Open findinpath opened 7 months ago
Thanks for filing this issue @findinpath.
I'll start by assuming when you want to make this check you already have a BlobContainerClient
, or BlobContainerAsyncClient
(and I'm going to write the following answer using the synchronous client but the same / equivalent APIs should exist in the async client).
You can get the BlobServiceClient
using BlobContainerClient.getServiceClient()
. The BlobServiceClient
should then have a method getAccountInfo
returning a StorageAccountInfo
object. This has an is getter isHierarchicalNamespaceEnabled
which will indicate if the Storage account being used has hierarchical namespace enabled.
boolean isHierarchicalNamespaceAccount = blobContainerClient.getServiceClient()
.getAccountInfo()
,isHierarchicalNamespaceEnabled();
@alzimmermsft thank you for your reply.
Do note that the above mentioned method doesn't work when using OAuth2 authentication.
As mentioned here
This operation doesn't support OAuth-based authorization via an access token from Azure Active Directory/MSI or a user delegation SAS.
I'm not sure why this information is not being provided when using token credentials on the service level. I'd like though to know whether there is a workaround to the current situation.
Hmm, this one I don't have a good answer for, @seanmcc-msft do you have any additional information on how to use this without a connection string?
Workaround
az storage account blob-service-properties show --account-name my-storage-account
{
"id": "/subscriptions/xxxxxxx-xxxxx-xxxx-xxxxx-xxxxxxxxxx/resourceGroups/myresourcegroup/providers/Microsoft.Storage/storageAccounts/mystorageaccount/blobServices/default",
.....
"resourceGroup": "myresourcegroup",
....
"type": "Microsoft.Storage/storageAccounts/blobServices"
}
https://stackoverflow.com/a/75711750
az resource show --name mystorageaccount --resource-group myresourcegroup --resource-type "Microsoft.Storage/storageAccounts" --query properties.isHnsEnabled
This will show whether HNS is enabled or not for the storage account while using az
tool.
Could you please add to the class https://github.com/Azure/azure-sdk-for-java/blob/eee5dc85bf53571289ee1cb5e3a0d0e6bf06df9c/sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/models/BlobServiceProperties.java also the following information:
resourceGroup
id
I need them to extract via the resourceManager
the HNS related information
AzureProfile profile = new AzureProfile(tenantId, "xxxxxxx-xxxxx-xxxx-xxxxx-xxxxxxxxxx", AzureEnvironment.AZURE);
ResourceManager resourceManager = ResourceManager
.authenticate(credential, profile)
.withDefaultSubscription();
ResourcesClient resourceClient = resourceManager.serviceClient().getResources();
GenericResourceInner resource = resourceClient.get("myresourcegroup", "Microsoft.Storage", "", "storageAccounts", "mystorageaccount", "2021-04-01");
Map<String, Object> resourceProperties = (Map<String, Object>)resource.properties();
boolean isHnsEnabled = Optional.ofNullable(resourceProperties.get("isHnsEnabled")).map(Boolean.class::cast).orElse(false);
Is there maybe a more elegant way to extract the subscription id from the BlobServiceProperties
output?
With the above workaround aside, it feels though unnatural to go the above mentioned route just to know whether the container i'm dealing with is hierarchical or not and this only when using service tokens. :(
We found an alternate method that seems to work. It calls this API endpoint directly using the com.azure.core.http.HttpClient
. If HNS is enabled for the account then it will return a 401 response status since we aren't authenticated, if HNS is not enabled then it will return a 400 response status that says it is an invalid URI. The upn
query parameter is only valid for HNS account types.
private boolean isHierarchicalNamespaceEnabled(String accountName)
throws IOException
{
URL url = UrlBuilder.parse("https://%s.dfs.core.windows.net/".formatted(accountName))
.addQueryParameter("action", "getStatus")
.addQueryParameter("upn", "true")
.toUrl();
HttpRequest request = new HttpRequest(HttpMethod.HEAD, url);
try (HttpResponse response = httpClient.send(request).block()) {
return Optional.ofNullable(response)
.map(HttpResponse::getStatusCode)
.map(statusCode -> !Objects.equals(statusCode, 400))
.orElseThrow();
}
}
Yet, another (maybe more elegant way)
ClientSecretCredential credential = new ClientSecretCredentialBuilder()
.authorityHost(authorityHost)
.tenantId(tenantId)
.clientId(clientId)
.clientSecret(secret)
.build();
DataLakeDirectoryClient dataLakeDirectoryClient = client.getFileSystemClient(azureLocation.container().orElseThrow()).getDirectoryClient("/");
boolean isHnsEnabled = dataLakeDirectoryClient.exists();
I'd like somebody from MSFT to confirm whether this solution should be correct in the long run.
@alzimmermsft @seanmcc-msft Just want to check in here, can either of you confirm if any of the suggested solutions above will be correct in the long run?
I would also like to know if you plan to add support for OAuth based access token authentication to the "Get Account Information" endpoint?
Hi @findinpath, since you haven’t asked that we /unresolve
the issue, we’ll close this out. If you believe further discussion is needed, please add a comment /unresolve
to reopen the issue.
/unresolve
It'd still be helpful to answer https://github.com/Azure/azure-sdk-for-java/issues/38912#issuecomment-1972481900
Hi $hashhar, only the original author of the issue can ask that it be unresolved. Please open a new issue with your scenario and details if you would like to discuss this topic with the team.
/unresolve
Is your feature request related to a problem? Please describe. This is a revival attempt of the reported issue https://github.com/Azure/azure-sdk-for-java/issues/26733
Describe the solution you'd like I'm looking for a way to identify whether the storage account to which the container belongs has hierarchical namespace enabled.
I know about the limitations exposed by @rickle-msft here https://github.com/Azure/azure-sdk-for-java/issues/26733#issuecomment-1026046740
It would be extremely helpful to know whether we can use on a hierarchical container
DataLakeFileSystemClient
/ Data Lake Storage Gen2 techniques or rather orBlobContainerClient
/ ABFS on a flat container for listing / deleting its directories and files.Information Checklist Kindly make sure that you have added all the following information above and checkoff the required fields otherwise we will treat the issuer as an incomplete report