From 54c0f17f2ab40808d5ca0bbe20b8608eb37d0174 Mon Sep 17 00:00:00 2001 From: Nick Craig-Wood Date: Thu, 22 Dec 2022 14:19:38 +0000 Subject: [PATCH] azureblob: fix "409 Public access is not permitted on this storage account" This error was caused by rclone supplying an empty `x-ms-blob-public-access:` header when creating a container for private access, rather than omitting it completely. This is a valid way of specifying containers should be private, but if the storage account has the flag "Blob public access" unset then it gives "409 Public access is not permitted on this storage account". This patch fixes the problem by only supplying the header if the access is set. Fixes #6645 --- backend/azureblob/azureblob.go | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/backend/azureblob/azureblob.go b/backend/azureblob/azureblob.go index af6ff9ddd..2376f44fe 100644 --- a/backend/azureblob/azureblob.go +++ b/backend/azureblob/azureblob.go @@ -1363,15 +1363,16 @@ func (f *Fs) makeContainer(ctx context.Context, container string) error { return nil } opt := service.CreateContainerOptions{ - // Specifies whether data in the container may be accessed publicly and the level of access - Access: &f.publicAccess, - // Optional. Specifies a user-defined name-value pair associated with the blob. //Metadata map[string]string // Optional. Specifies the encryption scope settings to set on the container. //CpkScopeInfo *CpkScopeInfo } + if f.publicAccess != "" { + // Specifies whether data in the container may be accessed publicly and the level of access + opt.Access = &f.publicAccess + } // now try to create the container return f.pacer.Call(func() (bool, error) { _, err := f.svc.CreateContainer(ctx, container, &opt)