Azure/azure-storage-fuse

Question regards to mounting public container to my local directory.

Closed this issue · 5 comments

Which version of blobfuse was used?

blobfuse2 version 2.2.0

Which OS distribution and version are you using?

Debian GNU/Linux 11 (bullseye)

If relevant, please share your mount command.

AZURE_STORAGE_ACCOUNT=azuremlexampledata blobfuse2 /az-mount-external --allow-other --no-symlinks --tmp-path ~/.sky/blobfuse2_cache --container-name data

What was the issue encountered?

I'm trying to mount a public container https://azuremlexampledata.blob.core.windows.net/data with the command above. But I get the following error:
Error: failed to initialize new pipeline [failed to get credential]
I'm assuming the approach I'm taking is wrong to mount a public container. What is the correct way to mount a public container that is not created under my subscription id? The command I use only works with containers that exists under my subscription id.

We do not allow to mount a public container. When you do not specify any auth mode, it defaults to key and as key is not provided here it fails saying its not able to get the credentials. This is more of a unsupported scenario.

There is a workaround though, just in case you want to mount it ignoring all the security risks that it poses. You can create a config file saying SAS is your auth mode and just provide " " as sas key. Something like this:

    mode: sas
    sas: " "

@vibhansa-msft Thanks for the quick response! I got two questions:

  1. What kind of secufity issue will I be facing with your work around?
  2. Is there a way to specify the mode with command options without using config files?

Public containers are not safe as anyone can access them and from backend there will be no trace on who accessed it so if something goes south there is no way to trace on who did what operations. You can specify the auth mode using env variables, refer to our README for that.

Closing this as public containers are officially not supported and for hard requirements a workaround has been suggested. Feel free to post your further queries here.