fix(provider/azure): SECURITY VULNERABILITY, stop making containers p…

…ublic

This is an attempt to fix:

- spinnaker/spinnaker#5892
- spinnaker/spinnaker#6218

The following PRs attempted to address this issue, and appear to be
orphaned:

- #900 - Failing checks.
- #1002 - Fixing more than one
  thing.  Should be two (2) PRs.

front50-azure/src/main/java/com/netflix/spinnaker/front50/model/AzureStorageService.java

@@ -63,17 +63,24 @@ private CloudBlobClient getBlobClient() {
   private CloudBlobContainer getBlobContainer() {
     if (storageAccount != null && blobContainer == null) {
       try {
-        blobContainer = getBlobClient().getContainerReference(this.containerName);
-        blobContainer.createIfNotExists();
-        BlobContainerPermissions permissions = new BlobContainerPermissions();
-        permissions.setPublicAccess(BlobContainerPublicAccessType.CONTAINER);
-        blobContainer.uploadPermissions(permissions);
+        CloudBlobContainer localBlobContainer =
+            getBlobClient().getContainerReference(this.containerName);
+        // Do not modify the blob containers permissions if it already exists.
+        // This should keep things backwards compatible.
+        if (localBlobContainer.createIfNotExists()) {
+          // Default to private access if creating.
+          BlobContainerPermissions permissions = new BlobContainerPermissions();
+          permissions.setPublicAccess(BlobContainerPublicAccessType.OFF);
+          localBlobContainer.uploadPermissions(permissions);
+        }
+        this.blobContainer = localBlobContainer;
       } catch (Exception e) {
-        // log exception
-        blobContainer = null;
+        log.error(
+            "Exception occurred getting/creating the blob container: {} ",
+            value("exception", e.getMessage()));
       }
     }
-    return blobContainer;
+    return this.blobContainer;
   }
 
   public AzureStorageService(String connectionString, String containerName) {