TrueCloudLab/restic
16
0
Fork 2
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

backend/azure: Handle Container SAS/SAT

Browse source 
Ignore AuthorizationFailure caused by using a container level SAS/SAT
token when calling GetProperties during the Create() call. This is because the
GetProperties call expects an Account Level token, and the container
level token simply lacks the appropriate permissions. Supressing the
Authorization Failure is OK, because if the token is actually invalid,
this is caught elsewhere when we try to actually use the token to do
work.
This commit is contained in:
Connor Findlay 2024-10-17 20:08:11 +13:00 committed by Michael Eischer
parent bcd5ac34bb
commit 2e704c69ac
1 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
internal/backend/azure/azure.go
View file

@ -157,6 +157,12 @@ func Create(ctx context.Context, cfg Config, rt http.RoundTripper) (*Backend, er
if err != nil { if err != nil {
return nil, errors.Wrap(err, "container.Create") return nil, errors.Wrap(err, "container.Create")
} }
} else if err != nil && bloberror.HasCode(err, bloberror.AuthorizationFailure) {
// We ignore this Auth. Failure, as the failure is related to the type
// of SAS/SAT, not an actual real failure. If the token is invalid, we
// fail later on anyway.
// For details see Issue #4004.
debug.Log("Ignoring AuthorizationFailure when calling GetProperties")
} else if err != nil { } else if err != nil {
return be, errors.Wrap(err, "container.GetProperties") return be, errors.Wrap(err, "container.GetProperties")
} }