-
Notifications
You must be signed in to change notification settings - Fork 551
Description
This is related to this fixed issue. Since GDAL 3.7.2 the vsiaz driver has supported authentication using Azure Active Directory Workload Identity (using AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE and AZURE_AUTHORITY_HOST environment variables). This support doesn't appear to exist in AzureSession, so az:// prefixed urls are not accessible via this method.
I have a draft fix here.
Expected behavior and actual behavior.
If I have AZURE_STORAGE_ACCOUNT, AZURE_TENANT_ID, AZURE_CLIENT_ID, AZURE_FEDERATED_TOKEN_FILE & AZURE_AUTHORITY_HOST set, I should be able to access private files in blob storage with an az:// prefix, using e.g.
> rio info az://container/file.tif
This will result in access errors for private objects.
However,
> rio info /vsiaz/container/file.tif
produces output as expected.
Steps to reproduce the problem.
It is difficult to provide a reproducible script without providing the vars / path in question, but I
am open to suggestions.
Environment Information
rio --show-versions output
rasterio info:
rasterio: 1.4.3
GDAL: 3.9.3
PROJ: 9.4.1
GEOS: 3.11.1
PROJ DATA: /opt/bitnami/python/lib/python3.12/site-packages/rasterio/proj_data
GDAL DATA: /opt/bitnami/python/lib/python3.12/site-packages/rasterio/gdal_data
System:
python: 3.12.8 (main, Dec 4 2024, 00:26:17) [GCC 12.2.0]
executable: /opt/bitnami/python/bin/python
machine: Linux-5.15.0-1096-azure-x86_64-with-glibc2.36
Python deps:
affine: 2.4.0
attrs: 25.1.0
certifi: 2025.01.31
click: 8.1.8
cligj: 0.7.2
cython: None
numpy: 2.2.3
click-plugins: None
setuptools: 70.3.0
Installation Method
Using titiler-pgstac docker image at ghcr.io/stac-utils/titiler-pgstac, tag 1.7.1