public void GenerateAccountSas_WrongService_Service()
{
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Files;// Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = InstrumentClient(new BlobServiceClient(connectionString, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None),
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
try
{
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
Assert.Fail("BlobContainerClient.GenerateSasUri should have failed with an ArgumentException.");
}
catch (InvalidOperationException)
{
// the correct exception came back
}
}
public void GenerateAccountSas_RequiredParameters()
{
// Arrange
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = new BlobServiceClient(connectionString, GetOptions());
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(
permissions: permissions,
expiresOn: expiresOn,
resourceTypes: resourceTypes);
// Assert
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Blobs, resourceTypes);
UriBuilder expectedUri = new UriBuilder(blobEndpoint);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
public void GenerateAccountSas_Builder()
{
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = InstrumentClient(new BlobServiceClient(connectionString, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None),
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
UriBuilder expectedUri = new UriBuilder(blobEndpoint);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
public void GenerateAccountSas_Builder()
{
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.blob.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = InstrumentClient(
new BlobServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
UriBuilder expectedUri = new UriBuilder(serviceUri);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri, sasUri);
}
/// <summary>
/// Creates an Account SAS Token
/// </summary>
/// <returns>A SAS token.</returns>
private static Uri GetAccountSASToken(BlobServiceClient blobServiceClient)
{
// Create a new access policy for the account with the following properties:
// Permissions: Read, Write, List, Create, Delete
// ResourceType: Container
// Expires in 24 hours
var sasToken = blobServiceClient.GenerateAccountSasUri(AccountSasPermissions.Read | AccountSasPermissions.Create | AccountSasPermissions.Write | AccountSasPermissions.List | AccountSasPermissions.Delete, DateTimeOffset.UtcNow.AddHours(1), AccountSasResourceTypes.All);
// Return the SASToken
return(sasToken);
}
public object RequestUploadInfo()
{
var sasBuilder = new AccountSasBuilder
{
Services = AccountSasServices.Blobs,
StartsOn = DateTimeOffset.UtcNow.AddMinutes(-5),
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(5),
Protocol = SasProtocol.Https,
ResourceTypes = AccountSasResourceTypes.Object | AccountSasResourceTypes.Container,
};
sasBuilder.SetPermissions(AccountSasPermissions.Read | AccountSasPermissions.Write | AccountSasPermissions.Update | AccountSasPermissions.Tag);
var client = new BlobServiceClient(azureOptions.CurrentValue.StorageAccount.ConnectionString);
return(new { Sas = client.GenerateAccountSasUri(sasBuilder).ToString(), ContainerName = azureOptions.CurrentValue.StorageAccount.ContainerName });
}
public async Task SetImmutibilityPolicyAsync_SetLegalHold_AccoutnSas(AccountSasPermissions sasPermissions)
{
// Arrange
await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth);
BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName());
BlobServiceClient sharedKeyServiceClient = InstrumentClient(
GetServiceClient_OAuthAccount_SharedKey());
Uri serviceSasUri = sharedKeyServiceClient.GenerateAccountSasUri(
sasPermissions,
Recording.UtcNow.AddDays(1),
AccountSasResourceTypes.All);
BlobBaseClient sasBlobClient = InstrumentClient(new BlobServiceClient(serviceSasUri, GetOptions())
.GetBlobContainerClient(vlwContainer.Container.Name)
.GetBlobBaseClient(blob.Name));
BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy
{
ExpiresOn = Recording.UtcNow.AddMinutes(5),
PolicyMode = BlobImmutabilityPolicyMode.Unlocked
};
// The service rounds Immutability Policy Expiry to the nearest second.
DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value);
// Act
Response <BlobImmutabilityPolicy> response = await sasBlobClient.SetImmutabilityPolicyAsync(
immutabilityPolicy : immutabilityPolicy);
// Assert
Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn);
Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode);
// Act
Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobClient.SetLegalHoldAsync(hasLegalHold : false);
// Assert
Assert.IsFalse(legalHoldResponse.Value.HasLegalHold);
}
public void GenerateAccountSas_WrongService_Service()
{
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.blob.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Files; // Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
BlobServiceClient serviceClient = InstrumentClient(
new BlobServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
TestHelper.AssertExpectedException(
() => serviceClient.GenerateAccountSasUri(sasBuilder),
new InvalidOperationException("SAS Uri cannot be generated. builder.Services does specify Blobs. builder.Services must either specify Blobs or specify all Services are accessible in the value."));
}
