Azure Data Tables SharedKey does not work

[bmc-msft]

The Access Key authentication for Azure Data Tables does not work as it generates an invalid signed request.

Consider the create_table request. This request uses prepare_request, then adds headers as appropriate:

azure-sdk-for-rust/sdk/data_tables/src/requests/create_table_builder.rs

Lines 37 to 44 in 42f8996

	let mut request = self.table_client.prepare_request(
	url,
	Method::Post,
	Some(bytes::Bytes::from(request_body_serialized)),
	)?;
	request.add_optional_header(&self.client_request_id);
	request.insert_header("Accept", "application/json;odata=fullmetadata");
	request.insert_header("Content-Type", "application/json");

The prepare_request does the signing, which goes through a call stack that gets to azure_storage::core::clients::StorageAccountClient.prepare_request which does the signing.

For account & key based authentication, it does calls generate_authorization with the headers in the request thus far:

azure-sdk-for-rust/sdk/storage/src/core/clients/storage_account_client.rs

Lines 444 to 447 in 42f8996

	StorageCredentials::Key(account, key) => {
	if !request.url().query_pairs().any(|(k, _)| k == "sig") {
	let auth = generate_authorization(
	request.headers(),

Later, the content-type is used to generate the signature:

azure-sdk-for-rust/sdk/storage/src/core/clients/storage_account_client.rs

Lines 549 to 557 in 42f8996

	ServiceType::Table => {
	format!(
	"{}\n{}\n{}\n{}\n{}",
	method.as_ref(),
	add_if_exists(headers, &CONTENT_MD5),
	add_if_exists(headers, &CONTENT_TYPE),
	add_if_exists(headers, &MS_DATE),
	canonicalized_resource_table(account, url)
	)

Because content-type doesn't exist as a header yet, it's not available at the time of prepare_request, which results in an invalid signature.

I validated this by temporarily hard-coding the content-type within prepare_request to include application/json, which generated a signed request that worked to create a table.