azure impl and fix aws

arthurpassos · arthurpassos · commit 8e78b28943cb · 2025-05-05T13:52:11.000-03:00
diff --git a/src/Backups/registerBackupEngineAzureBlobStorage.cpp b/src/Backups/registerBackupEngineAzureBlobStorage.cpp
@@ -96,7 +96,7 @@ void registerBackupEngineAzureBlobStorage(BackupFactory & factory)
                 auto account_name = args[3].safeGet<String>();
                 auto account_key = args[4].safeGet<String>();
 
-                connection_params.auth_method = std::make_shared<Azure::Storage::StorageSharedKeyCredential>(account_name, account_key);
+                connection_params.auth_method = std::make_shared<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>(account_name, account_key);
                 connection_params.client_options = AzureBlobStorage::getClientOptions(*request_settings, /*for_disk=*/ true);
             }
             else
diff --git a/src/Disks/ObjectStorages/AzureBlobStorage/AzureBlobStorageCommon.cpp b/src/Disks/ObjectStorages/AzureBlobStorage/AzureBlobStorageCommon.cpp
@@ -146,6 +146,8 @@ std::unique_ptr<ServiceClient> ConnectionParams::createForService() const
     {
         if constexpr (std::is_same_v<T, ConnectionString>)
             return std::make_unique<ServiceClient>(ServiceClient::CreateFromConnectionString(auth.toUnderType(), client_options));
+        else if constexpr (std::is_same_v<T, std::shared_ptr<StorageSharedKeyCredentialWithAccessToSecret>>)
+            return std::make_unique<ServiceClient>(endpoint.getServiceEndpoint(), auth->impl, client_options);
         else
             return std::make_unique<ServiceClient>(endpoint.getServiceEndpoint(), auth, client_options);
     }, auth_method);
@@ -166,6 +168,11 @@ std::unique_ptr<ContainerClient> ConnectionParams::createForContainer() const
             auto raw_client = RawContainerClient::CreateFromConnectionString(auth.toUnderType(), endpoint.container_name, client_options);
             return std::make_unique<ContainerClient>(std::move(raw_client), endpoint.prefix);
         }
+        else if constexpr (std::is_same_v<T, std::shared_ptr<StorageSharedKeyCredentialWithAccessToSecret>>)
+        {
+            RawContainerClient raw_client{endpoint.getContainerEndpoint(), auth->impl, client_options};
+            return std::make_unique<ContainerClient>(std::move(raw_client), endpoint.prefix);
+        }
         else
         {
             RawContainerClient raw_client{endpoint.getContainerEndpoint(), auth, client_options};
@@ -369,7 +376,7 @@ AuthMethod getAuthMethod(const Poco::Util::AbstractConfiguration & config, const
 {
     if (config.has(config_prefix + ".account_key") && config.has(config_prefix + ".account_name"))
     {
-        return std::make_shared<Azure::Storage::StorageSharedKeyCredential>(
+        return std::make_shared<StorageSharedKeyCredentialWithAccessToSecret>(
             config.getString(config_prefix + ".account_name"),
             config.getString(config_prefix + ".account_key")
         );
diff --git a/src/Disks/ObjectStorages/AzureBlobStorage/AzureBlobStorageCommon.h b/src/Disks/ObjectStorages/AzureBlobStorage/AzureBlobStorageCommon.h
@@ -126,9 +126,25 @@ using ServiceClient = Azure::Storage::Blobs::BlobServiceClient;
 using BlobClientOptions = Azure::Storage::Blobs::BlobClientOptions;
 using ConnectionString = StrongTypedef<String, struct ConnectionStringTag>;
 
+/*
+ * In order to implement `AzureObjectStorage::getIdentityFingerprint()` for `StorageSharedKeyCredential`, we need to
+ * access `account_key`. The problem is that `Azure::Storage::StorageSharedKeyCredential::AccessKey` is private and the
+ * class is final inside `Azure SDK`.
+ */
+struct StorageSharedKeyCredentialWithAccessToSecret
+{
+    StorageSharedKeyCredentialWithAccessToSecret(const String & account_name_, const String & account_key_)
+        : account_name(account_name_), account_key(account_key_), impl(std::make_shared<Azure::Storage::StorageSharedKeyCredential>(account_name, account_key))
+    {}
+
+    const std::string account_name;
+    const std::string account_key;
+    std::shared_ptr<Azure::Storage::StorageSharedKeyCredential> impl;
+};
+
 using AuthMethod = std::variant<
     ConnectionString,
-    std::shared_ptr<Azure::Storage::StorageSharedKeyCredential>,
+    std::shared_ptr<StorageSharedKeyCredentialWithAccessToSecret>,
     std::shared_ptr<Azure::Identity::WorkloadIdentityCredential>,
     std::shared_ptr<Azure::Identity::ManagedIdentityCredential>>;
 
diff --git a/src/Disks/ObjectStorages/AzureBlobStorage/AzureObjectStorage.cpp b/src/Disks/ObjectStorages/AzureBlobStorage/AzureObjectStorage.cpp
@@ -156,30 +156,29 @@ ObjectStorageIteratorPtr AzureObjectStorage::iterate(const std::string & path_pr
     return std::make_shared<AzureIteratorAsync>(path_prefix, client_ptr, max_keys ? max_keys : settings_ptr->list_object_keys_size);
 }
 
+/*
+ * Only `ConnectionString` and `StorageSharedKeyCredential` auth methods are supported for now.
+ */
 std::optional<std::string> AzureObjectStorage::getIdentityFingerprint() const
 {
     std::optional<std::string> fingerprint;
 
-    std::visit([&fingerprint](const auto & auth) {
+    std::visit([&fingerprint](const auto & auth)
+    {
         using T = std::decay_t<decltype(auth)>;
 
         if constexpr (std::is_same_v<T, AzureBlobStorage::ConnectionString>)
         {
             auto connection_string_parts = Azure::Storage::_internal::ParseConnectionString(auth);
-            fingerprint = std::to_string(std::hash<std::string>()(connection_string_parts.AccountName));
+            fingerprint = connection_string_parts.AccountName + connection_string_parts.AccountKey;
         }
-        else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Storage::StorageSharedKeyCredential>>)
+        else if constexpr (std::is_same_v<T, std::shared_ptr<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>>)
         {
             if (auth)
             {
-                fingerprint = std::to_string(std::hash<std::string>()(auth->AccountName));
+                fingerprint = auth->account_name + auth->account_key;
             }
         }
-        /// I am not sure what to do with the other auth methods, needs further investigation
-        // else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Identity::WorkloadIdentityCredential>>) {
-        // }
-        // else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Identity::ManagedIdentityCredential>>) {
-        // }
     }, auth_method);
 
     if (!fingerprint)
diff --git a/src/Disks/ObjectStorages/S3/S3ObjectStorage.cpp b/src/Disks/ObjectStorages/S3/S3ObjectStorage.cpp
@@ -168,7 +168,7 @@ std::optional<std::string> S3ObjectStorage::getIdentityFingerprint() const
 {
     const auto credentials = client.get()->getCredentials();
 
-    return getName() + credentials.GetAWSAccessKeyId();
+    return getName() + credentials.GetAWSAccessKeyId() + credentials.GetAWSSecretKey();
 }
 
 std::unique_ptr<ReadBufferFromFileBase> S3ObjectStorage::readObject( /// NOLINT
diff --git a/src/Storages/ObjectStorage/Azure/Configuration.cpp b/src/Storages/ObjectStorage/Azure/Configuration.cpp
@@ -117,7 +117,7 @@ static AzureBlobStorage::ConnectionParams getConnectionParams(
     {
         connection_params.endpoint.storage_account_url = connection_url;
         connection_params.endpoint.container_name = container_name;
-        connection_params.auth_method = std::make_shared<Azure::Storage::StorageSharedKeyCredential>(*account_name, *account_key);
+        connection_params.auth_method = std::make_shared<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>(*account_name, *account_key);
         connection_params.client_options = AzureBlobStorage::getClientOptions(*request_settings, /*for_disk=*/ false);
     }
     else

Original file line number	Diff line number	Diff line change
`@@ -96,7 +96,7 @@ void registerBackupEngineAzureBlobStorage(BackupFactory & factory)`
`96`	`96`	`auto account_name = args[3].safeGet<String>();`
`97`	`97`	`auto account_key = args[4].safeGet<String>();`
`98`	`98`
`99`		`- connection_params.auth_method = std::make_shared<Azure::Storage::StorageSharedKeyCredential>(account_name, account_key);`
	`99`	`+ connection_params.auth_method = std::make_shared<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>(account_name, account_key);`
`100`	`100`	`connection_params.client_options = AzureBlobStorage::getClientOptions(request_settings, /for_disk=*/ true);`
`101`	`101`	`}`
`102`	`102`	`else`
Original file line number	Diff line number	Diff line change
`@@ -146,6 +146,8 @@ std::unique_ptr<ServiceClient> ConnectionParams::createForService() const`
`146`	`146`	`{`
`147`	`147`	`if constexpr (std::is_same_v<T, ConnectionString>)`
`148`	`148`	`return std::make_unique<ServiceClient>(ServiceClient::CreateFromConnectionString(auth.toUnderType(), client_options));`
	`149`	`+ else if constexpr (std::is_same_v<T, std::shared_ptr<StorageSharedKeyCredentialWithAccessToSecret>>)`
	`150`	`+ return std::make_unique<ServiceClient>(endpoint.getServiceEndpoint(), auth->impl, client_options);`
`149`	`151`	`else`
`150`	`152`	`return std::make_unique<ServiceClient>(endpoint.getServiceEndpoint(), auth, client_options);`
`151`	`153`	`}, auth_method);`
`@@ -166,6 +168,11 @@ std::unique_ptr<ContainerClient> ConnectionParams::createForContainer() const`
`166`	`168`	`auto raw_client = RawContainerClient::CreateFromConnectionString(auth.toUnderType(), endpoint.container_name, client_options);`
`167`	`169`	`return std::make_unique<ContainerClient>(std::move(raw_client), endpoint.prefix);`
`168`	`170`	`}`
	`171`	`+ else if constexpr (std::is_same_v<T, std::shared_ptr<StorageSharedKeyCredentialWithAccessToSecret>>)`
	`172`	`+ {`
	`173`	`+ RawContainerClient raw_client{endpoint.getContainerEndpoint(), auth->impl, client_options};`
	`174`	`+ return std::make_unique<ContainerClient>(std::move(raw_client), endpoint.prefix);`
	`175`	`+ }`
`169`	`176`	`else`
`170`	`177`	`{`
`171`	`178`	`RawContainerClient raw_client{endpoint.getContainerEndpoint(), auth, client_options};`
`@@ -369,7 +376,7 @@ AuthMethod getAuthMethod(const Poco::Util::AbstractConfiguration & config, const`
`369`	`376`	`{`
`370`	`377`	`if (config.has(config_prefix + ".account_key") && config.has(config_prefix + ".account_name"))`
`371`	`378`	`{`
`372`		`- return std::make_shared<Azure::Storage::StorageSharedKeyCredential>(`
	`379`	`+ return std::make_shared<StorageSharedKeyCredentialWithAccessToSecret>(`
`373`	`380`	`config.getString(config_prefix + ".account_name"),`
`374`	`381`	`config.getString(config_prefix + ".account_key")`
`375`	`382`	`);`
Original file line number	Diff line number	Diff line change
`@@ -156,30 +156,29 @@ ObjectStorageIteratorPtr AzureObjectStorage::iterate(const std::string & path_pr`
`156`	`156`	`return std::make_shared<AzureIteratorAsync>(path_prefix, client_ptr, max_keys ? max_keys : settings_ptr->list_object_keys_size);`
`157`	`157`	`}`
`158`	`158`
	`159`	`+/*`
	`160`	+ * Only `ConnectionString` and `StorageSharedKeyCredential` auth methods are supported for now.
	`161`	`+ */`
`159`	`162`	`std::optional<std::string> AzureObjectStorage::getIdentityFingerprint() const`
`160`	`163`	`{`
`161`	`164`	`std::optional<std::string> fingerprint;`
`162`	`165`
`163`		`- std::visit([&fingerprint](const auto & auth) {`
	`166`	`+ std::visit([&fingerprint](const auto & auth)`
	`167`	`+ {`
`164`	`168`	`using T = std::decay_t<decltype(auth)>;`
`165`	`169`
`166`	`170`	`if constexpr (std::is_same_v<T, AzureBlobStorage::ConnectionString>)`
`167`	`171`	`{`
`168`	`172`	`auto connection_string_parts = Azure::Storage::_internal::ParseConnectionString(auth);`
`169`		`- fingerprint = std::to_string(std::hash<std::string>()(connection_string_parts.AccountName));`
	`173`	`+ fingerprint = connection_string_parts.AccountName + connection_string_parts.AccountKey;`
`170`	`174`	`}`
`171`		`- else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Storage::StorageSharedKeyCredential>>)`
	`175`	`+ else if constexpr (std::is_same_v<T, std::shared_ptr<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>>)`
`172`	`176`	`{`
`173`	`177`	`if (auth)`
`174`	`178`	`{`
`175`		`- fingerprint = std::to_string(std::hash<std::string>()(auth->AccountName));`
	`179`	`+ fingerprint = auth->account_name + auth->account_key;`
`176`	`180`	`}`
`177`	`181`	`}`
`178`		`- /// I am not sure what to do with the other auth methods, needs further investigation`
`179`		`- // else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Identity::WorkloadIdentityCredential>>) {`
`180`		`- // }`
`181`		`- // else if constexpr (std::is_same_v<T, std::shared_ptr<Azure::Identity::ManagedIdentityCredential>>) {`
`182`		`- // }`
`183`	`182`	`}, auth_method);`
`184`	`183`
`185`	`184`	`if (!fingerprint)`
Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ std::optional<std::string> S3ObjectStorage::getIdentityFingerprint() const`
`168`	`168`	`{`
`169`	`169`	`const auto credentials = client.get()->getCredentials();`
`170`	`170`
`171`		`- return getName() + credentials.GetAWSAccessKeyId();`
	`171`	`+ return getName() + credentials.GetAWSAccessKeyId() + credentials.GetAWSSecretKey();`
`172`	`172`	`}`
`173`	`173`
`174`	`174`	`std::unique_ptr<ReadBufferFromFileBase> S3ObjectStorage::readObject( /// NOLINT`
Original file line number	Diff line number	Diff line change
`@@ -117,7 +117,7 @@ static AzureBlobStorage::ConnectionParams getConnectionParams(`
`117`	`117`	`{`
`118`	`118`	`connection_params.endpoint.storage_account_url = connection_url;`
`119`	`119`	`connection_params.endpoint.container_name = container_name;`
`120`		`- connection_params.auth_method = std::make_shared<Azure::Storage::StorageSharedKeyCredential>(account_name, account_key);`
	`120`	`+ connection_params.auth_method = std::make_shared<AzureBlobStorage::StorageSharedKeyCredentialWithAccessToSecret>(account_name, account_key);`
`121`	`121`	`connection_params.client_options = AzureBlobStorage::getClientOptions(request_settings, /for_disk=*/ false);`
`122`	`122`	`}`
`123`	`123`	`else`