search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.48k stars 4.81k forks source link

[FEATURE REQ] Get user delegation SAS with a BlobBaseClient without providing user delegation key #46221

Open yifanz7 opened 1 month ago

yifanz7 commented 1 month ago

Library name

Azure.Storage.Blobs

Feature Description

Get a user delegation SAS for a BlobBaseClient (OAuth credentials) without providing a delegation key.

Why the current SDK is not sufficient

We noticed this recently merged PR https://github.com/Azure/azure-sdk-for-net/pull/45646 that .NET SDK now supports GenerateUserDelegationSasUri() for BlobBaseClient. However, this method requires inputting a delegation key, which can only be created on the service client level, not just by the blob client itself. With only a BlobBaseClient, we're not able to get a delegation key. Therefore, this newly added method is not sufficient

Why we need this feature

This is blocking PowerShell cmdlets migrating from v11 SDK to v12 SDK that we are working on recently.

The cmdlet being blocked is Start-AzStorageFileCopy (and start-azstorageblobcopy ). The scenario is copying from a source blob with oauth credential. In this case, customer can input a blob object with Oauth Authentication, and PSH will generate a blob SAS URL as copy source.

Currently we have to leave v11 SDK blob object in the cmdlet Start-AzStorageFileCopy as a workaround. In order to finish the migration, we will need this feature supported by .net SDK and then can remove the references of v11 SDK completely.

When we need the feature

We would like the feature to be released by Feb 2025.

This feature is needed in order to completely remove the reference to v11 SDK, and removing the v11 SDK reference will be a breaking change. For PSH modules, breaking changes are only allowed in major releases, and the next major release will be around May 2025 for Build. As breaking change warnings should be announced 2 releases prior to the major release, we should be ready for the breaking change by Feb 2025.

Potential solutions

There could be two options:

  1. BlobBaseClient has API to generate a user delegation SAS without providing user delegation key
  2. SDK support get the Blob service client from a BlobBaseClient (Get parent container Client from BlobBlobBaseClient, and get blob service client from container client ), and then we can get a user delegation key which can be used to generate a user delegation SAS
github-actions[bot] commented 1 month ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.