From 2e704c69ac1c05baceb368aa3d701fab480e991b Mon Sep 17 00:00:00 2001
From: Connor Findlay <git@findlays.io>
Date: Thu, 17 Oct 2024 20:08:11 +1300
Subject: [PATCH] backend/azure: Handle Container SAS/SAT

Ignore AuthorizationFailure caused by using a container level SAS/SAT
token when calling GetProperties during the Create() call. This is because the
GetProperties call expects an Account Level token, and the container
level token simply lacks the appropriate permissions. Supressing the
Authorization Failure is OK, because if the token is actually invalid,
this is caught elsewhere when we try to actually use the token to do
work.
---
 internal/backend/azure/azure.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/internal/backend/azure/azure.go b/internal/backend/azure/azure.go
index e09593fd6..8f5ee9f00 100644
--- a/internal/backend/azure/azure.go
+++ b/internal/backend/azure/azure.go
@@ -157,6 +157,12 @@ func Create(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, er
 		if err != nil {
 			return nil, errors.Wrap(err, "container.Create")
 		}
+	} else if err != nil && bloberror.HasCode(err, bloberror.AuthorizationFailure) {
+		// We ignore this Auth. Failure, as the failure is related to the type
+		// of SAS/SAT, not an actual real failure. If the token is invalid, we
+		// fail later on anyway.
+		// For details see Issue #4004.
+		debug.Log("Ignoring AuthorizationFailure when calling GetProperties")
 	} else if err != nil {
 		return be, errors.Wrap(err, "container.GetProperties")
 	}