search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.25k stars 4.58k forks source link

[BUG] Azure.Storage.Files.DataLake.DataLakeFileClient Run Method Uses Alternate Endpoint #20690

Closed waggonerh closed 5 months ago

waggonerh commented 3 years ago

Describe the bug DataLakeFileClient run method uses igpdcentralusdatalake.blob.core.windows.net endpoint where other methods (Append, Create, etc) use igpdcentralusdatalake.dfs.core.windows.net endpoint.

This difference caused the download feature of our web app to fail when deployed to an app service with vnet injection connecting to a ADLS Gen2 storage with a private endpoint for dfs.

To workaround this issue, we configured a second private endpoint for the blob endpoint. However this solutions isn't ideal. It isn't immediately obvious when most other storage features work. It also forces two private endpoints when one should suffice.

Expected behavior Reading/Writing files to ADLS Gen2 storage account using a private endpoint should work with a single endpoint.

Actual behavior (include Exception or Stack Trace)

Azure.RequestFailedException: This request is not authorized to perform this operation.
RequestId:d2e8b19a-601e-0013-60c3-3a73e6000000
Time:2021-04-26T17:44:20.9582696Z
Status: 403 (This request is not authorized to perform this operation.)
ErrorCode: AuthorizationFailure

Headers:
Server: Microsoft-HTTPAPI/2.0
x-ms-request-id: d2e8b19a-601e-0013-60c3-3a73e6000000
x-ms-client-request-id: 1a01dd6a-92d5-4186-9b6e-233cf0dc93fc
x-ms-error-code: AuthorizationFailure
Date: Mon, 26 Apr 2021 17:44:20 GMT
Content-Length: 246
Content-Type: application/xml

   at Azure.Storage.Blobs.BlobRestClient.Blob.DownloadAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response)
   at Azure.Storage.Blobs.BlobRestClient.Blob.DownloadAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, String version, String snapshot, String versionId, Nullable`1 timeout, String range, String leaseId, Nullable`1 rangeGetContentHash, Nullable`1 rangeGetContentCRC64, String encryptionKey, String encryptionKeySha256, Nullable`1 encryptionAlgorithm, Nullable`1 ifModifiedSince, Nullable`1 ifUnmodifiedSince, Nullable`1 ifMatch, Nullable`1 ifNoneMatch, String ifTags, String requestId, Boolean async, String operationName, CancellationToken cancellationToken)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient.StartDownloadAsync(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, Int64 startOffset, Boolean async, CancellationToken cancellationToken)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient.DownloadInternal(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, Boolean async, CancellationToken cancellationToken)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, CancellationToken cancellationToken)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download(CancellationToken cancellationToken)
   at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download()
   at Azure.Storage.Files.DataLake.DataLakeFileClient.Read()

To Reproduce Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue)

  1. Create an App Service with vnet injection configured
  2. Create an ADLS Gen2 Storage account with a dfs private endpoint
  3. Deploy a web app that writes and reads a file
  4. All things network configured correctly, writes will work and reads will fail.

Environment:

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @sumantmehtams.

Issue Details
**Describe the bug** DataLakeFileClient run method uses `igpdcentralusdatalake.blob.core.windows.net` endpoint where other methods (Append, Create, etc) use `igpdcentralusdatalake.dfs.core.windows.net` endpoint. This difference caused the download feature of our web app to fail when deployed to an app service with vnet injection connecting to a ADLS Gen2 storage with a private endpoint for dfs. To workaround this issue, we configured a second private endpoint for the blob endpoint. However this solutions isn't ideal. It isn't immediately obvious when most other storage features work. It also forces two private endpoints when one should suffice. **Expected behavior** Reading/Writing files to ADLS Gen2 storage account using a private endpoint should work with a single endpoint. **Actual behavior (include Exception or Stack Trace)** ``` Azure.RequestFailedException: This request is not authorized to perform this operation. RequestId:d2e8b19a-601e-0013-60c3-3a73e6000000 Time:2021-04-26T17:44:20.9582696Z Status: 403 (This request is not authorized to perform this operation.) ErrorCode: AuthorizationFailure Headers: Server: Microsoft-HTTPAPI/2.0 x-ms-request-id: d2e8b19a-601e-0013-60c3-3a73e6000000 x-ms-client-request-id: 1a01dd6a-92d5-4186-9b6e-233cf0dc93fc x-ms-error-code: AuthorizationFailure Date: Mon, 26 Apr 2021 17:44:20 GMT Content-Length: 246 Content-Type: application/xml at Azure.Storage.Blobs.BlobRestClient.Blob.DownloadAsync_CreateResponse(ClientDiagnostics clientDiagnostics, Response response) at Azure.Storage.Blobs.BlobRestClient.Blob.DownloadAsync(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, Uri resourceUri, String version, String snapshot, String versionId, Nullable`1 timeout, String range, String leaseId, Nullable`1 rangeGetContentHash, Nullable`1 rangeGetContentCRC64, String encryptionKey, String encryptionKeySha256, Nullable`1 encryptionAlgorithm, Nullable`1 ifModifiedSince, Nullable`1 ifUnmodifiedSince, Nullable`1 ifMatch, Nullable`1 ifNoneMatch, String ifTags, String requestId, Boolean async, String operationName, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlobBaseClient.StartDownloadAsync(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, Int64 startOffset, Boolean async, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlobBaseClient.DownloadInternal(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, Boolean async, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download(HttpRange range, BlobRequestConditions conditions, Boolean rangeGetContentHash, CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download(CancellationToken cancellationToken) at Azure.Storage.Blobs.Specialized.BlobBaseClient.Download() at Azure.Storage.Files.DataLake.DataLakeFileClient.Read() ``` **To Reproduce** Steps to reproduce the behavior (include a code snippet, screenshot, or any additional information that might help us reproduce the issue) 1. Create an App Service with vnet injection configured 2. Create an ADLS Gen2 Storage account with a dfs private endpoint 3. Deploy a web app that writes and reads a file 4. All things network configured correctly, writes will work and reads will fail. **Environment:** - Name and version of the Library package used: Azure.Storage.Files.DataLake v12.6.1 - Hosting platform or OS and .NET runtime version: Azure App Service Linux with .Net Core 5.0
Author: waggonerh
Assignees: -
Labels: `Client`, `Data Lake Storage Gen2`, `Service Attention`, `customer-reported`, `needs-team-attention`, `needs-triage`, `question`
Milestone: -
aslatter commented 1 year ago

Will this issue prevent using this SDK for access to Mircrosoft Fabric OneLake?

https://learn.microsoft.com/en-us/fabric/onelake/onelake-access-api

aslatter commented 11 months ago

FYI that this issue is not limited to "Run" - various operations in this ADLS SDK will talk to the blob-endpoints unexpectedly.

github-actions[bot] commented 6 months ago

Hi @waggonerh, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.

github-actions[bot] commented 5 months ago

Hi @waggonerh, we deeply appreciate your input into this project. Regrettably, this issue has remained inactive for over 2 years, leading us to the decision to close it. We've implemented this policy to maintain the relevance of our issue queue and facilitate easier navigation for new contributors. If you still believe this topic requires attention, please feel free to create a new issue, referencing this one. Thank you for your understanding and ongoing support.