Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Why should this be hardcoded to Https? #22448

Closed
yanivsag opened this issue Feb 25, 2024 · 5 comments
Closed

Why should this be hardcoded to Https? #22448

yanivsag opened this issue Feb 25, 2024 · 5 comments
Assignees
@tanyasethi-msft
Labels
AzBlob customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)

Comments

@yanivsag
Copy link
Member

azure-sdk-for-go/sdk/storage/azblob/container/client.go

Line 351 in bac2559

Protocol: sas.ProtocolHTTPS,

I suggest basing this on the URL, since it makes the method unusable for users of the azurite storage emulator.
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-triage This issue needs the team to triage. question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files) labels Feb 25, 2024
@vibhansa-msft
Copy link
Member

Hi @yanivsag
GetSasURL is just a helper method to generate SAS from SharedKey or UserDelegationKey. We have used 'https' as default, but that does not restrict you in anyway. You can create your own BlobSignatureValue in context of your application and generate a SAS which allows both http and https.

@yanivsag
Copy link
Member Author

True, but from a user of the lib that opens the client with a connection string, i think it's inconvenient to extract the access key from the connection string while the container Client module already has this code available.
Also, it changed behavior of previous versions (i discovered it while migrating code that used v0.3.0 of azblob)

@jhendrixMSFT jhendrixMSFT removed Client This issue points to a problem in the data-plane of the library. needs-team-triage This issue needs the team to triage. AzDatalake labels Feb 26, 2024
@github-actions github-actions bot added needs-team-attention This issue needs attention from Azure service team or SDK team labels Feb 26, 2024
@vibhansa-msft
Copy link
Member

0.3.0 was not a GA release. For the security reasons HTTP was not allowed in certain auth flows. By default its HTTPs now and for HTTP you need to create SAS by calling respective SDK apis and not through GetSASToken(). For now you can use this as a workaround, let me discuss this with team and see what shall be the correct way to handle this.

@yanivsag
Copy link
Member Author

got it, thanks!

@MartinForReal MartinForReal mentioned this issue Mar 11, 2024
Closed
5 tasks
@souravgupta-msft souravgupta-msft mentioned this issue Apr 5, 2024
Merged
4 tasks
@vibhansa-msft
Copy link
Member

This has been fixed as part of #22704

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tanyasethi-msft tanyasethi-msft

Labels
AzBlob customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@jhendrixMSFT @yanivsag @vibhansa-msft @tanyasethi-msft