[Storage] Fix error handling for AAD error responses (#33505)

Author: jalauzon-msft

sdk/storage/azure-storage-blob/CHANGELOG.md

@@ -7,6 +7,8 @@
 ### Bugs Fixed
 - Bumped dependency of `typing-extensions` to `>=4.6.0` to avoid potential `TypeError` with `typing.TypeVar` on
 Python 3.12.
+- Fixed an issue where authentication errors could raise `AttributeError` instead of `ClientAuthenticationError` when
+using async OAuth credentials.
 
 ## 12.19.0 (2023-11-07)
 

sdk/storage/azure-storage-blob/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "python",
   "TagPrefix": "python/storage/azure-storage-blob",
-  "Tag": "python/storage/azure-storage-blob_12c8154ae2"
+  "Tag": "python/storage/azure-storage-blob_ad4923b44f"
 }

sdk/storage/azure-storage-blob/azure/storage/blob/_shared/response_handlers.py

@@ -116,7 +116,8 @@ def process_storage_error(storage_error) -> NoReturn: # type: ignore [misc] # py
             error_dict = {'message': str(error_body)}
 
         # If we extracted from a Json or XML response
-        if error_dict:
+        # There is a chance error_dict is just a string
+        if error_dict and isinstance(error_dict, dict):
             error_code = error_dict.get('code')
             error_message = error_dict.get('message')
             additional_data = {k: v for k, v in error_dict.items() if k not in {'code', 'message'}}

sdk/storage/azure-storage-blob/tests/test_common_blob.py

@@ -3335,4 +3335,26 @@ def test_storage_account_audience_blob_client(self, **kwargs):
         response = blob.exists()
         assert response is not None
 
+    @pytest.mark.live_test_only
+    @BlobPreparer()
+    def test_oauth_error_handling(self, **kwargs):
+        storage_account_name = kwargs.pop("storage_account_name")
+
+        # Arrange
+        from azure.identity import ClientSecretCredential
+
+        # Generate an invalid credential
+        creds = ClientSecretCredential(
+            self.get_settings_value("TENANT_ID"),
+            self.get_settings_value("CLIENT_ID"),
+            self.get_settings_value("CLIENT_SECRET") + 'a'
+        )
+
+        bsc = BlobServiceClient(self.account_url(storage_account_name, "blob"), credential=creds, retry_total=0)
+        container = bsc.get_container_client('testing')
+
+        # Act
+        with pytest.raises(ClientAuthenticationError):
+            container.exists()
+
     # ------------------------------------------------------------------------------

sdk/storage/azure-storage-blob/tests/test_common_blob_async.py

@@ -3260,4 +3260,25 @@ async def test_storage_account_audience_blob_client(self, **kwargs):
         response = await blob.exists()
         assert response is not None
 
+    @pytest.mark.live_test_only
+    @BlobPreparer()
+    async def test_oauth_error_handling(self, **kwargs):
+        storage_account_name = kwargs.pop("storage_account_name")
+
+        # Arrange
+        from azure.identity.aio import ClientSecretCredential
+
+        # Generate an invalid credential
+        creds = ClientSecretCredential(
+            self.get_settings_value("TENANT_ID"),
+            self.get_settings_value("CLIENT_ID"),
+            self.get_settings_value("CLIENT_SECRET") + 'a'
+        )
+
+        bsc = BlobServiceClient(self.account_url(storage_account_name, "blob"), credential=creds, retry_total=0)
+        container = bsc.get_container_client('testing')
+
+        # Act
+        with pytest.raises(ClientAuthenticationError):
+            await container.exists()
 # ------------------------------------------------------------------------------

sdk/storage/azure-storage-file-datalake/CHANGELOG.md

@@ -7,6 +7,8 @@
 ### Bugs Fixed
 - Bumped dependency of `typing-extensions` to `>=4.6.0` to avoid potential `TypeError` with `typing.TypeVar` on
 Python 3.12.
+- Fixed an issue where authentication errors could raise `AttributeError` instead of `ClientAuthenticationError` when
+using async OAuth credentials.
 
 ## 12.14.0 (2023-11-07)
 

sdk/storage/azure-storage-file-datalake/azure/storage/filedatalake/_shared/response_handlers.py

@@ -116,7 +116,8 @@ def process_storage_error(storage_error) -> NoReturn: # type: ignore [misc] # py
             error_dict = {'message': str(error_body)}
 
         # If we extracted from a Json or XML response
-        if error_dict:
+        # There is a chance error_dict is just a string
+        if error_dict and isinstance(error_dict, dict):
             error_code = error_dict.get('code')
             error_message = error_dict.get('message')
             additional_data = {k: v for k, v in error_dict.items() if k not in {'code', 'message'}}

sdk/storage/azure-storage-file-share/CHANGELOG.md

@@ -10,6 +10,8 @@
 pointing to the root of the file share would raise an `InvalidResourceName` on any operations.
 - Bumped dependency of `typing-extensions` to `>=4.6.0` to avoid potential `TypeError` with `typing.TypeVar` on
 Python 3.12.
+- Fixed an issue where authentication errors could raise `AttributeError` instead of `ClientAuthenticationError` when
+using async OAuth credentials.
 
 ## 12.15.0 (2023-11-07)
 

sdk/storage/azure-storage-file-share/azure/storage/fileshare/_shared/response_handlers.py

@@ -116,7 +116,8 @@ def process_storage_error(storage_error) -> NoReturn: # type: ignore [misc] # py
             error_dict = {'message': str(error_body)}
 
         # If we extracted from a Json or XML response
-        if error_dict:
+        # There is a chance error_dict is just a string
+        if error_dict and isinstance(error_dict, dict):
             error_code = error_dict.get('code')
             error_message = error_dict.get('message')
             additional_data = {k: v for k, v in error_dict.items() if k not in {'code', 'message'}}

sdk/storage/azure-storage-queue/CHANGELOG.md

@@ -7,6 +7,8 @@
 ### Bugs Fixed
 - Bumped dependency of `typing-extensions` to `>=4.6.0` to avoid potential `TypeError` with `typing.TypeVar` on
 Python 3.12.
+- Fixed an issue where authentication errors could raise `AttributeError` instead of `ClientAuthenticationError` when
+using async OAuth credentials.
 
 ## 12.9.0 (2023-12-05)