/// <summary>
/// Adds check for scope policy without adding the policy to the file access manifest.
/// </summary>
public void AddScopeCheck(string path, AbsolutePath scopePath, FileAccessPolicy policy)
{
DataItems.Add(
new ValidationData
{
Path = path,
PathId = scopePath.Value.Value,
ConePolicy = policy,
NodePolicy = null,
ExpectedUsn = ReportedFileAccess.NoUsn
});
}
/// <summary>
/// Adds path policy.
/// </summary>
public void AddPath(
string path,
FileAccessPolicy policy,
FileAccessPolicy?expectedEffectivePolicy = null,
Usn?expectedUsn = null)
{
AbsolutePath absolutePath = AbsolutePath.Create(m_pathTable, path);
var dataItem =
new ValidationData
{
Path = path,
PathId = absolutePath.Value.Value,
ConePolicy = null,
NodePolicy = expectedEffectivePolicy ?? policy,
ExpectedUsn = expectedUsn ?? ReportedFileAccess.NoUsn
};
DataItems.Add(dataItem);
m_manifest.AddPath(absolutePath, values: policy, mask: FileAccessPolicy.MaskNothing, expectedUsn: expectedUsn);
}
/// <summary>
/// Adds scope policy.
/// </summary>
public AbsolutePath AddScope(
string path,
FileAccessPolicy values,
FileAccessPolicy mask = FileAccessPolicy.Deny,
FileAccessPolicy basePolicy = FileAccessPolicy.Deny)
{
AbsolutePath scopeAbsolutePath = AbsolutePath.Create(m_pathTable, path);
var dataItem =
new ValidationData
{
Path = path,
PathId = scopeAbsolutePath.Value.Value,
NodePolicy = (basePolicy & mask) | values,
ConePolicy = null,
ExpectedUsn = ReportedFileAccess.NoUsn
};
DataItems.Add(dataItem);
m_manifest.AddScope(scopeAbsolutePath, mask, values);
return(scopeAbsolutePath);
}
protected override async Task <string> GetTokenAsync(string containerName, string filePath, FileAccessPolicy accessPolicy, IPAddress sourceIPAddress)
{
var storageAccount = CloudStorageAccount.Parse(this._storageAccountConnectionString);
var filesContainer = storageAccount.CreateCloudBlobClient().GetContainerReference(containerName);
var file = await filesContainer.GetBlobReferenceFromServerAsync(filePath);
var blobPolicy = new SharedAccessBlobPolicy()
{
SharedAccessExpiryTime = new DateTimeOffset(DateTime.UtcNow.Add(accessPolicy.TTL)),
Permissions = (SharedAccessBlobPermissions)accessPolicy.Permissions
};
// Return the SAS token for a blob.
return(file.GetSharedAccessSignature(blobPolicy, null, null, (SharedAccessProtocol)accessPolicy.Protocol, new IPAddressOrRange(sourceIPAddress.ToString())));
}
// TODO: May need to replace multiple parameters for file access policies with a dictionary parameter.
public StorageAccountSASTokenProvider(string storageAccountConnectionString, FileAccessPolicy readAccessPolicy, FileAccessPolicy deleteAccessPolicy, FileAccessPolicy readDeleteAccessPolicy)
: base(readAccessPolicy, deleteAccessPolicy, readDeleteAccessPolicy)
{
this._storageAccountConnectionString = storageAccountConnectionString;
}
public TokenProvider(FileAccessPolicy readAccessPolicy, FileAccessPolicy deleteAccessPolicy, FileAccessPolicy readDeleteAccessPolicy)
{
this._readAccessPolicy = readAccessPolicy;
this._deleteAccessPolicy = deleteAccessPolicy;
this._readDeleteAccessPolicy = readDeleteAccessPolicy;
}
protected abstract Task <string> GetTokenAsync(string containerName, string filePath, FileAccessPolicy tokenPolicy, IPAddress sourceIPAddress);
