From bc214291d59ec958b9871f100d56b790cc073bd3 Mon Sep 17 00:00:00 2001
From: Nick Craig-Wood <nick@craig-wood.com>
Date: Thu, 22 Dec 2022 14:19:38 +0000
Subject: [PATCH] azureblob: fix "409 Public access is not permitted on this
 storage account"

This error was caused by rclone supplying an empty
`x-ms-blob-public-access:` header when creating a container for
private access, rather than omitting it completely.

This is a valid way of specifying containers should be private, but if
the storage account has the flag "Blob public access" unset then it
gives "409 Public access is not permitted on this storage account".

This patch fixes the problem by only supplying the header if the
access is set.

Fixes #6645
---
 backend/azureblob/azureblob.go | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/backend/azureblob/azureblob.go b/backend/azureblob/azureblob.go
index af6ff9ddd..2376f44fe 100644
--- a/backend/azureblob/azureblob.go
+++ b/backend/azureblob/azureblob.go
@@ -1363,15 +1363,16 @@ func (f *Fs) makeContainer(ctx context.Context, container string) error {
 			return nil
 		}
 		opt := service.CreateContainerOptions{
-			// Specifies whether data in the container may be accessed publicly and the level of access
-			Access: &f.publicAccess,
-
 			// Optional. Specifies a user-defined name-value pair associated with the blob.
 			//Metadata map[string]string
 
 			// Optional. Specifies the encryption scope settings to set on the container.
 			//CpkScopeInfo *CpkScopeInfo
 		}
+		if f.publicAccess != "" {
+			// Specifies whether data in the container may be accessed publicly and the level of access
+			opt.Access = &f.publicAccess
+		}
 		// now try to create the container
 		return f.pacer.Call(func() (bool, error) {
 			_, err := f.svc.CreateContainer(ctx, container, &opt)