[jira] [Commented] (JCLOUDS-1428) Support for SAS token based Authentication for Azure Blob Storage

Thu, 21 Mar 2019 00:05:05 -0700 


    [ 
https://issues.apache.org/jira/browse/JCLOUDS-1428?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16797878#comment-16797878
 ] 

Swati Jain commented on JCLOUDS-1428:
-------------------------------------

Hi [~Horuszko],

Thank you for providing the fix for the issue we discussed above. 

With it, we are able to perform putBlob and removeBlob operations successfully.

However, we are getting exception while trying to perform getBlob and listBlob 
operations. Below is the error message that we obtain :

 
{code:java}
{
    "timestamp": "2019-03-19T09:53:43.388+0000",
    "status": 500,
    "error": "Internal Server Error",
    "message": "org.jclouds.http.HttpResponseException: request: HEAD 
https://sapcpqxbaku6wr3sawrvwoc5.blob.core.windows.net/sapcp-osaas-7206114b-a758-4e2c-9af2-d427d323e8c8?restype=container&comp=acl
 HTTP/1.1 failed with response: HTTP/1.1 403 This request is not authorized to 
perform this operation.",
    "path": "/objectstorage.svc/api/v1/storage/"
}
{code}
 

The stored access policy that we create is assigned the following permissions :
 * SharedAccessBlobPermissions.READ,
 * SharedAccessBlobPermissions.ADD,
 * SharedAccessBlobPermissions.CREATE,
 * SharedAccessBlobPermissions.WRITE,
 * SharedAccessBlobPermissions.DELETE,
 * SharedAccessBlobPermissions.LIST

Could you please have a look at it. Ideally, the above operations should work 
fine.

> Support for SAS token based Authentication for Azure Blob Storage
> -----------------------------------------------------------------
>
>                 Key: JCLOUDS-1428
>                 URL: https://issues.apache.org/jira/browse/JCLOUDS-1428
>             Project: jclouds
>          Issue Type: Improvement
>          Components: jclouds-blobstore
>            Reporter: Himanshu Jain
>            Priority: Major
>              Labels: azureblob
>             Fix For: 2.2.0, 2.1.3
>
>         Attachments: azure_stacktrace.txt
>
>          Time Spent: 40m
>  Remaining Estimate: 0h
>
> Hi,
> We have one use case where we want to provide limited access to objects in 
> our storage accounts. We figured that the best way to do  this is by using 
> SAS token based authentication mechanism to upload/download objects to Azure 
> Blob Storage - [SAS based 
> Authentication|https://docs.microsoft.com/en-us/azure/storage/common/storage-dotnet-shared-access-signature-part-1]
> We found that JClouds client library provides support for Azure Blob Storage 
> using account keys which might not fit our use case because of security 
> reasons.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to