public static Uri GetServiceSASUriForContainer(BlobContainerClient containerClient, string storedPolicyName = null)
{
// Check whether this BlobContainerClient object has been authorized with Shared Key.
if (containerClient.CanGenerateSasUri)
{
// Create a SAS token that's valid for one hour.
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerClient.Name,
Resource = "c"
};
if (storedPolicyName == null)
{
sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1);
sasBuilder.SetPermissions(BlobContainerSasPermissions.Read);
}
else
{
sasBuilder.Identifier = storedPolicyName;
}
Uri sasUri = containerClient.GenerateSasUri(sasBuilder);
Console.WriteLine("SAS URI for blob container is: {0}", sasUri);
Console.WriteLine();
return(sasUri);
}
else
{
Console.WriteLine(@"BlobContainerClient must be authorized with Shared Key
credentials to create a service SAS.");
return(null);
}
}
public async Task SetImmutibilityPolicyAsync_SetLegalHold_ContainerSas(BlobContainerSasPermissions sasPermissions)
{
// Arrange
await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth);
BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName());
BlobContainerClient sharedKeyContainer = InstrumentClient(
GetServiceClient_OAuthAccount_SharedKey().GetBlobContainerClient(vlwContainer.Container.Name));
Uri containerSasUri = sharedKeyContainer.GenerateSasUri(sasPermissions, Recording.UtcNow.AddDays(1));
BlobBaseClient sasBlobClient = InstrumentClient(new BlobContainerClient(containerSasUri, GetOptions()).GetBlobBaseClient(blob.Name));
BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy
{
ExpiresOn = Recording.UtcNow.AddMinutes(5),
PolicyMode = BlobImmutabilityPolicyMode.Unlocked
};
// The service rounds Immutability Policy Expiry to the nearest second.
DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value);
// Act
Response <BlobImmutabilityPolicy> response = await sasBlobClient.SetImmutabilityPolicyAsync(
immutabilityPolicy : immutabilityPolicy);
// Assert
Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn);
Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode);
// Act
Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobClient.SetLegalHoldAsync(hasLegalHold : false);
// Assert
Assert.IsFalse(legalHoldResponse.Value.HasLegalHold);
}
public string GetSAS(string containerName)
{
var container = new BlobContainerClient(connectionString, containerName);
container.CreateIfNotExists();
return(container.GenerateSasUri(Azure.Storage.Sas.BlobContainerSasPermissions.Read, DateTime.UtcNow.AddDays(1)).Query);
}
internal static string GetOutputContainerSasUrl(string storageAccountName, string outputContainerName, StorageSharedKeyCredential storageCreds, bool forRead)
{
log.LogDebug($"Ensuring presence of output blob container '{outputContainerName}'");
var container = new BlobContainerClient(new Uri($"https://{storageAccountName}.blob.core.windows.net/{outputContainerName}"), storageCreds);
container.CreateIfNotExists();
BlobSasBuilder sasConstraints;
if (!forRead)
{
var permissions = BlobSasPermissions.Add | BlobSasPermissions.Create | BlobSasPermissions.Write | BlobSasPermissions.Read | BlobSasPermissions.List;
sasConstraints = new BlobSasBuilder(permissions, new DateTimeOffset(DateTime.UtcNow, new TimeSpan(0, 0, 0)));
sasConstraints.StartsOn = DateTime.UtcNow.AddHours(-1);
sasConstraints.ExpiresOn = DateTime.UtcNow.AddHours(4);
}
else
{
var permissions = BlobSasPermissions.Read | BlobSasPermissions.List;
sasConstraints = new BlobSasBuilder(permissions, new DateTimeOffset(DateTime.UtcNow, new TimeSpan(0, 0, 0, 0, 0)));
sasConstraints.StartsOn = DateTime.UtcNow.AddHours(-1);
sasConstraints.ExpiresOn = DateTime.UtcNow.AddHours(7);
}
sasConstraints.BlobContainerName = outputContainerName;
return(container.GenerateSasUri(sasConstraints).ToString());
}
private string CreateSasToken()
{
var containerClient = new BlobContainerClient(azureStorageArtifactsOptions.ConnectionString, DEPLOYMENT_CONTAINER_NAME);
var sasUri = containerClient.GenerateSasUri(BlobContainerSasPermissions.Read, DateTimeOffset.UtcNow.AddDays(1));
return(sasUri.PathAndQuery);
}
private async Task <Uri> GetServiceSasUriForBlob()
{
var containerClient = new BlobContainerClient(_settings.ConnectionString, _settings.ContainerName);
try
{
await containerClient.CreateIfNotExistsAsync();
}
catch (Azure.RequestFailedException ex)
{
if (ex.Status != 409)
{
throw;
}
}
if (!containerClient.CanGenerateSasUri)
{
throw new NotSupportedException("cannot generate sas token");
}
BlobSasBuilder sasBuilder = new BlobSasBuilder()
{
BlobContainerName = containerClient.Name,
Resource = "c"
};
sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(_settings.ExpiredMunites);
sasBuilder.SetPermissions(BlobSasPermissions.Create | BlobSasPermissions.Write | BlobSasPermissions.Read);
return(containerClient.GenerateSasUri(sasBuilder));
}
public Uri CreateSASUri()
{
var sasBuilder = new BlobSasBuilder
{
BlobContainerName = containerClient.Name,
Resource = "c", // shared container type
ExpiresOn = DateTimeOffset.UtcNow.AddDays(1)
};
sasBuilder.SetPermissions(BlobContainerSasPermissions.Create | BlobContainerSasPermissions.Write);
return(containerClient.GenerateSasUri(sasBuilder));
}
public static Uri?GetContainerSasUrlService(
BlobContainerClient client,
BlobContainerSasPermissions permissions,
bool tag = false,
TimeSpan?timeSpan = null)
{
var(start, expiry) = SasTimeWindow(timeSpan ?? TimeSpan.FromDays(30.0));
var sasBuilder = new BlobSasBuilder(permissions, expiry)
{
StartsOn = start
};
return(client.GenerateSasUri(sasBuilder));
}
private Uri GetStorageAccountSasUriForCleanupJob(BlobContainerClient blobContainerClient)
{
// We want to provide "Read", "Write" and "Delete" permissions to the storage container, so that it can
// create a blob, read it and subsequently delete it.
BlobContainerSasPermissions sasPermissions = BlobContainerSasPermissions.Write
| BlobContainerSasPermissions.Read
| BlobContainerSasPermissions.Delete;
BlobSasBuilder sasBuilder = new BlobSasBuilder(sasPermissions, DateTimeOffset.UtcNow.AddHours(1))
{
BlobContainerName = blobContainerClient.Name,
};
return(blobContainerClient.GenerateSasUri(sasBuilder));
}
public static async Task <IActionResult> Run(
[HttpTrigger(AuthorizationLevel.Function, "get", "post", Route = null)] HttpRequest req,
ILogger log)
{
try
{
log.LogInformation("InvokeUploadModuleLogs function started.");
/// It is important to set as null the values that won't be used
/// so the serialization done later in this code ignores them
#region cast and fix payload property types
int?logLevel = null;
if (!string.IsNullOrEmpty(_logsLogLevel))
{
logLevel = Convert.ToInt32(_logsLogLevel);
}
int?logsTail = null;
if (!string.IsNullOrEmpty(_logsTail))
{
logsTail = Convert.ToInt32(_logsTail);
}
if (string.IsNullOrEmpty(_logsRegex))
{
_logsRegex = null;
}
if (string.IsNullOrEmpty(_logsEncoding))
{
_logsEncoding = "none";
}
if (string.IsNullOrEmpty(_logsContentType))
{
_logsContentType = "json";
}
#endregion
// get container SAS token URL
BlobContainerClient container = new BlobContainerClient(_connectionString, _containerName);
Azure.Storage.Sas.BlobContainerSasPermissions permissions = Azure.Storage.Sas.BlobContainerSasPermissions.All;
DateTimeOffset expiresOn = new DateTimeOffset(DateTime.UtcNow.AddHours(12));
Uri sasUri = container.GenerateSasUri(permissions, expiresOn);
// query IoT devices
var registryManager = RegistryManager.CreateFromConnectionString(_iotHubConnectionString);
var query = registryManager.CreateQuery(_iotDeviceQuery);
var devices = await query.GetNextAsJsonAsync();
_serviceClient = ServiceClient.CreateFromConnectionString(_iotHubConnectionString);
// invoke direct method on every device
string moduleId = "$edgeAgent";
string methodName = "UploadModuleLogs";
foreach (var device in devices)
{
JObject deviceJson = JsonConvert.DeserializeObject <JObject>(device);
string deviceId = deviceJson.GetValue("deviceId").ToString();
var data = new UploadModuleLogs()
{
SchemaVersion = "1.0",
SasUrl = sasUri.AbsoluteUri,
Encoding = _logsEncoding,
ContentType = _logsContentType,
Items = new List <UploadModuleLogs.Item>()
{
new UploadModuleLogs.Item()
{
Id = _logsIdRegex,
Filter = new UploadModuleLogs.Filter()
{
Since = _logsSince,
Regex = _logsRegex,
LogLevel = logLevel,
Tail = logsTail,
}
}
}
};
string serializedData = JsonConvert.SerializeObject(
data,
Formatting.None,
new JsonSerializerSettings
{
NullValueHandling = NullValueHandling.Ignore,
});
var deviceMethod = new CloudToDeviceMethod(methodName);
deviceMethod.SetPayloadJson(serializedData);
var result = await _serviceClient.InvokeDeviceMethodAsync(deviceId, moduleId, deviceMethod);
log.LogInformation($"InvokeUploadModuleLogs: Method '{methodName}' on module '{moduleId}' on device '{deviceId}': Status code: {result.Status}. Response: {result.GetPayloadAsJson()}");
}
return(new OkResult());
}
catch (Exception e)
{
log.LogError($"InvokeUploadModuleLogs failed with the following exception: {e}");
return(new BadRequestObjectResult(e.ToString()));
}
}
private string GetSasTokenForPermissions(BlobContainerSasPermissions permissions, DateTime expiration)
{
string sas = _container.GenerateSasUri(permissions, expiration).ToString();
return(sas.Substring(sas.IndexOf('?')));
}
public async Task StartTranslationWithAzureBlob()
{
/**
* FILE: SampleTranslationWithAzureBlob.cs
* DESCRIPTION:
* This sample demonstrates how to use Azure Blob Storage to set up the necessary resources to create a translation
* operation. Run the sample to create containers, upload documents, and generate SAS tokens for the source/target
* containers. Once the operation is completed, use the storage library to download your documents locally.
*
* PREREQUISITE:
* This sample requires you install Azure.Storage.Blobs nuget package:
* https://www.nuget.org/packages/Azure.Storage.Blobs
*
* USAGE:
* Set the environment variables with your own values before running the sample:
* 1) DOCUMENT_TRANSLATION_ENDPOINT - the endpoint to your Document Translation resource.
* 2) DOCUMENT_TRANSLATION_API_KEY - your Document Translation API key.
* 3) DOCUMENT_TRANSLATION_CONNECTION_STRING - the connection string to your Storage account
* 4) AZURE_DOCUMENT_PATH - (optional) the path and file extension of your document in this directory
* e.g. "path/mydocument.txt"
* Optionally, you can also set the following variables in code:
* 5) sourceContainerName - the name of your source container
* 6) targetContainerName - the name of your target container
**/
#if SNIPPET
string endpoint = "<Document Translator Resource Endpoint>";
string apiKey = "<Document Translator Resource API Key>";
#else
string endpoint = TestEnvironment.Endpoint;
string apiKey = TestEnvironment.ApiKey;
#endif
var client = new DocumentTranslationClient(new Uri(endpoint), new AzureKeyCredential(apiKey));
var storageConnectionString = Environment.GetEnvironmentVariable("DOCUMENT_TRANSLATION_CONNECTION_STRING");
#if SNIPPET
string sourceContainerName = "<Source Container Name>";
string targetContainerName = "<Target Container Name>";
#else
string sourceContainerName = GenerateRandomName("source");
string targetContainerName = GenerateRandomName("target");
#endif
string documentPath = Environment.GetEnvironmentVariable("AZURE_DOCUMENT_PATH");
// Create source and target storage containers
BlobServiceClient blobServiceClient = new BlobServiceClient(storageConnectionString);
BlobContainerClient sourceContainerClient = await blobServiceClient.CreateBlobContainerAsync(sourceContainerName ?? "translation-source-container", PublicAccessType.BlobContainer).ConfigureAwait(false);
BlobContainerClient targetContainerClient = await blobServiceClient.CreateBlobContainerAsync(targetContainerName ?? "translation-target-container", PublicAccessType.BlobContainer).ConfigureAwait(false);
// Upload blob (file) to the source container
BlobClient srcBlobClient = sourceContainerClient.GetBlobClient(!string.IsNullOrWhiteSpace(documentPath) ? Path.GetFileName(documentPath) : "example_source_document.txt");
if (!string.IsNullOrWhiteSpace(documentPath))
{
using (FileStream uploadFileStream = File.OpenRead(documentPath))
{
await srcBlobClient.UploadAsync(uploadFileStream, true).ConfigureAwait(false);
}
}
else
{
await srcBlobClient.UploadAsync(new MemoryStream(Encoding.UTF8.GetBytes("Hello.\nThis is a testing text.")), true).ConfigureAwait(false);
}
Console.WriteLine($"Uploaded document {srcBlobClient.Uri} to source storage container");
// Generate SAS tokens for source & target
Uri srcSasUri = sourceContainerClient.GenerateSasUri(BlobContainerSasPermissions.List | BlobContainerSasPermissions.Read, DateTime.UtcNow.AddMinutes(30));
Uri tgtSasUri = targetContainerClient.GenerateSasUri(BlobContainerSasPermissions.List | BlobContainerSasPermissions.Write | BlobContainerSasPermissions.Delete, DateTime.UtcNow.AddMinutes(30));
// Submit the translation operation and wait for it to finish
var operationRequest = new DocumentTranslationInput(srcSasUri, tgtSasUri, "es");
DocumentTranslationOperation operationResult = await client.StartTranslationAsync(operationRequest);
await operationResult.WaitForCompletionAsync();
Console.WriteLine($"Operation status: {operationResult.Status}");
Console.WriteLine($"Operation created on: {operationResult.CreatedOn}");
Console.WriteLine($"Operation last updated on: {operationResult.LastModified}");
Console.WriteLine($"Total number of translations on documents: {operationResult.DocumentsTotal}");
Console.WriteLine("\nOf total documents...");
Console.WriteLine($"{operationResult.DocumentsFailed} failed");
Console.WriteLine($"{operationResult.DocumentsSucceeded} succeeded");
await foreach (DocumentStatusResult document in operationResult.GetDocumentStatusesAsync())
{
if (document.Status == DocumentTranslationStatus.Succeeded)
{
Console.WriteLine($"Document at {document.SourceDocumentUri} was translated to {document.TranslatedToLanguageCode} language.You can find translated document at {document.TranslatedDocumentUri}");
}
else
{
Console.WriteLine($"Document ID: {document.Id}, Error Code: {document.Error.Code}, Message: {document.Error.Message}");
}
}
}
// *************************************************************************************************************************
// Instructions: This sample can be run using either the Azure storage emulator that installs as part of the Azure SDK - or by
// updating the App.Config file with your AccountName and Key.
//
// To run the sample using the storage emulator (default option)
// 1. Start the Azure storage emulator (once only) by pressing the Start button or the Windows key and searching for it
// by typing "Azure storage emulator". Select it from the list of applications to start it.
// 2. Set breakpoints and run the project using F10.
//
// To run the sample using a storage account
// 1. Open the app.config file and comment out the connection string for the emulator (UseDevelopmentStorage=True) and
// uncomment the connection string for the storage service (AccountName=[]...)
// 2. Create a storage account through the Azure Portal and provide your [AccountName] and [AccountKey] in
// the App.Config file. See http://go.microsoft.com/fwlink/?LinkId=325277 for more information
// 3. Set breakpoints and run the project using F10.
//
// *************************************************************************************************************************
static void Main()
{
const string containerPrefix = "sas-container-";
const string policyPrefix = "tutorial-policy-";
const string blobName1 = "sasBlob1.txt";
const string blobContent1 = "Blob created with an container SAS with store access policy granting write and list permissions on the container.";
const string blobName2 = "sasBlob2.txt";
const string blobContent2 = "Blob created with an container SAS granting all permissions on the container.";
const string blobName3 = "sasBlob3.txt";
const string blobContent3 = "Blob created with a blob SAS with store access policy granting create/write permissions to the blob.";
const string blobName4 = "sasBlob4.txt";
const string blobContent4 = "Blob created with a blob SAS granting all permissions to the blob.";
string containerName = containerPrefix + DateTime.Now.Ticks.ToString();
string storeAccessPolicyName = policyPrefix + DateTime.Now.Ticks.ToString();
//Parse the connection string and return a reference to the storage account.
BlobServiceClient blobServiceClient = new BlobServiceClient(ConfigurationManager.AppSettings.Get("StorageConnectionString"));
//Get a reference to a container to use for the sample code, and create it if it does not exist.
BlobContainerClient container = blobServiceClient.GetBlobContainerClient(containerName);
try
{
container.CreateIfNotExists();
}
catch (RequestFailedException)
{
// Ensure that the storage emulator is running if using emulator connection string.
Console.WriteLine("If you are running with the default connection string, please make sure you have started the storage emulator. Press the Windows key and type Azure Storage to select and run it from the list of applications - then restart the sample.");
Console.ReadLine();
throw;
}
//Create a new access policy on the container, which may be optionally used to provide constraints for
//shared access signatures on the container and the blob.
//The access policy provides create, write, read, list, and delete permissions.
StorageSharedKeyCredential storageSharedKeyCredential = new StorageSharedKeyCredential(blobServiceClient.AccountName, ConfigurationManager.AppSettings.Get("AzureStorageEmulatorAccountKey"));
CreateStoreAccessPolicy(container, storeAccessPolicyName);
//Generate an SAS URI for the container. The SAS has write and list permissions.
Uri containerSAS = container.GenerateSasUri(BlobContainerSasPermissions.Write | BlobContainerSasPermissions.List, DateTimeOffset.UtcNow.AddHours(1));
Console.WriteLine("1. SAS for blob container : " + containerSAS);
Console.WriteLine();
//Test the SAS to ensure it works as expected.
//The write and list operations should succeed, and the read and delete operations should fail.
TestContainerSAS(containerSAS, blobName1, blobContent1);
Console.WriteLine();
//Generate an SAS URI for the container. The SAS has all permissions.
UriBuilder storeContainerSAS = GetContainerSasUri(container, storageSharedKeyCredential);
Console.WriteLine("2. SAS for blob container : " + storeContainerSAS);
Console.WriteLine();
//Test the SAS to ensure it works as expected.
//The write, read, list, and delete operations should all succeed.
TestContainerSAS(storeContainerSAS.Uri, blobName2, blobContent2);
Console.WriteLine();
//Generate an SAS URI for a blob within the container. The SAS has create, write, and read permissions.
Uri storeBlobSAS = container.GetBlobClient(blobName3).GenerateSasUri(BlobSasPermissions.Create | BlobSasPermissions.Write | BlobSasPermissions.Read, DateTimeOffset.UtcNow.AddHours(1));
Console.WriteLine("3. SAS for blob : " + storeBlobSAS);
Console.WriteLine();
//Test the SAS to ensure it works as expected.
//The create, write, and read operations should succeed, and the delete operation should fail.
TestBlobSAS(storeBlobSAS, blobContent3);
Console.WriteLine();
//Generate an SAS URI for a blob within the container. The SAS has all permissions.
Uri blobSAS = GetBlobSasUri(container, blobName4);
Console.WriteLine("4. SAS for blob : " + blobSAS);
Console.WriteLine();
//Test the SAS to ensure it works as expected.
//The create, write, read, and delete operations should all succeed.
TestBlobSAS(blobSAS, blobContent4);
Console.WriteLine();
//Delete the container to clean up.
container.DeleteIfExists();
Console.ReadLine();
}
