[Supportability] Improve error message when performing uploads with a missing SAS token (#2644)

siminsavani-msft · gapra-msft · web-flow · commit db1737491366 · 2024-04-23T17:02:26.000-07:00
* initial changes for sas supportability

* addressing comments

---------

Co-authored-by: Gauri Lamunion &lt;51212198+gapra-msft@users.noreply.github.com&gt;
diff --git a/cmd/credentialUtil.go b/cmd/credentialUtil.go
@@ -345,6 +345,9 @@ func logAuthType(ct common.CredentialType, location common.Location, isSource bo
 		name = "Azure AD (Managed Disk)"
 	}
 	message := fmt.Sprintf("Authenticating to %s using %s", resource, name)
+	if ct == common.ECredentialType.Unknown() && location.IsAzure() {
+		message += ", Please authenticate using Microsoft Entra ID (https://aka.ms/AzCopy/AuthZ), use AzCopy login, or append a SAS token to your Azure URL."
+	}
 	if _, exists := authMessagesAlreadyLogged.Load(message); !exists {
 		authMessagesAlreadyLogged.Store(message, struct{}{}) // dedup because source is auth'd by both enumerator and STE
 		if jobsAdmin.JobsAdmin != nil {
diff --git a/common/fe-ste-models.go b/common/fe-ste-models.go
@@ -553,6 +553,11 @@ func (l Location) IsLocal() bool {
 	}
 }
 
+// IsAzure checks if location is Azure (BlobFS, Blob, File)
+func (l Location) IsAzure() bool {
+	return l == ELocation.BlobFS() || l == ELocation.Blob() || l == ELocation.File()
+}
+
 // IsFolderAware returns true if the location has real folders (e.g. there's such a thing as an empty folder,
 // and folders may have properties). Folders are only virtual, and so not real, in Blob Storage.
 func (l Location) IsFolderAware() bool {
@@ -931,7 +936,7 @@ func (CredentialType) MDOAuthToken() CredentialType         { return CredentialT
 func (CredentialType) Anonymous() CredentialType            { return CredentialType(2) } // For Azure, SAS or public.
 func (CredentialType) SharedKey() CredentialType            { return CredentialType(3) } // For Azure, SharedKey
 func (CredentialType) S3AccessKey() CredentialType          { return CredentialType(4) } // For S3, AccessKeyID and SecretAccessKey
-func (CredentialType) GoogleAppCredentials() CredentialType { return CredentialType(5) }
+func (CredentialType) GoogleAppCredentials() CredentialType { return CredentialType(5) } // For GCP, App Credentials
 func (CredentialType) S3PublicBucket() CredentialType       { return CredentialType(6) } // For S3, Anon Credentials & public bucket
 
 func (ct CredentialType) IsAzureOAuth() bool {
diff --git a/e2etest/zt_newe2e_basic_functionality_test.go b/e2etest/zt_newe2e_basic_functionality_test.go
@@ -2,6 +2,7 @@ package e2etest
 
 import (
 	"github.com/Azure/azure-storage-azcopy/v10/common"
+	"strings"
 	"time"
 )
 
@@ -64,3 +65,42 @@ func (s *BasicFunctionalitySuite) Scenario_SingleFileUploadDownload(svm *Scenari
 		Body: body,
 	}, true)
 }
+
+func (s *BasicFunctionalitySuite) Scenario_SingleFileUploadDownload_EmptySAS(svm *ScenarioVariationManager) {
+	azCopyVerb := ResolveVariation(svm, []AzCopyVerb{AzCopyVerbCopy, AzCopyVerbSync})
+
+	dstObj := CreateResource[ContainerResourceManager](svm, GetRootResource(svm, ResolveVariation(svm, []common.Location{common.ELocation.Local(), common.ELocation.Blob(), common.ELocation.File(), common.ELocation.BlobFS()})), ResourceDefinitionContainer{}).GetObject(svm, "test", common.EEntityType.File())
+
+	// Scale up from service to object
+	srcObj := CreateResource[ObjectResourceManager](svm, GetRootResource(svm, ResolveVariation(svm, []common.Location{common.ELocation.Local(), common.ELocation.Blob(), common.ELocation.File(), common.ELocation.BlobFS()})), ResourceDefinitionObject{})
+
+	// no local <-> local
+	if srcObj.Location().IsLocal() == dstObj.Location().IsLocal() {
+		svm.InvalidateScenario()
+		return
+	}
+
+	stdout, _ := RunAzCopy(
+		svm,
+		AzCopyCommand{
+			Verb: azCopyVerb,
+			Targets: []ResourceManager{
+				TryApplySpecificAuthType(srcObj, EExplicitCredentialType.PublicAuth(), svm, CreateAzCopyTargetOptions{}),
+				TryApplySpecificAuthType(dstObj, EExplicitCredentialType.PublicAuth(), svm, CreateAzCopyTargetOptions{}),
+			},
+			Flags: CopyFlags{
+				CopySyncCommonFlags: CopySyncCommonFlags{
+					Recursive: pointerTo(true),
+				},
+			},
+			ShouldFail: true,
+		})
+
+	for _, line := range stdout.RawStdout() {
+		if strings.Contains(line, "Please authenticate using Microsoft Entra ID (https://aka.ms/AzCopy/AuthZ), use AzCopy login, or append SAS to your Azure URL.") {
+			return
+		}
+	}
+
+	svm.Error("expected output not found in azcopy output")
+}
