search

Azure / azure-storage-python

Microsoft Azure Storage Library for Python
https://azure-storage.readthedocs.io
MIT License
338 stars 240 forks source link

expose AzureSigningError properly and make it self-explanatory #565

Open polarapfel opened 5 years ago

polarapfel commented 5 years ago

Which service(blob, file, queue) does this issue concern?

Any.

Which version of the SDK was used? Please provide the output of pip freeze.

asn1crypto==0.24.0 astroid==2.2.5 azure-common==1.1.18 azure-functions==1.0.0b3 azure-functions-worker==1.0.0b4 azure-storage-blob==1.5.0 azure-storage-common==1.4.0 azure-storage-queue==1.4.0 certifi==2019.3.9 cffi==1.12.2 chardet==3.0.4 colorama==0.4.1 cryptography==2.6.1 grpcio==1.14.2 grpcio-tools==1.14.2 idna==2.8 isort==4.3.16 lazy-object-proxy==1.3.1 mccabe==0.6.1 protobuf==3.7.0 pycparser==2.19 pylint==2.3.1 python-dateutil==2.8.0 requests==2.21.0 six==1.12.0 typed-ast==1.3.1 urllib3==1.24.1 wrapt==1.11.1

What problem was encountered?

AzureSigningError is the error class associated with connections to Azure Storage failing due to providing the wrong account credentials. Users of the SDK will come across this error being raised frequently and should thus be encouraged to catch it with try … except specifically.

AzureSigningError is not really exposed for easy use, requiring an import as such

from azure.storage.common._error import AzureSigningError

Like other errors that can occur specifically when performing API operations, it should have a more obvious import, comparable to

from azure.common import AzureConflictHttpError

Also, the error message that comes with the object is not really helpful. Providing incorrect storage account credentials results in "Incorrect Padding". There is no HTTP response code associated with the error object (like with azure.common.AzureHttpError). It would really help if error handling in the storage SDK behaves in the same way as with azure.common.

Have you found a mitigation/solution?

No. Note: for table service, please post the issue here instead: https://github.com/Azure/azure-cosmosdb-python.

zezha-msft commented 5 years ago

Hi @polarapfel, thanks for reaching out!

Could you please clarify why you think the following?

Users of the SDK will come across this error being raised frequently and should thus be encouraged to catch it with try … except specifically.

The padding error was caused because an invalid Shared Key in the wrong format was provided, and as a result signing cannot be done properly. This error would be pretty unusual (although I've seen people put foobar as the key to give the SDK a try).

How should the users catch and react to this error?

polarapfel commented 5 years ago

Hey @zezha-msft,

You can provide a wrong/invalid key in the correct format and all you will get is the same padding error.

I tried taking a valid key, swapped on character to make it invalid.

thanks,

Tobias

zezha-msft commented 5 years ago

Hi @polarapfel, padding error can only be caused by a key in the wrong format. You could try to rotate your current Account Key, then the outdated key would still work for signing, but 403s would be returned since it's no longer valid. On the client side, there's no way to know whether a key is really valid, as long as it's the right format.

deeTEEcee commented 2 years ago

does the source for from azure.storage.common._error import AzureSigningError even still exist? it looks like it got moved elsewhere