question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

[BUG] ResourceNotFound when retrieving blob container access policy using Visual Studio credential

See original GitHub issue

Library name and version

Azure.Storage.Blobs 12.11.0

Describe the bug

When retrieving a blob container access policy using Visual Studio credential, the operation fails with Azure.RequestFailedException (ErrorCode = ResourceNotFound) even when the user configured in VS has the following roles configured in the storage account: Owner, Storage Account Contributor, Storage Blob Data Contributor.

The operation succeeds without errors if the same operation is performed by connecting using a connection string instead of TokenCredential.

Expected behavior

The operation should succeed using a connection string or a token credential (Visual Studio or other).

Actual behavior

See above.

The exception is the following:

The specified resource does not exist.
RequestId:22b082c6-001e-000c-64b6-5bc52b000000
Time:2022-04-29T10:47:45.3254629Z
Status: 404 (The specified resource does not exist.)
ErrorCode: ResourceNotFound

Content:
<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.
RequestId:22b082c6-001e-000c-64b6-5bc52b000000
Time:2022-04-29T10:47:45.3254629Z</Message></Error>

Headers:
Server: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id: 22b082c6-001e-000c-64b6-5bc52b000000
x-ms-client-request-id: f3021d93-df6b-4d1e-8bcc-a3ee859e2340
x-ms-version: 2021-04-10
x-ms-error-code: ResourceNotFound
Date: Fri, 29 Apr 2022 10:47:44 GMT
Content-Length: 223
Content-Type: application/xml

The stack trace:

   at Azure.Storage.Blobs.ContainerRestClient.<GetAccessPolicyAsync>d__20.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Azure.Storage.Blobs.BlobContainerClient.<GetAccessPolicyInternal>d__71.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Azure.Storage.Blobs.BlobContainerClient.<GetAccessPolicyAsync>d__70.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Primavera.Hydrogen.Storage.Azure.Blobs.AzureContainerReference.<>c__DisplayClass14_0.<<GetPermissionsAsync>b__0>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Primavera.Hydrogen.Azure.Client.AzureRequestExceptionsHandler`2.<HandleAsync>d__7`1.MoveNext()

Reproduction Steps

  1. Configure VS to use Azure Service Authentication.
  2. Configure access control for the storage account to add the following rules to the user logged in VS: Owner, Storage Account Contributor, Storage Blob Data Contributor.
  3. Instantiate BlobContainerClient using the service URI and ChainedTokenCredential with Visual Studio enabled.
  4. Invoke GetAccessPolicyAsync().

Environment

.NET SDK (reflecting any global.json): Version: 6.0.202 Commit: f8a55617d2

Runtime Environment: OS Name: Windows OS Version: 10.0.19042 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\6.0.202\

Host (useful for support): Version: 6.0.4 Commit: be98e88c76

.NET SDKs installed: 2.1.526 [C:\Program Files\dotnet\sdk] 5.0.300 [C:\Program Files\dotnet\sdk] 5.0.405 [C:\Program Files\dotnet\sdk] 6.0.202 [C:\Program Files\dotnet\sdk]

.NET runtimes installed: Microsoft.AspNetCore.All 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.15 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.1.26 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Issue Analytics

  • State:open
  • Created a year ago
  • Comments:6 (3 by maintainers)

github_iconTop GitHub Comments

2reactions
hugoqribeirocommented, May 5, 2022

@SaurabhSharma-MSFT, a I said above, everything works fine with connection strings.

This bug (and another similar in the Service Bus library) is preventing us from adopting managed identity and from getting rid of these connection strings (which make it very difficult to control who has access to what information about our clients). GDPR is key here.

PS: Even if reading the container access policy is not supported, at least the error code should be something meaningful and different from when the container does not exist, don’t you agree?

0reactions
msftbot[bot]commented, May 5, 2022

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

Issue Details

Library name and version

Azure.Storage.Blobs 12.11.0

Describe the bug

When retrieving a blob container access policy using Visual Studio credential, the operation fails with Azure.RequestFailedException (ErrorCode = ResourceNotFound) even when the user configured in VS has the following roles configured in the storage account: Owner, Storage Account Contributor, Storage Blob Data Contributor.

The operation succeeds without errors if the same operation is performed by connecting using a connection string instead of TokenCredential.

Expected behavior

The operation should succeed using a connection string or a token credential (Visual Studio or other).

Actual behavior

See above.

The exception is the following:

The specified resource does not exist.
RequestId:22b082c6-001e-000c-64b6-5bc52b000000
Time:2022-04-29T10:47:45.3254629Z
Status: 404 (The specified resource does not exist.)
ErrorCode: ResourceNotFound

Content:
<?xml version="1.0" encoding="utf-8"?><Error><Code>ResourceNotFound</Code><Message>The specified resource does not exist.
RequestId:22b082c6-001e-000c-64b6-5bc52b000000
Time:2022-04-29T10:47:45.3254629Z</Message></Error>

Headers:
Server: Windows-Azure-Blob/1.0,Microsoft-HTTPAPI/2.0
x-ms-request-id: 22b082c6-001e-000c-64b6-5bc52b000000
x-ms-client-request-id: f3021d93-df6b-4d1e-8bcc-a3ee859e2340
x-ms-version: 2021-04-10
x-ms-error-code: ResourceNotFound
Date: Fri, 29 Apr 2022 10:47:44 GMT
Content-Length: 223
Content-Type: application/xml

The stack trace:

   at Azure.Storage.Blobs.ContainerRestClient.<GetAccessPolicyAsync>d__20.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Azure.Storage.Blobs.BlobContainerClient.<GetAccessPolicyInternal>d__71.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Azure.Storage.Blobs.BlobContainerClient.<GetAccessPolicyAsync>d__70.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at System.Runtime.CompilerServices.ConfiguredTaskAwaitable`1.ConfiguredTaskAwaiter.GetResult()
   at Primavera.Hydrogen.Storage.Azure.Blobs.AzureContainerReference.<>c__DisplayClass14_0.<<GetPermissionsAsync>b__0>d.MoveNext()
   at System.Runtime.ExceptionServices.ExceptionDispatchInfo.Throw()
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Primavera.Hydrogen.Azure.Client.AzureRequestExceptionsHandler`2.<HandleAsync>d__7`1.MoveNext()

Reproduction Steps

  1. Configure VS to use Azure Service Authentication.
  2. Configure access control for the storage account to add the following rules to the user logged in VS: Owner, Storage Account Contributor, Storage Blob Data Contributor.
  3. Instantiate BlobContainerClient using the service URI and ChainedTokenCredential with Visual Studio enabled.
  4. Invoke GetAccessPolicyAsync().

Environment

.NET SDK (reflecting any global.json): Version: 6.0.202 Commit: f8a55617d2

Runtime Environment: OS Name: Windows OS Version: 10.0.19042 OS Platform: Windows RID: win10-x64 Base Path: C:\Program Files\dotnet\sdk\6.0.202\

Host (useful for support): Version: 6.0.4 Commit: be98e88c76

.NET SDKs installed: 2.1.526 [C:\Program Files\dotnet\sdk] 5.0.300 [C:\Program Files\dotnet\sdk] 5.0.405 [C:\Program Files\dotnet\sdk] 6.0.202 [C:\Program Files\dotnet\sdk]

.NET runtimes installed: Microsoft.AspNetCore.All 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.All 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.All] Microsoft.AspNetCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 5.0.15 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.AspNetCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App] Microsoft.NETCore.App 2.1.26 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.28 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 2.1.30 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 5.0.15 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.NETCore.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App] Microsoft.WindowsDesktop.App 3.1.22 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 3.1.24 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 5.0.14 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App] Microsoft.WindowsDesktop.App 6.0.4 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]

Author: hugoqribeiro
Assignees: SaurabhSharma-MSFT
Labels:

Storage, Service Attention, Client, customer-reported, question, needs-team-attention

Milestone: -
Read more comments on GitHub >

github_iconTop Results From Across the Web

azure - Cloud Explorer - cannot access development Blob ...
Cloud Explorer has encountered an unexpected error: Unable to retrieve child resources. It has been working fine in the past, so not sure...
Read more >
Help with ResourceNotFound error when open image link
Clients can enumerate blobs within the container by anonymous request, but cannot enumerate containers within the storage account.
Read more >
Monitor and troubleshoot Azure Storage (classic logs & ...
Introduces how to use features like storage analytics, client-side logging, and other third-party tools to identify, diagnose, ...
Read more >
Get Blob (REST API) - Azure Storage
The Get Blob operation reads or downloads a blob from the system, including its metadata and properties. You can also call Get Blob...
Read more >
Resource not found errors - Azure Resource Manager
Describes how to resolve errors when a resource can't be found. The error might occur when you deploy a Bicep file or Azure...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found