JCLOUDS-1428: Support for SAS token based Authentication for Azure Blob Storage

removed ACL check for SAS Auth AzureBlobs
2025-02-18 07:56:30 +00:00 · 2019-05-27 15:05:12 +02:00 · 2019-05-27 15:05:12 +02:00 · ac175f069f
commit ac175f069f
parent 6a945936fa
3 changed files with 48 additions and 6 deletions
--- a/providers/azureblob/src/main/java/org/jclouds/azureblob/blobstore/config/AzureBlobStoreContextModule.java
+++ b/providers/azureblob/src/main/java/org/jclouds/azureblob/blobstore/config/AzureBlobStoreContextModule.java
@ -19,6 +19,7 @@ package org.jclouds.azureblob.blobstore.config;
 import java.util.concurrent.TimeUnit;

 import javax.inject.Singleton;
+import javax.inject.Named;

 import org.jclouds.azureblob.AzureBlobClient;
 import org.jclouds.azureblob.blobstore.AzureBlobRequestSigner;
@ -27,6 +28,8 @@ import org.jclouds.azureblob.domain.PublicAccess;
 import org.jclouds.blobstore.BlobRequestSigner;
 import org.jclouds.blobstore.BlobStore;
 import org.jclouds.blobstore.attr.ConsistencyModel;
+import org.jclouds.azureblob.config.InsufficientAccessRightsException;
+

 import com.google.common.cache.CacheBuilder;
 import com.google.common.cache.CacheLoader;
@ -46,12 +49,15 @@ public class AzureBlobStoreContextModule extends AbstractModule {

   @Provides
   @Singleton
-   protected final LoadingCache<String, PublicAccess> containerAcls(final AzureBlobClient client) {
+   protected final LoadingCache<String, PublicAccess> containerAcls(final AzureBlobClient client, @Named("sasAuth") final boolean sasAuthentication) {
      return CacheBuilder.newBuilder().expireAfterWrite(30, TimeUnit.SECONDS).build(
               new CacheLoader<String, PublicAccess>() {
                  @Override
-                  public PublicAccess load(String container) {
-                     return client.getPublicAccessForContainer(container);
+                  public PublicAccess load(String container) throws CacheLoader.InvalidCacheLoadException {
+                     if (!sasAuthentication) {
+                        return client.getPublicAccessForContainer(container);
+                     }
+                     throw new InsufficientAccessRightsException("SAS Authentication does not support getAcl and setAcl calls.");
                  }

                  @Override
--- a/providers/azureblob/src/main/java/org/jclouds/azureblob/blobstore/functions/BlobPropertiesToBlobMetadata.java
+++ b/providers/azureblob/src/main/java/org/jclouds/azureblob/blobstore/functions/BlobPropertiesToBlobMetadata.java
@ -28,11 +28,13 @@ import org.jclouds.blobstore.domain.MutableBlobMetadata;
 import org.jclouds.blobstore.domain.StorageType;
 import org.jclouds.blobstore.domain.internal.MutableBlobMetadataImpl;
 import org.jclouds.http.HttpUtils;
+import org.jclouds.azureblob.config.InsufficientAccessRightsException;
+import org.jclouds.util.Throwables2;

 import com.google.common.base.Function;
-import com.google.common.cache.CacheLoader;
 import com.google.common.cache.LoadingCache;

+
@Singleton
 public class BlobPropertiesToBlobMetadata implements Function<BlobProperties, MutableBlobMetadata> {
   private final LoadingCache<String, PublicAccess> containerAcls;
@ -58,8 +60,10 @@ public class BlobPropertiesToBlobMetadata implements Function<BlobProperties, Mu
            PublicAccess containerAcl = containerAcls.getUnchecked(from.getContainer());
            if (containerAcl != PublicAccess.PRIVATE)
               to.setPublicUri(from.getUrl());
-         } catch (CacheLoader.InvalidCacheLoadException e) {
-            // nulls not permitted from cache loader
+         } catch (Exception ex) {
+            //AzureBlob is not a publicly accessible object, but it is impossible to obtain ACL using SAS Auth. 
+            InsufficientAccessRightsException iare = Throwables2.getFirstThrowableOfType(ex, InsufficientAccessRightsException.class);
+            if (iare == null) throw ex;  
         }
      if (to.getContentMetadata() != null && to.getContentMetadata().getContentType() != null &&
            to.getContentMetadata().getContentType().equals("application/directory")) {
--- a/providers/azureblob/src/main/java/org/jclouds/azureblob/config/InsufficientAccessRightsException.java
+++ b/providers/azureblob/src/main/java/org/jclouds/azureblob/config/InsufficientAccessRightsException.java
@ -0,0 +1,32 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+ 
+/**
+ * Handles the inability of SAS Authentication string to authenticate the getAcl and setAcl requests.
+ * 
+ */
+ 
+package org.jclouds.azureblob.config;
+
+public class InsufficientAccessRightsException extends RuntimeException {
+
+   public InsufficientAccessRightsException(String message) {
+      super(message);
+   }
+
+}