-
Notifications
You must be signed in to change notification settings - Fork 799
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
blob/azureblob: Using a SAS token no longer works #2933
Comments
I cleaned my module cache, but I'm seeing this:
|
stanhu
added a commit
to stanhu/go-cloud
that referenced
this issue
Dec 18, 2020
Prior to google#2873, setting the environment variable `AZURE_STORAGE_SAS_TOKEN` would work because the default behavior was to open the bucket via the environment. However, that pull request changed the behavior to only use the environment if an account key were provided, but the SAS token can be thought of as a temporary key. To fix this, we check whether an account key or a SAS token is provided. If one of them is available, open the container with the environment. Closes google#2933
The module cache thing appears to be Azure's fault; they moved a tag. |
I'll take a look later on today around pushing a fix for this (and add some unit tests around this hopefully) |
I submitted a fix in #2934. |
Or not :) Too slow |
@chrismellard thanks! A review of #2934 would be great though. |
stanhu
added a commit
to stanhu/go-cloud
that referenced
this issue
Dec 18, 2020
Prior to google#2873, setting the environment variable `AZURE_STORAGE_SAS_TOKEN` would work because the default behavior was to open the bucket via the environment. However, that pull request changed the behavior to only use the environment if an account key were provided, but the SAS token can be thought of as a temporary key. To fix this, we check whether an account key or a SAS token is provided. If one of them is available, open the container with the environment. Closes google#2933
stanhu
added a commit
to stanhu/go-cloud
that referenced
this issue
Dec 18, 2020
Prior to google#2873, setting the environment variable `AZURE_STORAGE_SAS_TOKEN` would work because the default behavior was to open the bucket via the environment. However, that pull request changed the behavior to only use the environment if an account key were provided, but the SAS token can be thought of as a temporary key. To fix this, we check whether an account key or a SAS token is provided. If one of them is available, open the container with the environment. Closes google#2933
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Before #2873, setting the environment variable
AZURE_STORAGE_SAS_TOKEN
would work fine because the default behavior was to open the bucket via the environment: https://github.com/google/go-cloud/pull/2873/files#diff-9ee8a1ad2dadc385fec784185cfeacacb8796a02b4da3b576dfe5e3a9346d753L154-R169Now, an account key MUST be provided for that to work, but that defeats the purpose of the SAS token in the first place.
To Reproduce
Attempt to download or upload a blob with
AZURE_STORAGE_SAS_TOKEN
andAZURE_STORAGE_ACCOUNT
. Azure will attempt to access the file publicly:Expected behavior
The upload works.
Version
v0.21.0
Additional context
I think the fix here should be to tweak that
if
statement to look atsasToken
.The text was updated successfully, but these errors were encountered: