Open tpetillot opened 10 months ago
Hi @tpetillot Thank you for reaching out! I tried to reproduce this issue locally but did not run into any issues with authentication and was able to list blobs normally. I suspect there may be an issue with the account you're using to authenticate. Can you confirm that you're logged into the correct account in order to use the AzureCliCredentialBuilder?
Linking this here for more info: https://learn.microsoft.com/en-us/java/api/com.azure.identity.azureclicredentialbuilder?view=azure-java-stable
Hi @ibrahimrabab,
I can confirm the account used from the SDK is the one from the CLI. Some more context: it was able to create the container, but not list the blobs in it.
(For now, I use an app registration as a workaround that work properly).
@billwert @g2vinay adding for visibility and any suggestions you folks may have for this issue.
Hi @tpetillot Following up on this issue, is this still something you are experiencing?
Hi @tpetillot. Thank you for opening this issue and giving us the opportunity to assist. To help our team better understand your issue and the details of your scenario please provide a response to the question asked above or the information requested above. This will help us more accurately address your issue.
Hi @ibrahimrabab ,we've stuck to using our workaround ever since.
Facing same problem. Following this tutorial doesnt work https://learn.microsoft.com/en-us/azure/storage/blobs/storage-quickstart-blobs-java?tabs=powershell%2Cmanaged-identity%2Croles-azure-portal%2Csign-in-azure-cli&pivots=blob-storage-quickstart-scratch
Following sample code breaks when trying to list blobs but works fine when listing the containers. I have confirmed that account that is logged to azure cli has appropriate access. I am using mac, intelij, spring. They are all using latest version of dependencies
package com.example.azurestorage;
import com.azure.core.credential.TokenCredential;
import com.azure.identity.AzureCliCredentialBuilder;
import com.azure.storage.blob.*;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import java.util.Objects;
@Configuration
public class AzureBlobConfig {
@Bean
public BlobServiceClient blobServiceClient() {
TokenCredential credential = new AzureCliCredentialBuilder().build();
// Azure SDK client builders accept the credential as a parameter
// TODO: Replace <storage-account-name> with your actual storage account name
BlobServiceClient blobServiceClient = new BlobServiceClientBuilder()
.endpoint("https://xxxxxx.blob.core.windows.net/")
.credential(credential).buildClient();
blobServiceClient.listBlobContainers()
.forEach(item->{
if(item != null)
System.out.println(Objects.requireNonNull(item).getName());
} );
return blobServiceClient;
}
@Bean
public BlobContainerClient userUploadsContainerClient(BlobServiceClient blobServiceClient
, @Value("${app.azure.containers.userUploads:app-user-uploads}") String containerName) {
BlobContainerClient client = blobServiceClient.getBlobContainerClient(containerName);
client.createIfNotExists();
client.listBlobs() .forEach(item->{
if(item != null)
System.out.println(Objects.requireNonNull(item).getName());
} );
return client;
}
}
Describe the bug Java SDK blob operation failed with
AuthorizationPermissionMismatch
usingAzureCliCredential
andaz login
. But using CLI command works properly.Exception or Stack Trace
To Reproduce Follow list the blobs in a container using java SDK guide.
Code Snippet
Expected behavior Works as well as CLI command:
az storage blob list --account-name <account-name> --container-name <container-name>
Setup (please complete the following information):