jclouds-notifications mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Swati Jain (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (JCLOUDS-1428) Support for SAS token based Authentication for Azure Blob Storage
Date Thu, 21 Mar 2019 07:04:00 GMT

    [ https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797878#comment-16797878
] 

Swati Jain commented on JCLOUDS-1428:
-------------------------------------

Hi [~Horuszko],

Thank you for providing the fix for the issue we discussed above. 

With it, we are able to perform putBlob and removeBlob operations successfully.

However, we are getting exception while trying to perform getBlob and listBlob operations.
Below is the error message that we obtain :

 
{code:java}
{
    "timestamp": "2019-03-19T09:53:43.388+0000",
    "status": 500,
    "error": "Internal Server Error",
    "message": "org.jclouds.http.HttpResponseException: request: HEAD https://sapcpqxbaku6wr3sawrvwoc5.blob.core.windows.net/sapcp-osaas-7206114b-a758-4e2c-9af2-d427d323e8c8?restype=container&comp=acl
HTTP/1.1 failed with response: HTTP/1.1 403 This request is not authorized to perform this
operation.",
    "path": "/objectstorage.svc/api/v1/storage/"
}
{code}
 

The stored access policy that we create is assigned the following permissions :
 * SharedAccessBlobPermissions.READ,
 * SharedAccessBlobPermissions.ADD,
 * SharedAccessBlobPermissions.CREATE,
 * SharedAccessBlobPermissions.WRITE,
 * SharedAccessBlobPermissions.DELETE,
 * SharedAccessBlobPermissions.LIST

Could you please have a look at it. Ideally, the above operations should work fine.

> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>
>                 Key: JCLOUDS-1428
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-blobstore
>            Reporter: Himanshu Jain
>            Priority: Major
>              Labels: azureblob
>             Fix For: 2.2.0, 2.1.3
>
>         Attachments: azure_stacktrace.txt
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Hi,
> We have one use case where we want to provide limited access to objects in our storage
accounts. We figured that the best way to do  this is by using SAS token based authentication
mechanism to upload/download objects to Azure Blob Storage - [SAS based Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage using account
keys which might not fit our use case because of security reasons.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message