Skip to content
This repository has been archived by the owner on Aug 1, 2024. It is now read-only.

Can't call GetPermissionsAsync on newly created container when using TokenCredential #1044

Open
markheath opened this issue May 28, 2021 · 2 comments
Open

Can't call GetPermissionsAsync on newly created container when using TokenCredential #1044

markheath opened this issue May 28, 2021 · 2 comments

Comments

@markheath
Copy link

Which service(blob, file, queue, table) does this issue concern?

Blob

Which version of the SDK was used?

11.2.3

Which platform are you using? (ex: .NET Core 2.1)

.NET Core 3.1

What problem was encountered?

When you create a new container with CloudBlobContainer.CreateIfNotExistsAsync() and then immediately follow that up with CloudBlobContainer.GetPermissionsAsync(), the GetPermissionsAsync method will throw a StorageException with a 404 status code ("The specified resource does not exist."). However, the container does exist (have verified in StorageExplorer)

How can we reproduce the problem in the simplest way?

This only happens if you are using a StorageCredentials built from a TokenCredential
e.g. new CloudStorageAccount(storageCredentials, accountName, endpointSuffix, true);
If you do the same thing with a regular storage account connection string that includes the storage key, it works fine

Have you found a mitigation/solution?

No - have tried sleeping to see if the permissions can be accessed after some time has elapsed, but does not resolve the issue. Have also tried calling GetContainerReference again after the CreateIfNotExistsAsync call but that doesn't help.
@markheath
Copy link
Author

Had a chance to try the same thing with the V12 SDK. Same issue - can't get permissions on a newly created container if you are using Token credentials. Here's some sample code to repro:

var accountName = "someaccount";
var blobEndpoint = $"https://{accountName}.blob.core.windows.net";
var credential = new DefaultAzureCredential(); 
var blobServiceClient = new BlobServiceClient(new Uri(blobEndpoint), credential);

var containerName = "mark-temp1";
await blobServiceClient.CreateBlobContainerAsync(containerName, PublicAccessType.None);
var containerClient = blobServiceClient.GetBlobContainerClient(containerName);
var policy = await containerClient.GetAccessPolicyAsync(); // will throw 404: The specified resource does not exist

@aristovg
Copy link

Any updates on this? The issue can be reproduced with 12.10.0 SDK, calls to SetAccessPolicyAsync/GetAccessPolicyAsync using MSI return 404

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@markheath @aristovg