/python3.12/site-packages/azure/storage/blob/_shared/authentication.py", line 134, in _add_authorization_header
    raise _wrap_exception(ex, AzureSigningError) from ex
azure.storage.blob._shared.authentication.AzureSigningError: Incorrect padding

To Reproduce
Steps to reproduce the behavior:

  1. I think this happens if one supplies an invalid access key; e.g., I get similar (but not the same) behavior with an (invalid) access key of "a".

Expected behavior
The error here needs to help me understand what's wrong; base64 padding has "nothing" to do with the API call here, and I had no idea at first what I'd done wrong, as I thought I had supplied a valid key.

The long timeout is equally weird; this should abort immediately … no?

The signature generation scheme here is to a user of the API an internal detail. I'm "lucky" in the sense that I've implemented it by hand before & know how it works (and that's what nudged me towards "maybe the key I supplied wasn't right?"), but a user who isn't familiar with how the signature scheme on the underlying API requests work is going to just be perplexed by this.

Screenshots
N/A

Additional context
I suspect this was previously reported here: #35010
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention Workflow: This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files) labels Jul 8, 2024
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 8, 2024

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @jalauzon-msft @vincenttran-msft.

@weirongw23-msft weirongw23-msft mentioned this issue Jul 11, 2024
Merged
@jalauzon-msft
Copy link
Member

Hi @roy-work Roy, thanks for the report. Yes, you are correct that this is almost certainly caused by an invalid shared key, specifically one that cannot be properly base64 decoded. The long timeout is due to the automatic retry policy of the SDK retrying this error a few times. The fact that this type of error is retried is not correct and #36431 has been created to fix that issue.

We will also consider catching this error and adjusting the error message to hint at the fact this is probably an issue with the shared key.

@jalauzon-msft jalauzon-msft added bug This issue requires a change to an existing behavior in the product in order to be resolved. and removed question The issue doesn't require a change to the product in order to be resolved. Most issues start as that labels Jul 11, 2024
@jalauzon-msft jalauzon-msft linked a pull request Jul 25, 2024 that will close this issue
[Storage] Modified StorageRetryPolicy to skip AzureSigningError from bad storage account key #36431
Merged
@github-actions github-actions bot locked and limited conversation to collaborators Oct 23, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@jalauzon-msft jalauzon-msft

@vincenttran-msft vincenttran-msft

Labels
bug This issue requires a change to an existing behavior in the product in order to be resolved. Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention Workflow: This issue needs attention from Azure service team or SDK team Service Attention Workflow: This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
3 participants
@roy-work @jalauzon-msft @vincenttran-msft