public async Task CloudBlobContainerSetPermissionsAsync()
{
CloudBlobContainer container = GetRandomContainerReference();
try
{
await container.CreateAsync();
BlobContainerPermissions permissions = await container.GetPermissionsAsync();
Assert.AreEqual(BlobContainerPublicAccessType.Off, permissions.PublicAccess);
Assert.AreEqual(0, permissions.SharedAccessPolicies.Count);
// We do not have precision at milliseconds level. Hence, we need
// to recreate the start DateTime to be able to compare it later.
DateTime start = DateTime.UtcNow;
start = new DateTime(start.Year, start.Month, start.Day, start.Hour, start.Minute, start.Second, DateTimeKind.Utc);
DateTime expiry = start.AddMinutes(30);
permissions.PublicAccess = BlobContainerPublicAccessType.Container;
permissions.SharedAccessPolicies.Add("key1", new SharedAccessBlobPolicy()
{
SharedAccessStartTime = start,
SharedAccessExpiryTime = expiry,
Permissions = SharedAccessBlobPermissions.List,
});
await container.SetPermissionsAsync(permissions);
await Task.Delay(30 * 1000);
CloudBlobContainer container2 = container.ServiceClient.GetContainerReference(container.Name);
permissions = await container2.GetPermissionsAsync();
Assert.AreEqual(BlobContainerPublicAccessType.Container, permissions.PublicAccess);
Assert.AreEqual(1, permissions.SharedAccessPolicies.Count);
Assert.IsTrue(permissions.SharedAccessPolicies["key1"].SharedAccessStartTime.HasValue);
Assert.AreEqual(start, permissions.SharedAccessPolicies["key1"].SharedAccessStartTime.Value.UtcDateTime);
Assert.IsTrue(permissions.SharedAccessPolicies["key1"].SharedAccessExpiryTime.HasValue);
Assert.AreEqual(expiry, permissions.SharedAccessPolicies["key1"].SharedAccessExpiryTime.Value.UtcDateTime);
Assert.AreEqual(SharedAccessBlobPermissions.List, permissions.SharedAccessPolicies["key1"].Permissions);
}
finally
{
container.DeleteIfExistsAsync().AsTask().Wait();
}
}
/// <summary>
/// Async Get container presssions
/// </summary>
/// <param name="container">A cloudblobcontainer object</param>
/// <param name="accessCondition">Access condition</param>
/// <param name="options">Blob request option</param>
/// <param name="operationContext">Operation context</param>
/// <param name="cancellationToken">User cancellation token</param>
/// <returns>A task object which retrieve the permission of the specified container</returns>
public Task<BlobContainerPermissions> GetContainerPermissionsAsync(CloudBlobContainer container,
AccessCondition accessCondition, BlobRequestOptions options, OperationContext operationContext,
CancellationToken cancellationToken)
{
return container.GetPermissionsAsync(accessCondition, options, operationContext, cancellationToken);
}
/// <summary>
/// Creates a shared access policy on the container.
/// </summary>
/// <param name="container">A CloudBlobContainer object.</param>
/// <param name="policyName">The name of the stored access policy.</param>
/// <returns>A Task object.</returns>
private static async Task CreateSharedAccessPolicyAsync(CloudBlobContainer container, string policyName)
{
// Create a new shared access policy and define its constraints.
// The access policy provides create, write, read, list, and delete permissions.
SharedAccessBlobPolicy sharedPolicy = new SharedAccessBlobPolicy()
{
// When the start time for the SAS is omitted, the start time is assumed to be the time when the storage service receives the request.
// Omitting the start time for a SAS that is effective immediately helps to avoid clock skew.
SharedAccessExpiryTime = DateTime.UtcNow.AddHours(24),
Permissions = SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.List |
SharedAccessBlobPermissions.Write | SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.Delete
};
// Get the container's existing permissions.
BlobContainerPermissions permissions = await container.GetPermissionsAsync();
// Add the new policy to the container's permissions, and set the container's permissions.
permissions.SharedAccessPolicies.Add(policyName, sharedPolicy);
await container.SetPermissionsAsync(permissions);
}
/// <summary>
/// Sets the anonymous access level.
/// </summary>
/// <param name="container">The container.</param>
/// <param name="accessType">Type of the access.</param>
/// <returns>A Task object.</returns>
private static async Task SetAnonymousAccessLevelAsync(CloudBlobContainer container, BlobContainerPublicAccessType accessType)
{
try
{
// Read the existing permissions first so that we have all container permissions.
// This ensures that we do not inadvertently remove any shared access policies while setting the public access level.
BlobContainerPermissions permissions = await container.GetPermissionsAsync();
// Set the container's public access level.
permissions.PublicAccess = BlobContainerPublicAccessType.Container;
await container.SetPermissionsAsync(permissions);
Console.WriteLine("Container public access set to {0}", accessType.ToString());
Console.WriteLine();
}
catch (StorageException e)
{
Console.WriteLine(e.Message);
Console.ReadLine();
throw;
}
}
/// <summary>
/// Test container reads and writes, expecting success.
/// </summary>
/// <param name="testContainer">The container.</param>
/// <param name="testAccessCondition">The access condition to use.</param>
private async Task ContainerReadWriteExpectLeaseSuccessAsync(CloudBlobContainer testContainer, AccessCondition testAccessCondition)
{
await testContainer.FetchAttributesAsync(testAccessCondition, null /* options */, null);
await testContainer.GetPermissionsAsync(testAccessCondition, null /* options */, null);
await testContainer.SetMetadataAsync(testAccessCondition, null /* options */, null);
await testContainer.SetPermissionsAsync(new BlobContainerPermissions(), testAccessCondition, null /* options */, null);
}
/// <summary>
/// Test container reads and writes, expecting lease failure.
/// </summary>
/// <param name="testContainer">The container.</param>
/// <param name="testAccessCondition">The failing access condition to use.</param>
/// <param name="expectedErrorCode">The expected error code.</param>
/// <param name="description">The reason why these calls should fail.</param>
private async Task ContainerReadWriteExpectLeaseFailureAsync(CloudBlobContainer testContainer, AccessCondition testAccessCondition, HttpStatusCode expectedStatusCode, string expectedErrorCode, string description)
{
OperationContext operationContext = new OperationContext();
// FetchAttributes is a HEAD request with no extended error info, so it returns with the generic ConditionFailed error code.
await TestHelper.ExpectedExceptionAsync(
async () => await testContainer.FetchAttributesAsync(testAccessCondition, null /* options */, operationContext),
operationContext,
description + "(Fetch Attributes)",
HttpStatusCode.PreconditionFailed);
await TestHelper.ExpectedExceptionAsync(
async () => await testContainer.GetPermissionsAsync(testAccessCondition, null /* options */, operationContext),
operationContext,
description + " (Get Permissions)",
expectedStatusCode,
expectedErrorCode);
await TestHelper.ExpectedExceptionAsync(
async () => await testContainer.SetMetadataAsync(testAccessCondition, null /* options */, operationContext),
operationContext,
description + " (Set Metadata)",
expectedStatusCode,
expectedErrorCode);
await TestHelper.ExpectedExceptionAsync(
async () => await testContainer.SetPermissionsAsync(new BlobContainerPermissions(), testAccessCondition, null /* options */, operationContext),
operationContext,
description + " (Set Permissions)",
expectedStatusCode,
expectedErrorCode);
}
/// <summary>
/// Test container reads and writes, expecting success.
/// </summary>
/// <param name="testContainer">The container.</param>
/// <param name="testAccessCondition">The access condition to use.</param>
private void ContainerReadWriteExpectLeaseSuccessTask(CloudBlobContainer testContainer, AccessCondition testAccessCondition)
{
testContainer.FetchAttributesAsync(testAccessCondition, null /* options */, null /* operationContext */).Wait();
testContainer.GetPermissionsAsync(testAccessCondition, null /* options */, null /* operationContext */).Wait();
testContainer.SetMetadataAsync(testAccessCondition, null /* options */, null /* operationContext */).Wait();
testContainer.SetPermissionsAsync(new BlobContainerPermissions(), testAccessCondition, null /* options */, null /* operationContext */).Wait();
}
private async Task<HttpResponseMessage> FormContainerAclResponse(CloudBlobContainer container)
{
BlobContainerPermissions permissions = await container.GetPermissionsAsync();
HttpResponseMessage response = CreateResponse(permissions.SharedAccessPolicies);
await AddBasicContainerHeaders(response, container);
//Only add this header if some form of public access is permitted.
if (permissions.PublicAccess != BlobContainerPublicAccessType.Off)
{
response.Headers.Add("x-ms-blob-public-access", permissions.PublicAccess.ToString().ToLower());
}
return response;
}
static async Task CopyContainer(CloudBlobContainer sourceContainer, CloudBlobContainer destContainer)
{
await sourceContainer.FetchAttributesAsync();
var access = await sourceContainer.GetPermissionsAsync();
await destContainer.CreateIfNotExistsAsync(access.PublicAccess, null, null);
await destContainer.SetPermissionsAsync(access);
destContainer.Metadata.Clear();
foreach (var metadatum in sourceContainer.Metadata)
{
destContainer.Metadata.Add(metadatum);
}
await destContainer.SetMetadataAsync();
}
