public async Task GivenUnableToGetAccessToken_WhenGetAuthorizedClientAsync_ThenExportClientInitializerExceptionIsThrown()
        {
            _exportJobConfiguration.StorageAccountUri = "https://localhost/storage";

            // Set up access token provider to throw exception when invoked
            _accessTokenProvider.GetAccessTokenForResourceAsync(Arg.Any <Uri>(), Arg.Any <CancellationToken>()).Returns <string>(x => throw new AccessTokenProviderException("cant get access token"));

            var exception = await Assert.ThrowsAsync <ExportClientInitializerException>(() => _azureAccessTokenClientInitializer.GetAuthorizedClientAsync(CancellationToken.None));

            Assert.Contains(Resources.CannotGetAccessToken, exception.Message);
            Assert.Equal(HttpStatusCode.Unauthorized, exception.StatusCode);
        }
        public async Task <CloudBlobClient> GetAuthorizedClientAsync(IntegrationDataStoreConfiguration integrationDataStoreConfiguration, CancellationToken cancellationToken)
        {
            if (string.IsNullOrWhiteSpace(integrationDataStoreConfiguration.StorageAccountUri))
            {
                throw new IntegrationDataStoreClientInitializerException(Resources.InvalidStorageUri, HttpStatusCode.BadRequest);
            }

            if (!Uri.TryCreate(integrationDataStoreConfiguration.StorageAccountUri, UriKind.Absolute, out Uri storageAccountUri))
            {
                throw new IntegrationDataStoreClientInitializerException(Resources.InvalidStorageUri, HttpStatusCode.BadRequest);
            }

            string accessToken;

            try
            {
                accessToken = await _accessTokenProvider.GetAccessTokenForResourceAsync(storageAccountUri, cancellationToken);
            }
            catch (AccessTokenProviderException atp)
            {
                _logger.LogError(atp, "Unable to get access token");

                throw new IntegrationDataStoreClientInitializerException(Resources.CannotGetAccessToken, HttpStatusCode.Unauthorized);
            }

#pragma warning disable CA2000 // Dispose objects before losing scope
            StorageCredentials storageCredentials = new StorageCredentials(new TokenCredential(accessToken));
#pragma warning restore CA2000 // Dispose objects before losing scope
            return(new CloudBlobClient(storageAccountUri, storageCredentials));
        }
        public async Task <string> GetTokenAsync(string registryServer, CancellationToken cancellationToken)
        {
            EnsureArg.IsNotNullOrEmpty(registryServer, nameof(registryServer));

            var    aadResourceUri = new Uri(_convertDataConfiguration.ArmResourceManagerId);
            string aadToken;

            try
            {
                aadToken = await _aadTokenProvider.GetAccessTokenForResourceAsync(aadResourceUri, cancellationToken);
            }
            catch (AccessTokenProviderException ex)
            {
                _logger.LogWarning(ex, "Failed to get AAD access token from managed identity.");
                throw new AzureContainerRegistryTokenException(Resources.CannotGetAcrAccessToken, HttpStatusCode.Unauthorized, ex);
            }

            try
            {
                return(await Policy
                       .Handle <HttpRequestException>()
                       .RetryAsync(3, onRetry: (exception, retryCount) =>
                {
                    _logger.LogWarning(exception, "Get ACR token failed. Retry {retryCount}.", retryCount);
                })
                       .ExecuteAsync(() => GetAcrAccessTokenWithAadToken(registryServer, aadToken, cancellationToken)));
            }
            catch (HttpRequestException ex)
            {
                _logger.LogError(ex, "Failed to get ACR access token with AAD access token.");
                throw new AzureContainerRegistryTokenException(Resources.CannotGetAcrAccessToken, HttpStatusCode.BadRequest, ex);
            }
        }
Beispiel #4
0
        public async Task <CloudBlobClient> GetAuthorizedClientAsync(ExportJobConfiguration exportJobConfiguration, CancellationToken cancellationToken)
        {
            // Get storage uri from config
            if (string.IsNullOrWhiteSpace(exportJobConfiguration.StorageAccountUri))
            {
                throw new ExportClientInitializerException(Resources.InvalidStorageUri, HttpStatusCode.BadRequest);
            }

            if (!Uri.TryCreate(exportJobConfiguration.StorageAccountUri, UriKind.Absolute, out Uri storageAccountUri))
            {
                throw new ExportClientInitializerException(Resources.InvalidStorageUri, HttpStatusCode.BadRequest);
            }

            string accessToken = null;

            try
            {
                accessToken = await _accessTokenProvider.GetAccessTokenForResourceAsync(storageAccountUri, cancellationToken);
            }
            catch (AccessTokenProviderException atp)
            {
                _logger.LogError(atp, "Unable to get access token");

                throw new ExportClientInitializerException(Resources.CannotGetAccessToken, HttpStatusCode.Unauthorized);
            }

            var storageCredentials = new StorageCredentials(new TokenCredential(accessToken));

            return(new CloudBlobClient(storageAccountUri, storageCredentials));
        }