Fix Get-AzureStorageContainer with Account SAS failure #5420
Conversation
| @@ -233,11 +240,11 @@ internal void PackCloudBlobContainerWithAcl(IEnumerable<Tuple<CloudBlobContainer | |||
| } | |||
| catch (StorageException e) | |||
| { | |||
| if (!e.IsNotFoundException()) | |||
| if (!e.IsNotFoundException() && !e.IsFordiddenException()) | |||
There was a problem hiding this comment.
@blueww we should change how exceptions are being thrown here so that the properties of the exception are preserved. This means only catching the exceptions that throw a 403 or 404. We should also put the warning you're adding above in here rather than having it before the check. You can change the message slightly so it applies to both 403 and 404 scenarios. It should look something like the following:
catch (StorageException e) when (e.IsNotFoundException() || e.IsForbiddenException())
{
WriteWarning("Denied permission to query the permission of the specified container.");
}There was a problem hiding this comment.
If change as you required, will get following error. This is because query container ACL is executed in aync task. So we can't write warning in it. We also can't write warning after track the task (in main thread), since the task might not finish when we try to write warning.
As currently, only SAS credential can make list container success, but query container ACL fail, (and I don't see it will be change recently), so it should be safe to check the credential is SAS, and write warning. how do you think?
BTW,I have modified the catch exception as you required.
Get-AzureStorageContainer : The WriteObject and WriteError methods cannot be called from outside the overrides of the BeginProcessing, ProcessRecord, and EndProcessing methods, and they can only be called from within the same thread. Validate
that the cmdlet makes these calls correctly, or contact Microsoft Customer Support Services.
At line:1 char:1
- Get-AzureStorageContainer -Context $ctxsas
+ CategoryInfo : CloseError: (:) [Get-AzureStorageContainer], PSInvalidOperationException + FullyQualifiedErrorId : PSInvalidOperationException,Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet.GetAzureStorageContainerCommand
blueww
force-pushed
the
fixlistcontainer
branch
from
9749e1d to
600ab12
Compare
|
@markcowl , @cormacpayne I have changed the code according. Please check. |
Description
Get-AzureStorageContainer not work when use storage context created from SAS credential. #5053
This is because we will get container ACL after list/get container finish, but get container ACL only work with Account Key credential. We have catch 404 before for permission issue, but currently server report 403 for permission issue. So the fix is also catch 403 when get container ACL failure. So we can just return the container object to customer when get container ACL failed with permission issue. We will also write a warning message when customer get container with SAS credential to remind them get container ACL will fail.
This checklist is used to make sure that common guidelines for a pull request are followed. You can find a more complete discussion of PowerShell cmdlet best practices here.
General Guidelines
Testing Guidelines
Cmdlet Signature Guidelines
ShouldProcessand haveSupportShouldProcess=truespecified in the cmdlet attribute. You can find more information onShouldProcesshere.OutputTypeattribute if any output is produced - if the cmdlet produces no output, it should implement aPassThruparameter.Cmdlet Parameter Guidelines