search

Azure / azure-sdk-for-go

This repository is for active development of the Azure SDK for Go. For consumers of the SDK we recommend visiting our public developer docs at:
https://docs.microsoft.com/azure/developer/go/
MIT License
1.64k stars 838 forks source link

403 Error connecting to local storage with Azurite (Visual Studio Code) #23306

Closed tristan-till closed 2 months ago

tristan-till commented 2 months ago

Specifications: Package: github.com/Azure/azure-sdk-for-go/sdk/storage/azblob SDK version(s): v1.3.1, v1.4.0 GO version: go version go1.22.5 windows/amd64 Azurite: V3.31.0 (VS Code Extension)

Scenario Trying to connect to emulated Blob Storage using the Azurite extension and the Azure GO SDK. Sample Code:

accountName := "devstoreaccount1"
accountKey := "Eby8vdM02xNOcqFe68wrnelgRhDF3dJ1GPpDq4zRAzBdalRoNuZz4Y6EFuEFRz5jLK6Bf5EwDGe+OlR7ABxJkQ=="
blobEndpoint := "http://127.0.0.1:10000/devstoreaccount1"

credential, err := azblob.NewSharedKeyCredential(accountName, accountKey)
if err != nil {
fmt.Println("Failed to create shared key credential: %v", err)
return
}

client, err := azblob.NewClientWithSharedKeyCredential(blobEndpoint, credential, nil)
if err != nil {
fmt.Println("Failed to create client: %v", err)
return
}

_, err = client.CreateContainer(context.TODO(), "my-container", nil)
if err != nil {
fmt.Println("Failed to create container:", err)
return
}

Console Error

Failed to create container: PUT http://127.0.0.1:10000/devstoreaccount1/my-container
--------------------------------------------------------------------------------
RESPONSE 403: 403 Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.
ERROR CODE: AuthorizationFailure
--------------------------------------------------------------------------------
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<Error>
  <Code>AuthorizationFailure</Code>
  <Message>Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.
RequestId:2ce2824d-4c60-4bce-870d-6f7980f8b018
Time:2024-08-10T09:59:29.655Z</Message>
</Error>
--------------------------------------------------------------------------------

Azurite Blob Debug Output

2024-08-10T09:41:42.540Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobStorageContextMiddleware: RequestMethod=PUT RequestURL=http://127.0.0.1/devstoreaccount1/my-container?restype=container RequestHeaders:{"host":"127.0.0.1:10000","user-agent":"azsdk-go-azblob/v1.3.1 (go1.22.5; Windows_NT)","content-length":"0","accept":"application/xml","authorization":"SharedKey devstoreaccount1:+SfnfTLHtEgi5hb7e9wY+YWl0Gup2XoOqrXJXy09e0s=","x-ms-date":"Sat, 10 Aug 2024 09:41:42 GMT","x-ms-version":"2023-11-03","accept-encoding":"gzip"} ClientIP=127.0.0.1 Protocol=http HTTPVersion=1.1
2024-08-10T09:41:42.540Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobStorageContextMiddleware: Account=devstoreaccount1 Container=my-container Blob=
2024-08-10T09:41:42.540Z e9e12169-5f3e-4cc1-83ea-26566dd54abb verbose DispatchMiddleware: Dispatching request...
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info DispatchMiddleware: Operation=Container_Create
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb verbose AuthenticationMiddlewareFactory:createAuthenticationMiddleware() Validating authentications.
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info PublicAccessAuthenticator:validate() Start validation against public access.
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug PublicAccessAuthenticator:validate() Getting account properties...
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug PublicAccessAuthenticator:validate() Retrieved account name from context: devstoreaccount1, container: my-container, blob: 
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug PublicAccessAuthenticator:validate() Skip public access authentication. Cannot get public access type for container my-container
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobSharedKeyAuthenticator:validate() Start validation against account shared key authentication.
2024-08-10T09:41:42.541Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobSharedKeyAuthenticator:validate() [STRING TO SIGN]:"PUT\n\n\n\n\n\n\n\n\n\n\n\nx-ms-date:Sat, 10 Aug 2024 09:41:42 GMT\nx-ms-version:2023-11-03\n/devstoreaccount1/devstoreaccount1/my-container\nrestype:container"
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobSharedKeyAuthenticator:validate() Calculated authentication header based on key1: SharedKey devstoreaccount1:ysKqRl9i7EeXyMenb/9+Miw1UKO8X9wKp1YvPvqHHBY=
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobSharedKeyAuthenticator:validate() Validation failed.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info AccountSASAuthenticator:validate() Start validation against account Shared Access Signature pattern.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug AccountSASAuthenticator:validate() Getting account properties...
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug AccountSASAuthenticator:validate() Retrieved account name from context: devstoreaccount1, container: my-container, blob: 
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug AccountSASAuthenticator:validate() Got account properties successfully.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug AccountSASAuthenticator:validate() Retrieved signature from URL parameter sig: undefined
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info AccountSASAuthenticator:validate() Failed to get valid account SAS values from request.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info BlobSASAuthenticator:validate() Start validation against blob service Shared Access Signature pattern.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug BlobSASAuthenticator:validate() Getting account properties...
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug BlobSASAuthenticator:validate() Retrieved account name from context: devstoreaccount1, container: my-container, blob: 
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug BlobSASAuthenticator:validate() Got account properties successfully.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug BlobSASAuthenticator:validate() Retrieved signature from URL parameter sig: undefined
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb debug BlobSASAuthenticator:validate() No signature found in request. Skip blob service SAS validation.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Received a MiddlewareError, fill error information to HTTP response
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: ErrorName=StorageError ErrorMessage=Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.  ErrorHTTPStatusCode=403 ErrorHTTPStatusMessage=Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature. ErrorHTTPHeaders={"x-ms-error-code":"AuthorizationFailure","x-ms-request-id":"e9e12169-5f3e-4cc1-83ea-26566dd54abb"} ErrorHTTPBody="<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<Error>\n  <Code>AuthorizationFailure</Code>\n  <Message>Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:e9e12169-5f3e-4cc1-83ea-26566dd54abb\nTime:2024-08-10T09:41:42.542Z</Message>\n</Error>" ErrorStack="StorageError: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\n\tat StorageErrorFactory.getAuthorizationFailure (c:\\Users\\trist\\.vscode\\extensions\\azurite.azurite-3.31.0\\dist\\src\\blob\\errors\\StorageErrorFactory.js:137:16)\n\tat c:\\Users\\trist\\.vscode\\extensions\\azurite.azurite-3.31.0\\dist\\src\\blob\\middlewares\\AuthenticationMiddlewareFactory.js:25:56\n\tat process.processTicksAndRejections (node:internal/process/task_queues:95:5)"
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set HTTP code: 403
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set HTTP status message: Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set HTTP Header: x-ms-error-code=AuthorizationFailure
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set HTTP Header: x-ms-request-id=e9e12169-5f3e-4cc1-83ea-26566dd54abb
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set content type: application/xml
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb error ErrorMiddleware: Set HTTP body: "<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n<Error>\n  <Code>AuthorizationFailure</Code>\n  <Message>Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature.\nRequestId:e9e12169-5f3e-4cc1-83ea-26566dd54abb\nTime:2024-08-10T09:41:42.542Z</Message>\n</Error>"
2024-08-10T09:41:42.542Z e9e12169-5f3e-4cc1-83ea-26566dd54abb info EndMiddleware: End response. TotalTimeInMS=2 StatusCode=403 StatusMessage=Server failed to authenticate the request. Make sure the value of the Authorization header is formed correctly including the signature. Headers={"server":"Azurite-Blob/3.31.0","x-ms-error-code":"AuthorizationFailure","x-ms-request-id":"e9e12169-5f3e-4cc1-83ea-26566dd54abb","content-type":"application/xml"}

Further information This happens for the out-of-the-box configuration of Azurite, as well as after certificates are installed and added to the extension details. The console errors are identical, the Azurite Debug Log output varies. I am fine with a working solution using http, if this is easier to reproduce/debug on your side. Otherwise I will gladly provide the other configurations/logs as well!

Expected behavior Sample code should create storage container without issues.

THANK YOU!

github-actions[bot] commented 2 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.