components-contrib/internal/component/azure/blobstorage/client.go

/*
Copyright 2021 The Dapr Authors
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/

package blobstorage

import (
	"context"
	"errors"
	"fmt"
	"net/url"
	"time"

	"github.com/Azure/azure-sdk-for-go/sdk/azcore"
	"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob"
	"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"

	azauth "github.com/dapr/components-contrib/internal/authentication/azure"
	mdutils "github.com/dapr/components-contrib/metadata"
	"github.com/dapr/kit/logger"
)

const (
	// Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value
	// of zero means that no additional HTTP requests will be made.
	defaultBlobRetryCount = 3
)

// CreateContainerStorageClient returns a container.Client and the parsed metadata from the metadata dictionary.
func CreateContainerStorageClient(parentCtx context.Context, log logger.Logger, meta map[string]string) (*container.Client, *BlobStorageMetadata, error) {
	// Parse the metadata and set the properties in the object
	m, err := parseMetadata(meta)
	if err != nil {
		return nil, nil, err
	}

	azEnvSettings, err := azauth.NewEnvironmentSettings("storage", meta)
	if err != nil {
		return nil, nil, err
	}

	if val, _ := mdutils.GetMetadataProperty(meta, azauth.StorageEndpointKeys...); val != "" {
		m.customEndpoint = val
	}

	// Get the container client
	client, err := m.InitContainerClient(azEnvSettings)
	if err != nil {
		return nil, nil, err
	}

	// Create the container if it doesn't already exist
	var accessLevel *azblob.PublicAccessType
	if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" {
		accessLevel = &m.PublicAccessLevel
	}
	ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second)
	defer cancel()
	err = m.EnsureContainer(ctx, client, accessLevel)
	if err != nil {
		return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err)
	}

	return client, m, nil
}

// GetContainerURL returns the URL of the container, needed by some auth methods.
func (opts ContainerClientOpts) GetContainerURL(azEnvSettings azauth.EnvironmentSettings) (u *url.URL, err error) {
	if opts.customEndpoint != "" {
		u, err = url.Parse(fmt.Sprintf("%s/%s/%s", opts.customEndpoint, opts.AccountName, opts.ContainerName))
		if err != nil {
			return nil, fmt.Errorf("failed to get container's URL with custom endpoint")
		}
	} else {
		u, _ = url.Parse(fmt.Sprintf("https://%s.blob.%s/%s", opts.AccountName, azEnvSettings.AzureEnvironment.StorageEndpointSuffix, opts.ContainerName))
	}
	return u, nil
}

// InitContainerClient returns a new container.Client object from the given options.
func (opts ContainerClientOpts) InitContainerClient(azEnvSettings azauth.EnvironmentSettings) (client *container.Client, err error) {
	clientOpts := &container.ClientOptions{
		ClientOptions: azcore.ClientOptions{
			Retry: policy.RetryOptions{
				MaxRetries: opts.RetryCount,
			},
			Telemetry: policy.TelemetryOptions{
				ApplicationID: "dapr-" + logger.DaprVersion,
			},
		},
	}

	switch {
	// Use a connection string
	case opts.ConnectionString != "":
		client, err = container.NewClientFromConnectionString(opts.ConnectionString, opts.ContainerName, clientOpts)
		if err != nil {
			return nil, fmt.Errorf("cannot init blob storage container client with connection string: %w", err)
		}

	// Use a shared account key
	case opts.AccountKey != "" && opts.AccountName != "":
		var (
			credential *azblob.SharedKeyCredential
			u          *url.URL
		)
		credential, err = azblob.NewSharedKeyCredential(opts.AccountName, opts.AccountKey)
		if err != nil {
			return nil, fmt.Errorf("invalid shared key credentials with error: %w", err)
		}
		u, err = opts.GetContainerURL(azEnvSettings)
		if err != nil {
			return nil, err
		}
		client, err = container.NewClientWithSharedKeyCredential(u.String(), credential, clientOpts)
		if err != nil {
			return nil, fmt.Errorf("cannot init blob storage container client with shared key: %w", err)
		}

	// Use Azure AD as fallback
	default:
		credential, tokenErr := azEnvSettings.GetTokenCredential()
		if tokenErr != nil {
			return nil, fmt.Errorf("invalid token credentials with error: %w", tokenErr)
		}
		var u *url.URL
		u, err = opts.GetContainerURL(azEnvSettings)
		if err != nil {
			return nil, err
		}
		client, err = container.NewClient(u.String(), credential, clientOpts)
		if err != nil {
			return nil, fmt.Errorf("cannot init blob storage container client with Azure AD token: %w", err)
		}
	}

	return client, nil
}

// EnsureContainer creates the container if it doesn't already exist.
// Property "accessLevel" indicates the public access level; nil-value means the container is private
func (opts ContainerClientOpts) EnsureContainer(ctx context.Context, client *container.Client, accessLevel *azblob.PublicAccessType) error {
	// Create the container
	// This will return an error if it already exists
	_, err := client.Create(ctx, &container.CreateOptions{
		Access: accessLevel,
	})
	if err != nil {
		// Check if it's an Azure Storage error
		resErr := &azcore.ResponseError{}
		// If the container already exists, return no error
		if errors.As(err, &resErr) && (resErr.ErrorCode == "ContainerAlreadyExists" || resErr.ErrorCode == "ResourceAlreadyExists") {
			return nil
		}
		return err
	}

	return nil
}