Use of SP prohibits disabling allowSharedKeyAccess on storage accounts.

[danielscholl]

When allowSharedKeyAccess is disabled on the storage account that has the table configuration for partition the POD throws a stack trace.

Stack Trace

Error starting ApplicationContext. To display the condition evaluation report re-run your application with 'debug' enabled.                            
2024-11-09 22:31:21.501 ERROR partition-9b5d49fc7-m7wlk --- [           main] o.s.b.SpringApplication                  correlation-id= data-partition-
id= api-method= operation-name= user-id= app-id=:Application run failed 
org.springframework.beans.factory.UnsatisfiedDependencyException: 
Error creating bean with name 'partitionServiceImpl': 
Unsatisfied dependency expressed through field 'tableStore': 
Error creating bean with name 'partitionTableStore': 
Unsatisfied dependency expressed through field 'dataTableStore': 
Error creating bean with name 'dataTableStore': 
Unsatisfied dependency expressed through field 'tableClient': 
Error creating bean with name 'getTableClient' defined in class path resource 
[org/opengroup/osdu/partition/provider/azure/di/TableStorageBootstrapConfig.class]: 
Failed to instantiate [com.azure.data.tables.TableClient]: 
Factory method 'getTableClient' threw exception with message: 
Status code 403, "{"odata.error":{"code":"AuthorizationFailure","message":{"lang":"en-US","value":"This request is not authorized to perform this operation.\nRequestId:f34d5d0a-2002-0072-4af7-326b8e000000\nTime:2024-11-09T22:31:21.4188233Z"}}}" 

|    ... suppressed 20 lines
|    at org.opengroup.osdu.partition.provider.azure.PartitionApplication.main(PartitionApplication.java:28) [!/:?]
|    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
|    at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:77) ~[?:?]
|    at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
|    at java.base/java.lang.reflect.Method.invoke(Method.java:568) ~[?:?]
|    ... suppressed 3 lines
Caused by: org.springframework.beans.factory.UnsatisfiedDependencyException: 

Breakdown of the Stack Trace

1. ApplicationContext Start Error:

   • The application’s ApplicationContext could not start, likely due to a misconfigured or inaccessible dependency.

2. UnsatisfiedDependencyException:

   • Spring is unable to create a required bean (partitionServiceImpl) due to a chain of missing or improperly configured dependencies. The issue is traced back to TableClient, a service responsible for connecting to Azure Table Storage.

3. Authorization Failure (Status Code 403):

   • The critical issue here is that the getTableClient method encounters a 403 Authorization Failure. This error originates from Azure Table Storage, where the application’s identity does not have sufficient permissions to access the resource.

4. Cause of Authorization Failure:

   • The failure in the getTableClient method cascades through various dependencies:
     • tableClient ⟶ dataTableStore ⟶ partitionTableStore ⟶ partitionServiceImpl.
   • This dependency chain ultimately prevents the application from starting successfully.

5. Failure Source and Application Impact:

   • The primary error (403 Authorization Failure) is caused by missing permissions or misconfigured credentials for the Azure Table Storage access.
   • This propagates upwards, impacting the setup of multiple dependent beans and causing the entire application startup to fail.