/// <summary>
/// Validate the container access policy
/// </summary>
/// <param name="policy">SharedAccessBlobPolicy object</param>
/// <param name="policyIdentifier">The policy identifier which need to be checked.</param>
public static bool ValidateContainerAccessPolicy(IStorageBlobManagement channel, string containerName,
SharedAccessBlobPolicy policy, string policyIdentifier)
{
if (string.IsNullOrEmpty(policyIdentifier))
{
return(true);
}
CloudBlobContainer container = channel.GetContainerReference(containerName);
AccessCondition accessCondition = null;
BlobRequestOptions options = null;
OperationContext context = null;
BlobContainerPermissions permission = channel.GetContainerPermissions(container, accessCondition, options, context);
SharedAccessBlobPolicy sharedAccessPolicy =
GetExistingPolicy <SharedAccessBlobPolicy>(permission.SharedAccessPolicies, policyIdentifier);
if (policy.Permissions != SharedAccessBlobPermissions.None)
{
throw new ArgumentException(Resources.SignedPermissionsMustBeOmitted);
}
if (policy.SharedAccessExpiryTime.HasValue && sharedAccessPolicy.SharedAccessExpiryTime.HasValue)
{
throw new ArgumentException(Resources.SignedExpiryTimeMustBeOmitted);
}
return(!sharedAccessPolicy.SharedAccessExpiryTime.HasValue);
}
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission)
{
if (!NameUtil.IsValidStoredAccessPolicyName(policyName))
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName));
}
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//Add new policy
if (blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName));
}
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy();
AccessPolicyHelper.SetupAccessPolicy <SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission);
blobContainerPermissions.SharedAccessPolicies.Add(policyName, policy);
//Set permissions back to container
localChannel.SetContainerPermissions(container, blobContainerPermissions);
return(policyName);
}
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime? startTime, DateTime? expiryTime, string permission)
{
if (!NameUtil.IsValidStoredAccessPolicyName(policyName))
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName));
}
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//Add new policy
if (blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName));
}
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy();
AccessPolicyHelper.SetupAccessPolicy<SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission);
blobContainerPermissions.SharedAccessPolicies.Add(policyName, policy);
//Set permissions back to container
localChannel.SetContainerPermissions(container, blobContainerPermissions);
return policyName;
}
/// <summary>
/// set the access level of specified container
/// </summary>
/// <param name="name">container name</param>
/// <param name="accessLevel">access level in ("off", "blob", "container")</param>
internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
BlobRequestOptions requestOptions = RequestOptions;
AccessCondition accessCondition = null;
CloudBlobContainer container = localChannel.GetContainerReference(name);
// Get container permission and set the public access as input
BlobContainerPermissions permissions;
try
{
permissions = localChannel.GetContainerPermissions(container);
}
catch (StorageException e) when(e.IsNotFoundException())
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
permissions.PublicAccess = accessLevel;
await localChannel.SetContainerPermissionsAsync(container, permissions, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
WriteCloudContainerObject(taskId, localChannel, container, permissions);
}
}
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime? startTime, DateTime? expiryTime, string permission, bool noStartTime, bool noExpiryTime)
{
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//Set the policy with new value
if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
SharedAccessBlobPolicy policy = blobContainerPermissions.SharedAccessPolicies[policyName];
AccessPolicyHelper.SetupAccessPolicy<SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime);
blobContainerPermissions.SharedAccessPolicies[policyName] = policy;
//Set permission back to container
localChannel.SetContainerPermissions(container, blobContainerPermissions);
WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject<SharedAccessBlobPolicy>(blobContainerPermissions.SharedAccessPolicies, policyName));
return policyName;
}
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime)
{
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//Set the policy with new value
if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
SharedAccessBlobPolicy policy = blobContainerPermissions.SharedAccessPolicies[policyName];
AccessPolicyHelper.SetupAccessPolicy <SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime);
blobContainerPermissions.SharedAccessPolicies[policyName] = policy;
//Set permission back to container
localChannel.SetContainerPermissions(container, blobContainerPermissions);
WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessBlobPolicy>(blobContainerPermissions.SharedAccessPolicies, policyName));
return(policyName);
}
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName)
{
bool success = false;
string result = string.Empty;
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//remove the specified policy
if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (this.Force || ConfirmRemove(policyName))
{
blobContainerPermissions.SharedAccessPolicies.Remove(policyName);
localChannel.SetContainerPermissions(container, blobContainerPermissions);
success = true;
}
return(success);
}
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName)
{
bool success = false;
string result = string.Empty;
//Get existing permissions
CloudBlobContainer container = localChannel.GetContainerReference(containerName);
BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container);
//remove the specified policy
if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName))
{
throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (this.Force || ConfirmRemove(policyName))
{
blobContainerPermissions.SharedAccessPolicies.Remove(policyName);
localChannel.SetContainerPermissions(container, blobContainerPermissions);
success = true;
}
return success;
}
/// <summary>
/// set the access level of specified container
/// </summary>
/// <param name="name">container name</param>
/// <param name="accessLevel">access level in ("off", "blob", "container")</param>
internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
BlobRequestOptions requestOptions = RequestOptions;
AccessCondition accessCondition = null;
bool needUseTrack2 = false;
CloudBlobContainer container = localChannel.GetContainerReference(name);
// Get container permission and set the public access as input
BlobContainerPermissions permissions = null;
try
{
permissions = localChannel.GetContainerPermissions(container, null, requestOptions, OperationContext);
}
catch (StorageException e) when(e.IsNotFoundException())
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
catch (StorageException e) when(e.IsConflictException())
{
// 409 Conflict, might caused by the container has an Stored access policy contains a permission that is not supported by Track1 SDK API veresion, so switch to Track2 SDK
needUseTrack2 = true;
}
if (!needUseTrack2) // Track1
{
permissions.PublicAccess = accessLevel;
await localChannel.SetContainerPermissionsAsync(container, permissions, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
WriteCloudContainerObject(taskId, localChannel, container, permissions);
}
}
else // Track2
{
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
// Get container permission and set the public access as input
BlobContainerAccessPolicy accessPolicy;
accessPolicy = containerClient.GetAccessPolicy(null, this.CmdletCancellationToken);
PublicAccessType publicAccessType = PublicAccessType.None;
switch (accessLevel)
{
case BlobContainerPublicAccessType.Blob:
publicAccessType = PublicAccessType.Blob;
break;
case BlobContainerPublicAccessType.Container:
publicAccessType = PublicAccessType.BlobContainer;
break;
case BlobContainerPublicAccessType.Off:
publicAccessType = PublicAccessType.None;
break;
default:
case BlobContainerPublicAccessType.Unknown:
throw new ArgumentOutOfRangeException("Permission");
}
await containerClient.SetAccessPolicyAsync(publicAccessType, accessPolicy.SignedIdentifiers, null, this.CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
AzureStorageContainer storageContainer = new AzureStorageContainer(container, null);
storageContainer.Context = localChannel.StorageContext;
storageContainer.SetTrack2Permission();
OutputStream.WriteObject(taskId, storageContainer);
}
}
}