-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Prevent HEAD call for Azure Blob #7027
Comments
Hi there @nicottin |
moqmar
added a commit
to moqmar/rclone
that referenced
this issue
Apr 30, 2024
… no_head_object/add no_read_for_metadata) There are three reasons an option why one would avoid HEAD requests on azureblob, with this now implementing the latter one: - no_head_object: Don't do a HEAD *before* writing to (or reading from) an object, to reduce the number of transactions and thus increase performance. **This is quite complex and thus not implemented here, see s3.Object.Update()!** - no_head: Don't do a HEAD *after* writing to an object, for the same reason but at the cost of "increasing the chance for undetected upload failures". This already exists in azureblob, a small issue was fixed here. - no_read_for_metadata: Instead of doing a HEAD to get metadata, use a list operation, to avoid requiring READ permissions for immutable/append-only applications (this seems to be quite azureblob-specific) - one could also use both no_head_object and no_head together to achieve this, but then uploads wouldn't be verified. This hence fixes rclone#6162 and rclone#7027, as well as an as of now unreported issue where the --no-head option wouldn't work at all with a prefix set on the remote.
moqmar
added a commit
to moqmar/rclone
that referenced
this issue
Apr 30, 2024
… no_head_object/add no_read_for_metadata) There are three reasons an option why one would avoid HEAD requests on azureblob, with this now implementing the latter one: - no_head_object: Don't do a HEAD *before* writing to (or reading from) an object, to reduce the number of transactions and thus increase performance. **This is quite complex and thus not implemented here, see s3.Object.Update()!** - no_head: Don't do a HEAD *after* writing to an object, for the same reason but at the cost of "increasing the chance for undetected upload failures". This already exists in azureblob, a small issue was fixed here. - no_read_for_metadata: Instead of doing a HEAD to get metadata, use a list operation, to avoid requiring READ permissions for immutable/append-only applications (this seems to be quite azureblob-specific) - one could also use both no_head_object and no_head together to achieve this, but then uploads wouldn't be verified. Also fixes an as of now unreported issue where the --no-head option wouldn't work at all with a prefix set on the remote. Fixes rclone#6162 and rclone#7027
moqmar
added a commit
to moqmar/rclone
that referenced
this issue
Apr 30, 2024
… no_head_object/add no_read_for_metadata) There are three reasons an option why one would avoid HEAD requests on azureblob, with this now mainly implementing the latter one: - no_head_object: Don't do a HEAD *before* writing to (or reading from) an object, to reduce the number of transactions and thus increase performance. **This already exists in azureblob, a small issue was fixed here where using a prefix would still require a HEAD request to the prefix itself.** - no_head: Don't do a HEAD *after* writing to an object, for the same reason but at the cost of "increasing the chance for undetected upload failures". **This is still not implemented for azureblob yet and quite complex, see s3.Object.Update()!** - no_read_for_metadata: Instead of doing a HEAD to get metadata, use a list operation, to avoid requiring READ permissions for immutable/append-only applications (this seems to be quite azureblob-specific) - one could also use both no_head_object and no_head together to achieve this, but then uploads wouldn't be verified. Fixes rclone#6162 and rclone#7027
5 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
In our project, for security reason, we need to upload files to an Azure Blob storage with a user having only write authorisation (no read).
In this situation, the upload works but at the end, it is always failing because I guess there is a check with those HEAD calls but since our user has no read authorisation, it finishes with 403.
Would there be a possibility to add an option to avoid this check and HEAD call?
I have seen something similar with S3 but nothing for Azure. (--s3-no-head )
Thanks !
The text was updated successfully, but these errors were encountered: