1

Here is a working Python code. 

from azure.storage.blob import BlockBlobService
accountName, key='stagingData', 'vZfqyMyHT3A=='
blobService=BlockBlobService(account_name=accountName, account_key=key)

It seems the blobService client object is created even if I pass wrong account credentials. It is not authorised, and the error shows up only later when I try to access some data, possibly from some other file or even when different users try to use it. Is there a way to assert right on the spot whether correct credentials were supplied and halt the execution if not? For reference, I tried dir(blobService) and that displayed 121 methods and attributes. The ones that seemed sensible from the name, show similar results whether the account is actually authenticated or not.

Almost every other API call which uses some access token lets you know right on the spot if the token is not valid, by raising some exception. So I hope there is a way to check it for the BlockBlobService class as well.

Della
  • 1,264
  • 2
  • 15
  • 32
  • For reference, I think having a validate() method on BlockBlobService is a good idea. I created a ticket for this: https://github.com/Azure/azure-storage-python/issues/564 – Tobias Mar 26 '19 at 21:05

1 Answers1

1

As you mentioned that blobService client object doesn't verify the account credentials.For more information, we could get the python source code from github.

The following code is the snippet from the source code. There is no request to Azure storage server side. So it does verify the account credentials.

def create_block_blob_service(self):
        '''
        Creates a BlockBlobService object with the settings specified in the 
        CloudStorageAccount.
        :return: A service object.
        :rtype: :class:`~azure.storage.blob.blockblobservice.BlockBlobService`
        '''
        try:
            from azure.storage.blob.blockblobservice import BlockBlobService
            return BlockBlobService(self.account_name, self.account_key,
                                    sas_token=self.sas_token,
                                    is_emulated=self.is_emulated,
                                    endpoint_suffix=self.endpoint_suffix)
        except ImportError:
            raise Exception('The package azure-storage-blob is required. '
                            + 'Please install it using "pip install azure-storage-blob"')

If we want to verify the account credentials. We need to send the request to the Azure storage server and check the response. If you stick on doing that, I recommand that you could write a test method to implement it by yourself.

Tom Sun - MSFT
  • 24,161
  • 3
  • 30
  • 47
  • Thanks. Of course, the methods and attributes offered by the BlockBlobService object are wrappers around the api call. But I was not sure when exactly the api call takes place and the object is, 'authenticated'. I found a small way around by using the list_containers() method (which fails if the credentials are wrong), but was hoping for something more direct to validate the credentials. Guess I have to dig one level deeper and look into the rest API calls. Is it better (performance, maintainability etc.) to work directly with the API calls rather than the client object offered by the library? – Della Nov 13 '18 at 04:07
  • Yes, we could send a request to storage server to check the credentials such as you mentioned list_containers method. Based on my experience, it seem that there is no directly way currently. – Tom Sun - MSFT Nov 13 '18 at 05:16