/// <summary>
/// Get connection string for Storage Account.
/// </summary>
/// <param name="resourceGroup"></param>
/// <param name="storageAccount"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public async Task <string> GetStorageAccountConectionStringAsync(
IResourceGroup resourceGroup,
StorageAccountInner storageAccount,
CancellationToken cancellationToken = default
)
{
if (resourceGroup is null)
{
throw new ArgumentNullException(nameof(resourceGroup));
}
if (storageAccount is null)
{
throw new ArgumentNullException(nameof(storageAccount));
}
var storageAccountKey = await GetStorageAccountKeyAsync(resourceGroup, storageAccount, cancellationToken);
var storageAccountConectionString = string.Format(
kSTORAGE_ACCOUNT_CONECTION_STRING_FORMAT,
storageAccount.Name,
storageAccountKey.Value,
_azureEnvironment.StorageEndpointSuffix
);
return(storageAccountConectionString);
}
/// <summary>
/// Creates StorageEncryptionHelper.
/// </summary>
/// <param name="createParameters">the model representing payload for storage account create</param>
internal StorageEncryptionHelper(StorageAccountCreateParameters createParameters)
{
this.isInCreateMode = true;
this.createParameters = createParameters;
this.updateParameters = null;
this.inner = null;
}
public async Task <BlobContainerInner> CreateBlobContainerAsync(
IResourceGroup resourceGroup,
StorageAccountInner storageAccount,
string containerName,
PublicAccess publicAccess = PublicAccess.None,
IDictionary <string, string> tags = null,
CancellationToken cancellationToken = default
)
{
try {
tags = tags ?? new Dictionary <string, string>();
Log.Information($"Creating Blob Container: {containerName} ...");
var iotHubBlobContainer = await _storageManagementClient
.BlobContainers
.CreateAsync(
resourceGroup.Name,
storageAccount.Name,
containerName,
publicAccess,
tags,
cancellationToken
);
Log.Information($"Created Blob Container: {containerName}");
return(iotHubBlobContainer);
}
catch (Exception ex) {
Log.Error(ex, $"Failed to create Blob Container: {containerName}");
throw;
}
}
/// <summary>
/// Get access key for specified Storage Account.
/// </summary>
/// <param name="resourceGroup"></param>
/// <param name="storageAccount"></param>
/// <param name="cancellationToken"></param>
/// <returns></returns>
public async Task <StorageAccountKey> GetStorageAccountKeyAsync(
IResourceGroup resourceGroup,
StorageAccountInner storageAccount,
CancellationToken cancellationToken = default
)
{
if (resourceGroup is null)
{
throw new ArgumentNullException(nameof(resourceGroup));
}
if (storageAccount is null)
{
throw new ArgumentNullException(nameof(storageAccount));
}
var keysList = await _storageManagementClient
.StorageAccounts
.ListKeysAsync(
resourceGroup.Name,
storageAccount.Name,
cancellationToken
);
var storageAccountKey = keysList.Keys.First();
return(storageAccountKey);
}
/// <summary>
/// Creates StorageEncryptionHelper.
/// </summary>
/// <param name="updateParameters">the model representing the payload for storage account update</param>
/// <param name="inner">the current state of storage account</param>
internal StorageEncryptionHelper(StorageAccountUpdateParameters updateParameters, StorageAccountInner inner)
{
this.isInCreateMode = false;
this.createParameters = null;
this.updateParameters = updateParameters;
this.inner = inner;
}
/// <summary>
/// Creates StorageNetworkRulesHelper.
/// </summary>
/// <param name="createParameters">the model representing payload for storage account create.</param>
internal StorageNetworkRulesHelper(StorageAccountCreateParametersInner createParameters)
{
this.isInCreateMode = true;
this.createParameters = createParameters;
this.updateParameters = null;
this.inner = null;
}
/// <summary>
/// Creates StorageNetworkRulesHelper.
/// </summary>
/// <param name="updateParameters">the model representing payload for storage account update</param>
/// <param name="inner">the current state of storage account</param>
internal StorageNetworkRulesHelper(StorageAccountUpdateParametersInner updateParameters, StorageAccountInner inner)
{
this.isInCreateMode = false;
this.createParameters = null;
this.updateParameters = updateParameters;
this.inner = inner;
}
/// <summary>
/// Checks whether access to the given storage account is allowed from all networks.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>true if access allowed from all networks, false otherwise</returns>
internal static bool IsAccessAllowedFromAllNetworks(StorageAccountInner inner)
{
if (inner.NetworkRuleSet == null || inner.NetworkRuleSet.DefaultAction == null)
{
return(true);
}
return(inner.NetworkRuleSet.DefaultAction.Equals("Allow", StringComparison.OrdinalIgnoreCase));
}
/// <summary>
/// Checks whether access to the given storage account is allowed from all networks.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>true if access allowed from all networks, false otherwise</returns>
internal static bool IsAccessAllowedFromAllNetworks(StorageAccountInner inner)
{
if (inner.NetworkRuleSet == null || inner.NetworkRuleSet.DefaultAction == null)
{
return(true);
}
return(inner.NetworkRuleSet.DefaultAction.Equals(DefaultAction.Allow));
}
/// <summary>
/// Gets the encryption key source.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>the encryption key source type</returns>
internal static StorageAccountEncryptionKeySource EncryptionKeySource(StorageAccountInner inner)
{
if (inner.Encryption == null || inner.Encryption.KeySource == null)
{
return(null);
}
return(StorageAccountEncryptionKeySource.Parse(inner.Encryption.KeySource.ToString()));
}
/// <summary>
/// Checks storage account can be accessed from applications running on azure.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>true if storage can be accessed from application running on azure, false otherwise</returns>
internal static bool CanAccessFromAzureServices(StorageAccountInner inner)
{
if (inner.NetworkRuleSet != null && inner.NetworkRuleSet.DefaultAction != null && inner.NetworkRuleSet.DefaultAction.Equals("Deny", StringComparison.OrdinalIgnoreCase))
{
ISet <String> bypassSet = ParseBypass(inner.NetworkRuleSet.Bypass);
return(bypassSet.Contains(Bypass.AzureServices.ToLowerInvariant()));
}
return(true);
}
/// <summary>
/// Checks storage metrics can be read from any network.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>true if storage metrics can be read from any network, false otherwise</returns>
internal static bool CanReadMetricsFromAnyNetwork(StorageAccountInner inner)
{
if (inner.NetworkRuleSet != null && inner.NetworkRuleSet.DefaultAction != null && inner.NetworkRuleSet.DefaultAction.Equals(DefaultAction.Deny))
{
ISet <String> bypassSet = ParseBypass(inner.NetworkRuleSet.Bypass);
return(bypassSet.Contains(Bypass.Metrics.ToString().ToLowerInvariant()));
}
return(true);
}
/// <summary>
/// The list of ipv4 addresses having access to the given storage account.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>list of ip addresses</returns>
internal static List <String> IpAddressesWithAccess(StorageAccountInner inner)
{
var ipAddresses = new List <string>();
if (inner.NetworkRuleSet != null && inner.NetworkRuleSet.IpRules != null)
{
foreach (var rule in inner.NetworkRuleSet.IpRules)
{
if (rule != null && rule.IPAddressOrRange != null && !rule.IPAddressOrRange.Contains("/"))
{
ipAddresses.Add(rule.IPAddressOrRange);
}
}
}
return(ipAddresses);
}
/// <summary>
/// The list of resource id of subnets having access to the given storage account.
/// </summary>
/// <param name="inner">the storage account</param>
/// <returns>list of subnet resource ids</returns>
internal static List <String> NetworkSubnetsWithAccess(StorageAccountInner inner)
{
var subnetIds = new List <string>();
if (inner.NetworkRuleSet != null && inner.NetworkRuleSet.VirtualNetworkRules != null)
{
foreach (var rule in inner.NetworkRuleSet.VirtualNetworkRules)
{
if (rule != null && rule.VirtualNetworkResourceId != null)
{
subnetIds.Add(rule.VirtualNetworkResourceId);
}
}
}
return(subnetIds);
}
public async Task <string> GetStorageAccountConectionStringAsync(
IResourceGroup resourceGroup,
StorageAccountInner storageAccount,
CancellationToken cancellationToken = default
)
{
var storageAccountKey = await GetStorageAccountKeyAsync(resourceGroup, storageAccount, cancellationToken);
var storageAccountConectionString = string.Format(
STORAGE_ACCOUNT_CONECTION_STRING_FORMAT,
storageAccount.Name,
storageAccountKey.Value,
_azureEnvironment.StorageEndpointSuffix
);
return(storageAccountConectionString);
}
public async Task <StorageAccountKey> GetStorageAccountKeyAsync(
IResourceGroup resourceGroup,
StorageAccountInner storageAccount,
CancellationToken cancellationToken = default
)
{
var keysList = await _storageManagementClient
.StorageAccounts
.ListKeysAsync(
resourceGroup.Name,
storageAccount.Name,
cancellationToken
);
var storageAccountKey = keysList.Keys.First();
return(storageAccountKey);
}
public IIoTEnvironment(
AzureEnvironment azureEnvironment,
Guid tenantId,
IotHubDescription iotHub,
string iotHubOwnerConnectionString,
string iotHubOnboardingConsumerGroupName,
int iotHubEventHubEndpointsPartitionsCount,
string cosmosDBAccountConnectionString,
StorageAccountInner storageAccount,
StorageAccountKey storageAccountKey,
EventhubInner eventHub,
string eventHubConnectionString,
string serviceBusConnectionString,
string signalRConnectionString,
VaultInner keyVault,
Workspace operationalInsightsWorkspace,
ApplicationInsightsComponent applicationInsightsComponent,
SiteInner webSite,
Application serviceApplication,
Application clientApplication
)
{
_HUB_CS = iotHubOwnerConnectionString;
PCS_IOTHUB_CONNSTRING = iotHubOwnerConnectionString; // duplicate
PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING = cosmosDBAccountConnectionString;
PCS_TELEMETRY_DOCUMENTDB_CONNSTRING = cosmosDBAccountConnectionString; // duplicate
PCS_TELEMETRYAGENT_DOCUMENTDB_CONNSTRING = cosmosDBAccountConnectionString; // duplicate
PCS_IOTHUBREACT_ACCESS_CONNSTRING = iotHubOwnerConnectionString; // duplicate
PCS_IOTHUBREACT_HUB_NAME = iotHub.Name;
PCS_IOTHUBREACT_HUB_ENDPOINT = iotHub.Properties.EventHubEndpoints["events"].Endpoint;
PCS_IOTHUBREACT_HUB_CONSUMERGROUP = iotHubOnboardingConsumerGroupName;
PCS_IOTHUBREACT_HUB_PARTITIONS = $"{iotHubEventHubEndpointsPartitionsCount}";
PCS_IOTHUBREACT_AZUREBLOB_ACCOUNT = storageAccount.Name;
PCS_IOTHUBREACT_AZUREBLOB_KEY = storageAccountKey.Value;
PCS_IOTHUBREACT_AZUREBLOB_ENDPOINT_SUFFIX = azureEnvironment.StorageEndpointSuffix;
PCS_ASA_DATA_AZUREBLOB_ACCOUNT = PCS_IOTHUBREACT_AZUREBLOB_ACCOUNT; // duplicate
PCS_ASA_DATA_AZUREBLOB_KEY = PCS_IOTHUBREACT_AZUREBLOB_KEY; // duplicate
PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX = PCS_IOTHUBREACT_AZUREBLOB_ENDPOINT_SUFFIX; // duplicate
PCS_EVENTHUB_CONNSTRING = eventHubConnectionString;
PCS_EVENTHUB_NAME = eventHub.Name;
PCS_SERVICEBUS_CONNSTRING = serviceBusConnectionString;
PCS_KEYVAULT_URL = keyVault.Properties.VaultUri;
PCS_WORKSPACE_NAME = operationalInsightsWorkspace.Name;
PCS_APPINSIGHTS_NAME = applicationInsightsComponent.Name;
PCS_APPINSIGHTS_INSTRUMENTATIONKEY = applicationInsightsComponent.InstrumentationKey;
PCS_SERVICE_URL = $"https://{webSite.HostNames[0]}";
PCS_SIGNALR_CONNSTRING = signalRConnectionString;
PCS_AUTH_HTTPSREDIRECTPORT = "0";
PCS_AUTH_REQUIRED = "true";
PCS_AUTH_AUDIENCE = serviceApplication.IdentifierUris.First();
PCS_AUTH_ISSUER = $"https://sts.windows.net/{tenantId.ToString()}/";
PCS_WEBUI_AUTH_AAD_APPID = clientApplication.AppId;
PCS_WEBUI_AUTH_AAD_AUTHORITY = azureEnvironment.AuthenticationEndpoint;
PCS_WEBUI_AUTH_AAD_TENANT = tenantId.ToString();
PCS_CORS_WHITELIST = "*";
REACT_APP_PCS_AUTH_REQUIRED = PCS_AUTH_REQUIRED; // duplicate
REACT_APP_PCS_AUTH_AUDIENCE = PCS_AUTH_AUDIENCE; // duplicate
REACT_APP_PCS_AUTH_ISSUER = PCS_AUTH_ISSUER; // duplicate
REACT_APP_PCS_WEBUI_AUTH_AAD_APPID = PCS_WEBUI_AUTH_AAD_APPID; // duplicate
REACT_APP_PCS_WEBUI_AUTH_AAD_AUTHORITY = PCS_WEBUI_AUTH_AAD_AUTHORITY; // duplicate
REACT_APP_PCS_WEBUI_AUTH_AAD_TENANT = PCS_WEBUI_AUTH_AAD_TENANT; // duplicate
Dict = new Dictionary <string, string> {
{ "_HUB_CS", _HUB_CS },
{ "PCS_IOTHUB_CONNSTRING", PCS_IOTHUB_CONNSTRING },
{ "PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING", PCS_STORAGEADAPTER_DOCUMENTDB_CONNSTRING },
{ "PCS_TELEMETRY_DOCUMENTDB_CONNSTRING", PCS_TELEMETRY_DOCUMENTDB_CONNSTRING },
{ "PCS_TELEMETRYAGENT_DOCUMENTDB_CONNSTRING", PCS_TELEMETRYAGENT_DOCUMENTDB_CONNSTRING },
{ "PCS_IOTHUBREACT_ACCESS_CONNSTRING", PCS_IOTHUBREACT_ACCESS_CONNSTRING },
{ "PCS_IOTHUBREACT_HUB_NAME", PCS_IOTHUBREACT_HUB_NAME },
{ "PCS_IOTHUBREACT_HUB_ENDPOINT", PCS_IOTHUBREACT_HUB_ENDPOINT },
{ "PCS_IOTHUBREACT_HUB_CONSUMERGROUP", PCS_IOTHUBREACT_HUB_CONSUMERGROUP },
{ "PCS_IOTHUBREACT_HUB_PARTITIONS", PCS_IOTHUBREACT_HUB_PARTITIONS },
{ "PCS_IOTHUBREACT_AZUREBLOB_ACCOUNT", PCS_IOTHUBREACT_AZUREBLOB_ACCOUNT },
{ "PCS_IOTHUBREACT_AZUREBLOB_KEY", PCS_IOTHUBREACT_AZUREBLOB_KEY },
{ "PCS_IOTHUBREACT_AZUREBLOB_ENDPOINT_SUFFIX", PCS_IOTHUBREACT_AZUREBLOB_ENDPOINT_SUFFIX },
{ "PCS_ASA_DATA_AZUREBLOB_ACCOUNT", PCS_ASA_DATA_AZUREBLOB_ACCOUNT },
{ "PCS_ASA_DATA_AZUREBLOB_KEY", PCS_ASA_DATA_AZUREBLOB_KEY },
{ "PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX", PCS_ASA_DATA_AZUREBLOB_ENDPOINT_SUFFIX },
{ "PCS_EVENTHUB_CONNSTRING", PCS_EVENTHUB_CONNSTRING },
{ "PCS_EVENTHUB_NAME", PCS_EVENTHUB_NAME },
{ "PCS_SERVICEBUS_CONNSTRING", PCS_SERVICEBUS_CONNSTRING },
{ "PCS_KEYVAULT_URL", PCS_KEYVAULT_URL },
{ "PCS_WORKSPACE_NAME", PCS_WORKSPACE_NAME },
{ "PCS_APPINSIGHTS_NAME", PCS_APPINSIGHTS_NAME },
{ "PCS_APPINSIGHTS_INSTRUMENTATIONKEY", PCS_APPINSIGHTS_INSTRUMENTATIONKEY },
{ "PCS_SERVICE_URL", PCS_SERVICE_URL },
{ "PCS_SIGNALR_CONNSTRING", PCS_SIGNALR_CONNSTRING },
{ "PCS_AUTH_HTTPSREDIRECTPORT", PCS_AUTH_HTTPSREDIRECTPORT },
{ "PCS_AUTH_REQUIRED", PCS_AUTH_REQUIRED },
{ "PCS_AUTH_AUDIENCE", PCS_AUTH_AUDIENCE },
{ "PCS_AUTH_ISSUER", PCS_AUTH_ISSUER },
{ "PCS_WEBUI_AUTH_AAD_APPID", PCS_WEBUI_AUTH_AAD_APPID },
{ "PCS_WEBUI_AUTH_AAD_AUTHORITY", PCS_WEBUI_AUTH_AAD_AUTHORITY },
{ "PCS_WEBUI_AUTH_AAD_TENANT", PCS_WEBUI_AUTH_AAD_TENANT },
{ "PCS_CORS_WHITELIST", PCS_CORS_WHITELIST },
{ "REACT_APP_PCS_AUTH_REQUIRED", REACT_APP_PCS_AUTH_REQUIRED },
{ "REACT_APP_PCS_AUTH_AUDIENCE", REACT_APP_PCS_AUTH_AUDIENCE },
{ "REACT_APP_PCS_AUTH_ISSUER", REACT_APP_PCS_AUTH_ISSUER },
{ "REACT_APP_PCS_WEBUI_AUTH_AAD_APPID", REACT_APP_PCS_WEBUI_AUTH_AAD_APPID },
{ "REACT_APP_PCS_WEBUI_AUTH_AAD_AUTHORITY", REACT_APP_PCS_WEBUI_AUTH_AAD_AUTHORITY },
{ "REACT_APP_PCS_WEBUI_AUTH_AAD_TENANT", REACT_APP_PCS_WEBUI_AUTH_AAD_TENANT }
};
}
/// <summary>
/// Gets the encryption statuses of various storage services.
/// </summary>
/// <param name="inner">the storage accounts</param>
/// <returns>the dictionary containing the encryption statuses indexed by service name</returns>
internal static IDictionary <StorageService, IStorageAccountEncryptionStatus> EncryptionStatuses(StorageAccountInner inner)
{
IDictionary <StorageService, IStorageAccountEncryptionStatus> statuses = new Dictionary <StorageService, IStorageAccountEncryptionStatus>();
EncryptionServices services = null;
if (inner.Encryption != null)
{
services = inner.Encryption.Services;
}
statuses.Add(StorageService.Blob, new BlobServiceEncryptionStatusImpl(services));
statuses.Add(StorageService.File, new FileServiceEncryptionStatusImpl(services));
statuses.Add(StorageService.Table, new TableServiceEncryptionStatusImpl(services));
statuses.Add(StorageService.Queue, new QueueServiceEncryptionStatusImpl(services));
return(statuses);
}
