/// <summary> /// Converts the services specified for the shared access policy to a string. /// </summary> /// <param name="services">A <see cref="SharedAccessAccountServices"/> object.</param> /// <returns>The shared access services in string format.</returns> public static string ServicesToString(SharedAccessAccountServices services) { StringBuilder builder = new StringBuilder(); if ((services & SharedAccessAccountServices.Blob) == SharedAccessAccountServices.Blob) { builder.Append("b"); } if ((services & SharedAccessAccountServices.File) == SharedAccessAccountServices.File) { builder.Append("f"); } if ((services & SharedAccessAccountServices.Queue) == SharedAccessAccountServices.Queue) { builder.Append("q"); } if ((services & SharedAccessAccountServices.Table) == SharedAccessAccountServices.Table) { builder.Append("t"); } return(builder.ToString()); }
private string GenerateAndValidateAccountSAS( SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null, DateTime?startTime = null, DateTime?expiryTime = null) { Test.Assert(CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime), "Should succeeded in generating an account sas with full permissions, services and resource types"); string sasToken; if (lang == Language.PowerShell) { sasToken = CommandAgent.Output[0][Constants.SASTokenKey].ToString(); } else { sasToken = "?" + CommandAgent.Output[0][Constants.SASTokenKeyNode]; } AccountSASUtils.ValidateAccountSAS( service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime, sasToken); return(sasToken); }
private static void ValidateSASService( SharedAccessAccountServices expectedService, string sasService) { string serviceString = SharedAccessAccountPolicy.ServicesToString(expectedService); Test.Assert(string.Equals(sasService, serviceString), "Service: {0} == {1}", serviceString, sasService); }
public void AccountSAS_InvalidParameter() { SharedAccessAccountServices service = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File | SharedAccessAccountServices.Queue | SharedAccessAccountServices.Table; SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Service; string permission = AccountSASUtils.fullPermission; SharedAccessProtocol sasProtocal = SharedAccessProtocol.HttpsOrHttp; string iPAddressOrRange = "0.0.0.0-255.255.255.255"; DateTime startTime = DateTime.Now.AddMinutes(-5); DateTime expiryTime = DateTime.Now.AddMinutes(60); //invalid permission Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, "racwx", sasProtocal, iPAddressOrRange, startTime, expiryTime), "Set stored access policy with invalid permission should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Invalid access permission"); } else { ExpectedContainErrorMessage("Given \"x\" is invalid"); } //repeated permission - success GenerateAndValidateAccountSAS( service, resourceType, "rracw", sasProtocal, iPAddressOrRange, startTime, expiryTime); //invalid IP/IP range Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, null, "123.3.4a", null, null), "Set stored access policy with invalid iPAddressOrRange should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid."); } else { ExpectedContainErrorMessage("Invalid ip range format"); } Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, sasProtocal, "123.4.5.6_125.6.7.8", null, null), "Set stored access policy with invalid iPAddressOrRange should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid."); } else { ExpectedContainErrorMessage("Invalid ip range format"); } //success: start IP > end IP GenerateAndValidateAccountSAS( service, resourceType, permission, sasProtocal, "22.22.22.22-11.111.11.11", startTime, expiryTime); //Start time > expire Time Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, sasProtocal, iPAddressOrRange, DateTime.Now.AddMinutes(5), DateTime.Now.AddMinutes(-5)), "Set stored access policy with invalid Start Time should fail"); ExpectedContainErrorMessage("The expiry time of the specified access policy should be greater than start time"); }
/// <summary> /// Create a blob SAS build from Blob Object /// </summary> public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices Service, SharedAccessAccountResourceTypes type, string Permission = null, DateTime?StartTime = null, DateTime?ExpiryTime = null, string iPAddressOrRange = null, SharedAccessProtocol?Protocol = null, string EncryptionScope = null) { AccountSasBuilder sasBuilder = new AccountSasBuilder(); sasBuilder.ResourceTypes = GetAccountSasResourceTypes(type); sasBuilder.Services = GetAccountSasServices(Service); sasBuilder = SetAccountPermission(sasBuilder, Permission); if (StartTime != null) { sasBuilder.StartsOn = StartTime.Value.ToUniversalTime(); } if (ExpiryTime != null) { sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime(); } else { if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null) { sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime(); } else { sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1); } } if (iPAddressOrRange != null) { sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(iPAddressOrRange); } if (Protocol != null) { if (Protocol.Value == SharedAccessProtocol.HttpsOrHttp) { sasBuilder.Protocol = SasProtocol.HttpsAndHttp; } else //HttpsOnly { sasBuilder.Protocol = SasProtocol.Https; } } if (EncryptionScope != null) { sasBuilder.EncryptionScope = EncryptionScope; } return(sasBuilder); }
public void AccountSAS_File_Container_w() { SharedAccessAccountServices service = SharedAccessAccountServices.File; SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container; string permission = "w"; string sasToken = GenerateAndValidateAccountSAS( service, resourceType, permission, null, null, null, null); string shareName = "sharetocreatewithsas"; fileUtil.ValidateShareCreatableWithSasToken(shareName, StorageAccount.Credentials.AccountName, sasToken); }
/// <summary> /// Get Track2 accunt sas SasServices /// </summary> public static AccountSasServices GetAccountSasServices(SharedAccessAccountServices Service) { AccountSasServices outputService = 0; if ((Service & SharedAccessAccountServices.Blob) == SharedAccessAccountServices.Blob) { outputService = outputService | AccountSasServices.Blobs; } if ((Service & SharedAccessAccountServices.File) == SharedAccessAccountServices.File) { outputService = outputService | AccountSasServices.Files; } if ((Service & SharedAccessAccountServices.Queue) == SharedAccessAccountServices.Queue) { outputService = outputService | AccountSasServices.Queues; } if ((Service & SharedAccessAccountServices.Table) == SharedAccessAccountServices.Table) { outputService = outputService | AccountSasServices.Tables; } return(outputService); }
public virtual string GetAccountSasFromCmd(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange, DateTime?startTime = null, DateTime?expiryTime = null) { return(string.Empty); }
public virtual bool NewAzureStorageAccountSAS(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null, DateTime?startTime = null, DateTime?expiryTime = null) { return(false); }
public static string ServicesToString(SharedAccessAccountServices services) { throw new System.NotImplementedException(); }
/// <summary> /// Converts the services specified for the shared access policy to a string. /// </summary> /// <param name="services">A <see cref="SharedAccessAccountServices"/> object.</param> /// <returns>The shared access services in string format.</returns> public static string ServicesToString(SharedAccessAccountServices services) { StringBuilder builder = new StringBuilder(); if ((services & SharedAccessAccountServices.Blob) == SharedAccessAccountServices.Blob) { builder.Append("b"); } if ((services & SharedAccessAccountServices.File) == SharedAccessAccountServices.File) { builder.Append("f"); } if ((services & SharedAccessAccountServices.Queue) == SharedAccessAccountServices.Queue) { builder.Append("q"); } if ((services & SharedAccessAccountServices.Table) == SharedAccessAccountServices.Table) { builder.Append("t"); } return builder.ToString(); }
public static void ValidateAccountSAS( SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange, DateTime?startTime, DateTime?expiryTime, string sasToken) { Test.Assert(sasToken.StartsWith("?"), "Sas token must be a query string."); string[] sasSegs = sasToken.Substring(1).Split('&'); var sasRequiredOptionList = sasRequiredOptions.ToList(); var sasOptionList = sasOptions.ToList(); if (service == SharedAccessAccountServices.None) { sasRequiredOptionList.Remove("ss"); } if (resourceType == SharedAccessAccountResourceTypes.None) { sasRequiredOptionList.Remove("srt"); } foreach (string sasSegment in sasSegs) { string[] queryPair = sasSegment.Split('='); Test.Assert(queryPair.Length == 2, "One segment should be a key value pair: {0}", sasSegment); sasRequiredOptionList.Remove(queryPair[0]); sasOptionList.Remove(queryPair[0]); switch (queryPair[0]) { case "ss": ValidateSASService(service, queryPair[1]); break; case "srt": ValidateResourceType(resourceType, queryPair[1]); break; case "sp": ValidatePermissions(permission, queryPair[1]); break; case "sip": ValidateIpRange(iPAddressOrRange, queryPair[1]); break; case "spr": ValidateProtocol(protocol, queryPair[1]); break; case "st": ValidateStartTime(startTime, queryPair[1]); break; case "se": ValidateExpiryTime(expiryTime, queryPair[1]); break; } } Test.Assert(0 == sasRequiredOptionList.Count, "All required options should exist."); if (0 != sasRequiredOptionList.Count) { Test.Info("Not exist required options: " + sasRequiredOptionList.First()); } if (string.IsNullOrEmpty(iPAddressOrRange)) { Test.Assert(sasOptionList.Contains("sip"), "IPACL option should be null."); } else if (null == startTime) { Test.Assert(sasOptionList.Contains("st"), "StartTime option should be null."); } }