1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License.
pub use crate::generated::clients::BlobContainerClient;
use crate::{
logging::apply_storage_logging_defaults, models::StorageErrorCode,
pipeline::StorageHeadersPolicy, BlobClient,
};
use azure_core::{
credentials::TokenCredential,
error::ErrorKind,
fmt::SafeDebug,
http::{
policies::{auth::BearerTokenAuthorizationPolicy, Policy},
ClientOptions, Pipeline, StatusCode, Url,
},
tracing, Result,
};
use std::sync::Arc;
/// Options used when creating a [`BlobContainerClient`].
#[derive(Clone, SafeDebug)]
pub struct BlobContainerClientOptions {
/// Allows customization of the client.
pub client_options: ClientOptions,
/// Specifies the version of the operation to use for this request.
pub version: String,
}
impl Default for BlobContainerClientOptions {
fn default() -> Self {
Self {
client_options: ClientOptions::default(),
version: String::from("2026-04-06"),
}
}
}
impl BlobContainerClient {
/// Creates a new BlobContainerClient, using Entra ID authentication.
///
/// # Arguments
///
/// * `endpoint` - The full URL of the Azure storage account, for example `https://myaccount.blob.core.windows.net/`
/// * `container_name` - The name of the container.
/// * `credential` - An optional implementation of [`TokenCredential`] that can provide an Entra ID token to use when authenticating.
/// * `options` - Optional configuration for the client.
pub fn new(
endpoint: &str,
container_name: &str,
credential: Option<Arc<dyn TokenCredential>>,
options: Option<BlobContainerClientOptions>,
) -> Result<Self> {
let mut url = Url::parse(endpoint)?;
{
let mut path_segments = url.path_segments_mut().map_err(|_| {
azure_core::Error::with_message(
azure_core::error::ErrorKind::Other,
"Invalid endpoint URL: Failed to parse out path segments from provided endpoint URL.",
)
})?;
path_segments.extend([container_name]);
}
Self::from_url(url, credential, options)
}
/// Creates a new BlobContainerClient from a container URL.
///
/// # Arguments
///
/// * `container_url` - The full URL of the container, for example `https://myaccount.blob.core.windows.net/mycontainer`.
/// * `credential` - An optional implementation of [`TokenCredential`] that can provide an Entra ID token to use when authenticating.
/// * `options` - Optional configuration for the client.
#[tracing::new("Storage.Blob.Container")]
pub fn from_url(
container_url: Url,
credential: Option<Arc<dyn TokenCredential>>,
options: Option<BlobContainerClientOptions>,
) -> Result<Self> {
let mut options = options.unwrap_or_default();
apply_storage_logging_defaults(&mut options.client_options);
let storage_headers_policy = Arc::new(StorageHeadersPolicy);
options
.client_options
.per_call_policies
.push(storage_headers_policy);
let per_retry_policies = if let Some(token_credential) = credential {
if !container_url.scheme().starts_with("https") {
return Err(azure_core::Error::with_message(
azure_core::error::ErrorKind::Other,
format!("{container_url} must use https"),
));
}
let auth_policy: Arc<dyn Policy> = Arc::new(BearerTokenAuthorizationPolicy::new(
token_credential,
vec!["https://storage.azure.com/.default"],
));
vec![auth_policy]
} else {
Vec::default()
};
let pipeline = Pipeline::new(
option_env!("CARGO_PKG_NAME"),
option_env!("CARGO_PKG_VERSION"),
options.client_options.clone(),
Vec::default(),
per_retry_policies,
None,
);
Ok(Self {
endpoint: container_url,
version: options.version,
pipeline,
})
}
/// Returns a new instance of BlobClient.
///
/// # Arguments
///
/// * `blob_name` - The name of the blob.
pub fn blob_client(&self, blob_name: &str) -> BlobClient {
let mut blob_url = self.url().clone();
blob_url
.path_segments_mut()
// This should not fail as container URL has already been validated on client construction.
.expect("Invalid endpoint URL: Cannot append blob_name to the blob endpoint.")
.extend([blob_name]);
BlobClient {
endpoint: blob_url,
pipeline: self.pipeline.clone(),
version: self.version.clone(),
tracer: self.tracer.clone(),
}
}
/// Gets the URL of the container.
pub fn url(&self) -> &Url {
&self.endpoint
}
/// Checks if the container exists.
///
/// Returns `true` if the container exists, `false` if the container does not exist, and propagates all other errors.
pub async fn exists(&self) -> Result<bool> {
match self.get_properties(None).await {
Ok(_) => Ok(true),
Err(e) if e.http_status() == Some(StatusCode::NotFound) => match e.kind() {
ErrorKind::HttpResponse {
error_code: Some(error_code),
..
} if error_code == StorageErrorCode::ContainerNotFound.as_ref() => Ok(false),
// Propagate all other error types.
_ => Err(e),
},
Err(e) => Err(e),
}
}
}