Azure/azure-storage-fuse

Error message is wrong

Closed this issue · 5 comments

andmis commented

If I pass a --container-name= for a container which does not exist, I get the following error message:

Error: failed to initialize new pipeline [failed to authenticate credentials for azstorage]

This error message is wrong / extremely confusing. The error message should tell me that the container doesn't exist instead (assuming that the auth credentials provided give full access to the storage account, which was the case for me).

These error messages are based on what response we get back from Azure backend. When you start blobfuse, we attempt to list the files in the given container. This list event will fail with the above error and mount will fail due to same. This is by design and providing correct inputs like auth details and container name are user responsibilities here.

andmis commented

Excuse me, but this is not a "user error".

  • My credentials were correct.
  • The error message told me my credentials were incorrect.

The error message is incorrect. It doesn't get much simpler than that.

Supplying a container name that does not exists on storage account is what I count as user error here.
Blobfuse does not try to validate container name is correct or not. It only validates provided credentials go through for the given container or not. As that validation failed error was about invalid credentials. If container exists but you provide a wrong storage key you will still get the same error and, in that case, how do you propose blobfuse identifies whether container name is wrong or the auth params.
Only way to validate container name is valid or not is to list all containers at the account level. This will work only with key based authentication and not with others like SAS/SPN/MSI which can be an auth at container or a directory level. To keep behavior consistent, we only check whether listing inside the container or given path works with the given auth param or not.

andmis commented

Supplying a container name that does not exists on storage account is what I count as user error here.

If I supplied a container name which does not exist, and the error message I was shown was "your hard disk is corrupted and your installation of your keyboard drivers are outdated, please update them", would you also write that off as user error?


In any case, passing in a container name which does not exist is not a user error, it is in fact an operation which a user may do intentionally and with good reason, and an operation for which the program should have defined semantics, for example showing an appropriate error message.

As I clarified in my previous comment, blobfuse does not go and check existence of the container and assume user has provided correct input. It only tries to validate the authentication because there is a lot of scope of error here for e,g. you gave a directory level SAS and tried to mount a container or role you provided does not have sufficient access to container. For these reasons we try to validate only the auth parameters and if it fails for whatever reason we fail the mount.

Blobfuse is not doing container existence check and will not do it in any near future as well. For the error message, its more dependent on what backend server returns back as error. If backend server says your hard disk is corrupt, YES blobfuse will also say your hard disk is corrupt. There are cases where backend server returns back 4xx http status code even when there was a server error and in all such cases, we also declare the failure saying its user error because as an application for us server returning 4xx is a user error.