search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.23k stars 4.58k forks source link

[BUG] BlobClient.StartCopyFromUriAsync doesn't apply the encryption scope configured on the BlobClient to the destination blob #41923

Open david-may-shift opened 6 months ago

david-may-shift commented 6 months ago

Library name and version

Azure.Storage.Blobs 12.19.1

Describe the bug

We have 2 storage accounts and use BlobClient.StartCopyFromUriAsync within an AzureFunction to copy a blob from one to the other. We instantiate the blobClient and apply an encryption scope using WithEncryptionScope call

However, when the copy completes, the destination blob does not have the encryption scope applied.###

Expected behavior

The destination blob should have the encryption scope that was configured on the blobClient (using WithEncryptionScope call)

Actual behavior

The destination blob does not have an encryption scope applied

Reproduction Steps

  1. Create 2 storage accounts (storage1 and storage2)
  2. Create 2 encryption scopes (encryptionScope1 and encryptionScope2)
  3. Upload blob1 to storage1, applying encryptionScope1.
  4. Instantiate a BlobClient on storage2 and configure with encryptionScope2 (using WithEncryptionScope call)
  5. Copy blob1 from storage1 to storage2 using StartCopyFromUriAsync and WaitForCompletionAsync
  6. blob1 is successfully copied to storage2 but encryptionScope2 has not been applied

Environment

Azure Function App configured with: OS: Linux ServicePlan: B1 RuntimeVersion: 4.28.4.4 FUNCTIONS_EXTENSION_VERSION: ~4 FUNCTIONS_WORKER_RUNTIME: dotnet-isolated

github-actions[bot] commented 6 months ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

CallMeCJ commented 1 month ago

@jsquire Is there any update for this bug triage? Waiting for this bug fix.

jsquire commented 1 month ago

@CallMeCJ: My involvement was only to triage to the owners of the package. I have no insight into the current state. We would need updates from the Storage team.

//cc: @amnguye, @seanmcc-msft

amnguye commented 1 month ago

The encryption scope request header is not supported on the Copy Blob Service Side Sync REST API call. See https://learn.microsoft.com/en-us/rest/api/storageservices/copy-blob?tabs=microsoft-entra-id#request-headers

If you want to copy a blob with an encryption scope, use BlobBaseClient.SyncCopyFromUri or BlockBlobClient.SyncUplaodFromUri, where the header is supported.