Follow-up to Azure auth validation change#111252
Conversation
Arising from a post-merge review of elastic#111242
|
Pinging @elastic/es-distributed (Team:Distributed) |
| private static class AzureBlobStoreHttpHandler extends AzureHttpHandler implements BlobStoreHttpHandler { | ||
| AzureBlobStoreHttpHandler(final String account, final String container) { | ||
| super(account, container, null /* no auth header validation */); | ||
| super(account, container, null /* no auth header validation - sometimes it's omitted in these tests (TODO why?) */); |
There was a problem hiding this comment.
As the (new) comment says, the Authorization header is sometimes missing in the calls the SDK makes, but apparently only in this specific test suite. I don't know why. I spent a little time investigating without success, but this is not on the critical path for what I'm actually working towards so I don't want to spend too long on it right now. Definitely worth digging deeper later on.
| xcb.field("predicate", authHeaderPredicate.toString()); | ||
| xcb.field("authorization", Objects.toString(getAuthHeader(exchange))); | ||
| xcb.startObject("headers"); | ||
| try (exchange; var builder = XContentBuilder.builder(XContentType.JSON.xContent())) { |
| * @param account The name of the Azure Blob Storage account against which the request should be authorized.. | ||
| * @return a predicate that matches the {@code Authorization} HTTP header that the Azure SDK sends when using shared key auth (i.e. | ||
| * using a key or SAS token). | ||
| * @see <a href="https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key">Azure docs on shared key auth</a> |
There was a problem hiding this comment.
Hope this helps clarify - the header is coming from the Azure SDK, and I'm working towards a change that should cause it to emit a different kind of auth header, so I want to add these assertions now in order to better support the upcoming change.
DiannaHohensee
left a comment
There was a problem hiding this comment.
Awesome, thanks for circling back! LGTM 👍
| * @param account The name of the Azure Blob Storage account against which the request should be authorized.. | ||
| * @return a predicate that matches the {@code Authorization} HTTP header that the Azure SDK sends when using shared key auth (i.e. | ||
| * using a key or SAS token). | ||
| * @see <a href="https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-shared-key">Azure docs on shared key auth</a> |
Arising from a post-merge review of #111242