From d6e76a22a8cfd151238f191a42baa2696c3b7359 Mon Sep 17 00:00:00 2001
From: Connor Findlay <git@findlays.io>
Date: Thu, 17 Oct 2024 20:08:11 +1300
Subject: [PATCH] backend/azure: Handle Container SAS/SAT

Ignore AuthorizationFailure caused by using a container level SAS/SAT
token when calling GetProperties during the Create() call. This is because the
GetProperties call expects an Account Level token, and the container
level token simply lacks the appropriate permissions. Supressing the
Authorization Failure is OK, because if the token is actually invalid,
this is caught elsewhere when we try to actually use the token to do
work.
---
 internal/backend/azure/azure.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/backend/azure/azure.go b/internal/backend/azure/azure.go
index 737cf0e14..76c8d755a 100644
--- a/internal/backend/azure/azure.go
+++ b/internal/backend/azure/azure.go
@@ -160,6 +160,12 @@ func Create(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, er
 		if err != nil {
 			return nil, errors.Wrap(err, "container.Create")
 		}
+	} else if err != nil && bloberror.HasCode(err, bloberror.AuthorizationFailure) {
+		// We ignore this Auth. Failure, as the failure is related to the type
+		// of SAS/SAT, not an actual real failure. If the token is invalid, we
+		// fail later on anyway.
+		// For details see Issue #4004.
+		debug.Log("Ignoring AuthorizationFailure when calling GetProperties")
 	} else if err != nil {
 		return be, errors.Wrap(err, "container.GetProperties")
 	}