internal async Task GetAzureContainerStoredAccessPolicyAsync(long taskId, IStorageBlobManagement localChannel, string containerName, string policyName)
{
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = (await container.GetAccessPolicyAsync(BlobRequestConditions, cancellationToken: CmdletCancellationToken).ConfigureAwait(false)).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
if (!String.IsNullOrEmpty(policyName))
{
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
else
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier));
}
}
else
{
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(identifier));
}
}
}
/// <summary>
/// get blob content
/// </summary>
/// <param name="container">source container object</param>
/// <param name="blobName">source blob name</param>
/// <param name="fileName">destination file name</param>
/// <returns>the downloaded AzureStorageBlob object</returns>
internal void GetBlobContent(CloudBlobContainer container, string blobName, string fileName)
{
if (!NameUtil.IsValidBlobName(blobName))
{
throw new ArgumentException(String.Format(Resources.InvalidBlobName, blobName));
}
// Don't need get File full path here, since will get file full path in GetBlobContent() with blob object.
ValidatePipelineCloudBlobContainer(container);
if (UseTrack2Sdk())
{
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, Channel.StorageContext, ClientOptions);
BlobBaseClient blobClient = track2container.GetBlobBaseClient(blobName);
GetBlobContent(blobClient, fileName, true);
}
else
{
AccessCondition accessCondition = null;
BlobRequestOptions requestOptions = RequestOptions;
CloudBlob blob = GetBlobReferenceFromServerWithContainer(Channel, container, blobName, accessCondition, requestOptions, OperationContext);
GetBlobContent(blob, fileName, true);
}
}
/// <summary>
/// get blob content
/// </summary>
/// <param name="container">source container object</param>
/// <param name="blobName">source blob name</param>
/// <param name="fileName">destination file name</param>
/// <returns>the downloaded AzureStorageBlob object</returns>
internal void GetBlobContent(CloudBlobContainer container, string blobName, string fileName)
{
if (!NameUtil.IsValidBlobName(blobName))
{
throw new ArgumentException(String.Format(Resources.InvalidBlobName, blobName));
}
string filePath = GetFullReceiveFilePath(fileName, blobName, null);
ValidatePipelineCloudBlobContainer(container);
if (UseTrack2SDK())
{
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, Channel.StorageContext, ClientOptions);
BlobBaseClient blobClient = track2container.GetBlobBaseClient(blobName);
GetBlobContent(blobClient, filePath, true);
}
else
{
AccessCondition accessCondition = null;
BlobRequestOptions requestOptions = RequestOptions;
CloudBlob blob = GetBlobReferenceFromServerWithContainer(Channel, container, blobName, accessCondition, requestOptions, OperationContext);
GetBlobContent(blob, filePath, true);
}
}
private BlobBaseClient GetDestBlob(IStorageBlobManagement destChannel, string destContainerName, string destBlobName, global::Azure.Storage.Blobs.Models.BlobType?blobType)
{
NameUtil.ValidateContainerName(destContainerName);
NameUtil.ValidateBlobName(destBlobName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(destChannel.GetContainerReference(destContainerName), destChannel.StorageContext, ClientOptions);
BlobBaseClient destBlob = Util.GetTrack2BlobClient(container, destBlobName, destChannel.StorageContext, null, null, null, ClientOptions, blobType is null ? global::Azure.Storage.Blobs.Models.BlobType.Block : blobType.Value);
return(destBlob);
}
/// <summary>
/// remove azure blob
/// </summary>
/// <param name="container">CloudBlobContainer object</param>
/// <param name="blobName">blob name</param>
/// <returns>true if the blob is removed successfully, false if user cancel the remove operation</returns>
internal async Task RemoveAzureBlob(long taskId, IStorageBlobManagement localChannel, CloudBlobContainer container, string blobName)
{
if (!NameUtil.IsValidBlobName(blobName))
{
throw new ArgumentException(String.Format(Resources.InvalidBlobName, blobName));
}
ValidatePipelineCloudBlobContainer(container);
if (!UseTrack2Sdk())
{
AccessCondition accessCondition = null;
BlobRequestOptions requestOptions = null;
CloudBlob blob = null;
try
{
blob = await localChannel.GetBlobReferenceFromServerAsync(container, blobName, this.SnapshotTime, accessCondition,
requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
}
catch (InvalidOperationException)
{
blob = null;
}
if (null == blob && container.ServiceClient.Credentials.IsSharedKey)
{
throw new ResourceNotFoundException(String.Format(Resources.BlobNotFound, blobName, container.Name));
}
else
{
//Construct the blob as CloudBlockBlob no matter what's the real blob type
//We can't get the blob type if Credentials only have the delete permission and don't have read permission.
blob = container.GetBlockBlobReference(blobName, this.SnapshotTime);
}
await RemoveAzureBlob(taskId, localChannel, blob, true).ConfigureAwait(false);
}
else
{
if (this.VersionId != null & this.SnapshotTime != null)
{
throw new ArgumentException("Can't input VersionId and SnapshotTime, since a blob can't have both.");
}
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, localChannel.StorageContext, ClientOptions);
BlobBaseClient blobClient = Util.GetTrack2BlobClient(track2container, blobName, localChannel.StorageContext, this.VersionId, null,
this.SnapshotTime is null? null : this.SnapshotTime.Value.ToString("o"), ClientOptions);
// Skip check blob existance, as Server will report error is necessary
await RemoveAzureBlobTrack2(taskId, localChannel, blobClient, true).ConfigureAwait(false);
}
}
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime)
{
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//Set the policy with new value
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (noStartTime)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = DateTimeOffset.MinValue;
}
else if (startTime != null)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime();
}
if (noExpiryTime)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = DateTimeOffset.MinValue;
}
else if (ExpiryTime != null)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime();
}
if (this.Permission != null)
{
signedIdentifier.AccessPolicy.Permissions = this.Permission;
signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission);
}
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, signedIdentifiers, BlobRequestConditions, CmdletCancellationToken);
WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier));
return(policyName);
}
/// <summary>
/// set the access level of specified container
/// </summary>
/// <param name="name">container name</param>
/// <param name="accessLevel">access level in ("off", "blob", "container")</param>
internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
BlobRequestOptions requestOptions = RequestOptions;
CloudBlobContainer container = localChannel.GetContainerReference(name);
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
// Get container permission and set the public access as input
BlobContainerAccessPolicy accessPolicy;
try
{
accessPolicy = containerClient.GetAccessPolicy(null, this.CmdletCancellationToken);
}
catch (global::Azure.RequestFailedException e) when(e.Status == 404)
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
PublicAccessType publicAccessType = PublicAccessType.None;
switch (accessLevel)
{
case BlobContainerPublicAccessType.Blob:
publicAccessType = PublicAccessType.Blob;
break;
case BlobContainerPublicAccessType.Container:
publicAccessType = PublicAccessType.BlobContainer;
break;
case BlobContainerPublicAccessType.Off:
publicAccessType = PublicAccessType.None;
break;
default:
case BlobContainerPublicAccessType.Unknown:
throw new ArgumentOutOfRangeException("Permission");
}
await containerClient.SetAccessPolicyAsync(publicAccessType, accessPolicy.SignedIdentifiers, null, this.CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
AzureStorageContainer storageContainer = new AzureStorageContainer(containerClient, Channel.StorageContext);
storageContainer.SetTrack2Permission();
OutputStream.WriteObject(taskId, storageContainer);
}
}
/// <summary>
/// List containers by container name pattern.
/// </summary>
/// <param name="name">Container name pattern</param>
/// <returns>An enumerable collection of cloudblob container</returns>
internal IEnumerable <Tuple <AzureStorageContainer, BlobContinuationToken> > ListContainersByName(string name)
{
string prefix = string.Empty;
if (String.IsNullOrEmpty(name) || WildcardPattern.ContainsWildcardCharacters(name))
{
prefix = NameUtil.GetNonWildcardPrefix(name);
WildcardOptions options = WildcardOptions.IgnoreCase | WildcardOptions.Compiled;
WildcardPattern wildcard = null;
if (!string.IsNullOrEmpty(name))
{
wildcard = new WildcardPattern(name, options);
}
Func <string, bool> containerFilter = (containerName) => null == wildcard || wildcard.IsMatch(containerName);
IEnumerable <Tuple <AzureStorageContainer, BlobContinuationToken> > containerList = ListContainersByPrefix(prefix, containerFilter);
foreach (var containerInfo in containerList)
{
yield return(containerInfo);
}
}
else
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
if (this.IncludeDeleted.IsPresent)
{
WriteWarning("Can't get single deleted container, so -IncludeDeleted will be omit when get single container with -Name.");
}
CloudBlobContainer container = Channel.GetContainerReference(name);
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
global::Azure.Storage.Blobs.Models.BlobContainerProperties properties = null;
try
{
properties = containerClient.GetProperties(cancellationToken: this.CmdletCancellationToken);
}
catch (global::Azure.RequestFailedException e) when(e.Status == 404)
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
yield return(new Tuple <AzureStorageContainer, BlobContinuationToken>(new AzureStorageContainer(containerClient, Channel.StorageContext, properties), null));
}
}
internal async Task SetBlobTag(long taskId, IStorageBlobManagement localChannel, CloudBlobContainer container, string blobName)
{
if (!NameUtil.IsValidBlobName(blobName))
{
throw new ArgumentException(String.Format(Resources.InvalidBlobName, blobName));
}
ValidatePipelineCloudBlobContainer(container);
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
BlobBaseClient blobClient = Util.GetTrack2BlobClient(track2container, blobName, localChannel.StorageContext, null, false, null, ClientOptions);
await SetBlobTag(taskId, localChannel, blobClient, true).ConfigureAwait(false);
}
/// <summary>
/// create a new azure container
/// </summary>
/// <param name="name">container name</param>
internal async Task CreateAzureContainer(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accesslevel)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
BlobRequestOptions requestOptions = RequestOptions;
CloudBlobContainer container = localChannel.GetContainerReference(name);
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, localChannel.StorageContext);
PublicAccessType containerPublicAccess = PublicAccessType.None;
if (accesslevel == BlobContainerPublicAccessType.Blob)
{
containerPublicAccess = PublicAccessType.Blob;
}
else if (accesslevel == BlobContainerPublicAccessType.Container)
{
containerPublicAccess = PublicAccessType.BlobContainer;
}
global::Azure.Storage.Blobs.Models.BlobContainerEncryptionScopeOptions encryptionScopeOption = null;
if (this.DefaultEncryptionScope != null)
{
encryptionScopeOption = new global::Azure.Storage.Blobs.Models.BlobContainerEncryptionScopeOptions()
{
// parameterset can ensure the 2 parameters must be set together.
DefaultEncryptionScope = this.DefaultEncryptionScope,
PreventEncryptionScopeOverride = this.preventEncryptionScopeOverride.Value
};
}
Response <BlobContainerInfo> responds = await containerClient.CreateIfNotExistsAsync(containerPublicAccess, null, encryptionScopeOption, CmdletCancellationToken).ConfigureAwait(false);
if (responds == null || responds.Value == null) // Container already exist so not created again
{
throw new ResourceAlreadyExistException(String.Format(Resources.ContainerAlreadyExists, name));
}
BlobContainerPermissions permissions = new BlobContainerPermissions()
{
PublicAccess = accesslevel
};
container.FetchAttributes();
WriteCloudContainerObject(taskId, localChannel, container, permissions);
}
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission)
{
if (!NameUtil.IsValidStoredAccessPolicyName(policyName))
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName));
}
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//Add new policy
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName));
}
}
BlobSignedIdentifier signedIdentifier = new BlobSignedIdentifier();
signedIdentifier.Id = policyName;
signedIdentifier.AccessPolicy = new BlobAccessPolicy();
if (StartTime != null)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime();
}
if (ExpiryTime != null)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime();
}
signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission);
var newsignedIdentifiers = new List <BlobSignedIdentifier>(signedIdentifiers);
newsignedIdentifiers.Add(signedIdentifier);
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, newsignedIdentifiers, BlobRequestConditions, CmdletCancellationToken);
return(policyName);
}
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName)
{
bool success = false;
string result = string.Empty;
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//remove policy
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (ShouldProcess(policyName, "Remove policy"))
{
List <BlobSignedIdentifier> policyList = new List <BlobSignedIdentifier>(signedIdentifiers);
policyList.Remove(signedIdentifier);
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, policyList, BlobRequestConditions, CmdletCancellationToken);
success = true;
}
return(success);
}
public override void ExecuteCmdlet()
{
if (String.IsNullOrEmpty(Name))
{
return;
}
// When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
bool generateUserDelegationSas = false;
if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
{
if (ShouldProcess(Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
{
generateUserDelegationSas = true;
if (!string.IsNullOrEmpty(accessPolicyIdentifier))
{
throw new ArgumentException("When input Storage Context is OAuth based, Saved Policy is not supported.", "Policy");
}
}
else
{
return;
}
}
if (!UseTrack2Sdk()) // Track1
{
CloudBlobContainer container = Channel.GetContainerReference(Name);
SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, container.Name, accessPolicy, accessPolicyIdentifier);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken;
if (generateUserDelegationSas)
{
UserDelegationKey userDelegationKey = Channel.GetUserDelegationKey(accessPolicy.SharedAccessStartTime, accessPolicy.SharedAccessExpiryTime, null, null, OperationContext);
sasToken = container.GetUserDelegationSharedAccessSignature(userDelegationKey, accessPolicy, null, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
}
else
{
sasToken = container.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
}
if (FullUri)
{
string fullUri = SasTokenHelper.GetFullUriWithSASToken(container.Uri.AbsoluteUri.ToString(), sasToken);
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
else //Track2
{
//Get container instance
CloudBlobContainer container_Track1 = Channel.GetContainerReference(Name);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
// Get contaienr saved policy if any
Track2Models.BlobSignedIdentifier identifier = null;
if (ParameterSetName == SasPolicyParmeterSet)
{
identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
}
//Create SAS builder
BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromContainer(container, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol);
//Create SAS and output it
string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
if (sasToken[0] != '?')
{
sasToken = "?" + sasToken;
}
if (FullUri)
{
string fullUri = SasTokenHelper.GetFullUriWithSASToken(container.Uri.AbsoluteUri.ToString(), sasToken);
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
}
/// <summary>
/// remove azure container by container name
/// </summary>
/// <param name="name">container name</param>
internal async Task RemoveAzureContainer(long taskId, IStorageBlobManagement localChannel, string name)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
string result = string.Empty;
bool removed = false;
CloudBlobContainer container = localChannel.GetContainerReference(name);
if (!UseTrack2Sdk())//Track1
{
BlobRequestOptions requestOptions = RequestOptions;
AccessCondition accessCondition = null;
if (!await localChannel.DoesContainerExistAsync(container, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false))
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
if (force || ContainerIsEmpty(container) || OutputStream.ConfirmAsync(String.Format("Remove container and all content in it: {0}", name)).Result)
{
await localChannel.DeleteContainerAsync(container, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
result = String.Format(Resources.RemoveContainerSuccessfully, name);
removed = true;
}
else
{
result = String.Format(Resources.RemoveContainerCancelled, name);
}
}
else
{
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
if (!containerClient.Exists(this.CmdletCancellationToken))
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
if (force || ContainerIsEmpty(container) || OutputStream.ConfirmAsync(String.Format("Remove container and all content in it: {0}", name)).Result)
{
await containerClient.DeleteAsync(cancellationToken : this.CmdletCancellationToken).ConfigureAwait(false);
result = String.Format(Resources.RemoveContainerSuccessfully, name);
removed = true;
}
else
{
result = String.Format(Resources.RemoveContainerCancelled, name);
}
}
OutputStream.WriteVerbose(taskId, result);
if (PassThru)
{
OutputStream.WriteObject(taskId, removed);
}
}
/// <summary>
/// list blobs by blob prefix and container name
/// </summary>
/// <param name="containerName">container name</param>
/// <param name="prefix">blob preifx</param>
/// <returns>An enumerable collection of IListBlobItem</returns>
internal async Task ListBlobsByPrefix(long taskId, IStorageBlobManagement localChannel, string containerName, string prefix, Func <string, bool> blobFilter = null, bool includeDeleted = false, bool includeVersion = false)
{
CloudBlobContainer container = await GetCloudBlobContainerByName(localChannel, containerName).ConfigureAwait(false);
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, localChannel.StorageContext, ClientOptions);
int listCount = InternalMaxCount;
int MaxListCount = 5000;
int requestCount = MaxListCount;
int realListCount = 0;
BlobContinuationToken continuationToken = ContinuationToken;
string track2ContinuationToken = this.ContinuationToken is null ? null : this.ContinuationToken.NextMarker;
if (UseTrack2Sdk()) // For new feature only available on Track2 SDK, need list with Track2 SDK.
{
BlobTraits blobTraits = BlobTraits.Metadata | BlobTraits.CopyStatus; // | BlobTraits.Tags;
BlobStates blobStates = BlobStates.Snapshots;
if (includeDeleted)
{
blobStates = blobStates | BlobStates.Deleted;
}
if (includeVersion)
{
blobStates = blobStates | BlobStates.Version;
}
do
{
requestCount = Math.Min(listCount, MaxListCount);
realListCount = 0;
IEnumerator <Page <BlobItem> > enumerator = track2container.GetBlobs(blobTraits, blobStates, prefix, CmdletCancellationToken)
.AsPages(track2ContinuationToken, requestCount)
.GetEnumerator();
Page <BlobItem> page;
enumerator.MoveNext();
page = enumerator.Current;
foreach (BlobItem item in page.Values)
{
if (blobFilter == null || blobFilter(item.Name))
{
OutputStream.WriteObject(taskId, GetAzureStorageBlob(item, track2container, localChannel.StorageContext, page.ContinuationToken, ClientOptions));
}
realListCount++;
}
track2ContinuationToken = page.ContinuationToken;
if (InternalMaxCount != int.MaxValue)
{
listCount -= realListCount;
}
} while (listCount > 0 && !string.IsNullOrEmpty(track2ContinuationToken));
}
else
{
BlobRequestOptions requestOptions = RequestOptions;
bool useFlatBlobListing = true;
BlobListingDetails details = BlobListingDetails.Snapshots | BlobListingDetails.Metadata | BlobListingDetails.Copy;
if (includeDeleted)
{
details = details | BlobListingDetails.Deleted;
}
do
{
requestCount = Math.Min(listCount, MaxListCount);
realListCount = 0;
BlobResultSegment blobResult = await localChannel.ListBlobsSegmentedAsync(container, prefix, useFlatBlobListing,
details, requestCount, continuationToken, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
foreach (IListBlobItem blobItem in blobResult.Results)
{
CloudBlob blob = blobItem as CloudBlob;
if (blob == null)
{
continue;
}
if (blobFilter == null || blobFilter(blob.Name))
{
WriteCloudBlobObject(taskId, localChannel, blob, blobResult.ContinuationToken);
realListCount++;
}
}
if (InternalMaxCount != int.MaxValue)
{
listCount -= realListCount;
}
continuationToken = blobResult.ContinuationToken;
}while (listCount > 0 && continuationToken != null);
}
}
/// <summary>
/// list blobs by blob name and container name
/// </summary>
/// <param name="containerName">container name</param>
/// <param name="blobName">blob name pattern</param>
/// <returns>An enumerable collection of IListBlobItem</returns>
internal async Task ListBlobsByName(long taskId, IStorageBlobManagement localChannel, string containerName, string blobName, bool includeDeleted = false, bool includeVersion = false)
{
CloudBlobContainer container = null;
BlobRequestOptions requestOptions = RequestOptions;
AccessCondition accessCondition = null;
string prefix = string.Empty;
if (String.IsNullOrEmpty(blobName) || WildcardPattern.ContainsWildcardCharacters(blobName) || includeDeleted)
{
container = await GetCloudBlobContainerByName(localChannel, containerName).ConfigureAwait(false);
prefix = NameUtil.GetNonWildcardPrefix(blobName);
WildcardOptions options = WildcardOptions.IgnoreCase | WildcardOptions.Compiled;
WildcardPattern wildcard = null;
if (!String.IsNullOrEmpty(blobName))
{
wildcard = new WildcardPattern(blobName, options);
}
Func <string, bool> blobFilter = (blobNameToFilte) => wildcard == null || wildcard.IsMatch(blobNameToFilte);
await ListBlobsByPrefix(taskId, localChannel, containerName, prefix, blobFilter, includeDeleted, IncludeVersion).ConfigureAwait(false);
}
else
{
container = await GetCloudBlobContainerByName(localChannel, containerName, true).ConfigureAwait(false);
BlobContainerClient track2container = AzureStorageContainer.GetTrack2BlobContainerClient(container, localChannel.StorageContext, ClientOptions);
if (!NameUtil.IsValidBlobName(blobName))
{
throw new ArgumentException(String.Format(Resources.InvalidBlobName, blobName));
}
BlobBaseClient blobClient = null;
if (UseTrack2Sdk()) // User Track2 SDK
{
blobClient = Util.GetTrack2BlobClient(track2container, blobName, localChannel.StorageContext, this.VersionId, false, this.SnapshotTime is null ? null : this.SnapshotTime.Value.ToString("o"), ClientOptions);
global::Azure.Storage.Blobs.Models.BlobProperties blobProperties;
try
{
blobProperties = blobClient.GetProperties(BlobRequestConditions, cancellationToken: CmdletCancellationToken);
}
catch (global::Azure.RequestFailedException e) when(e.Status == 404)
{
throw new ResourceNotFoundException(String.Format(Resources.BlobNotFound, blobName, containerName));
}
blobClient = Util.GetTrack2BlobClient(track2container, blobName, localChannel.StorageContext, this.VersionId, blobProperties.IsLatestVersion, this.SnapshotTime is null ? null : this.SnapshotTime.Value.ToString("o"), ClientOptions, blobProperties.BlobType);
AzureStorageBlob outputBlob = new AzureStorageBlob(blobClient, localChannel.StorageContext, blobProperties, ClientOptions);
OutputStream.WriteObject(taskId, outputBlob);
}
else // Use Track1 SDK
{
CloudBlob blob = await localChannel.GetBlobReferenceFromServerAsync(container, blobName, this.SnapshotTime, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
if (null == blob)
{
throw new ResourceNotFoundException(String.Format(Resources.BlobNotFound, blobName, containerName));
}
else
{
OutputStream.WriteObject(taskId, new AzureStorageBlob(blob, localChannel.StorageContext, ClientOptions));
}
}
}
}
/// <summary>
/// set the access level of specified container
/// </summary>
/// <param name="name">container name</param>
/// <param name="accessLevel">access level in ("off", "blob", "container")</param>
internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel)
{
if (!NameUtil.IsValidContainerName(name))
{
throw new ArgumentException(String.Format(Resources.InvalidContainerName, name));
}
BlobRequestOptions requestOptions = RequestOptions;
AccessCondition accessCondition = null;
bool needUseTrack2 = false;
CloudBlobContainer container = localChannel.GetContainerReference(name);
// Get container permission and set the public access as input
BlobContainerPermissions permissions = null;
try
{
permissions = localChannel.GetContainerPermissions(container, null, requestOptions, OperationContext);
}
catch (StorageException e) when(e.IsNotFoundException())
{
throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name));
}
catch (StorageException e) when(e.IsConflictException())
{
// 409 Conflict, might caused by the container has an Stored access policy contains a permission that is not supported by Track1 SDK API veresion, so switch to Track2 SDK
needUseTrack2 = true;
}
if (!needUseTrack2) // Track1
{
permissions.PublicAccess = accessLevel;
await localChannel.SetContainerPermissionsAsync(container, permissions, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
WriteCloudContainerObject(taskId, localChannel, container, permissions);
}
}
else // Track2
{
BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions);
// Get container permission and set the public access as input
BlobContainerAccessPolicy accessPolicy;
accessPolicy = containerClient.GetAccessPolicy(null, this.CmdletCancellationToken);
PublicAccessType publicAccessType = PublicAccessType.None;
switch (accessLevel)
{
case BlobContainerPublicAccessType.Blob:
publicAccessType = PublicAccessType.Blob;
break;
case BlobContainerPublicAccessType.Container:
publicAccessType = PublicAccessType.BlobContainer;
break;
case BlobContainerPublicAccessType.Off:
publicAccessType = PublicAccessType.None;
break;
default:
case BlobContainerPublicAccessType.Unknown:
throw new ArgumentOutOfRangeException("Permission");
}
await containerClient.SetAccessPolicyAsync(publicAccessType, accessPolicy.SignedIdentifiers, null, this.CmdletCancellationToken).ConfigureAwait(false);
if (PassThru)
{
AzureStorageContainer storageContainer = new AzureStorageContainer(container, null);
storageContainer.Context = localChannel.StorageContext;
storageContainer.SetTrack2Permission();
OutputStream.WriteObject(taskId, storageContainer);
}
}
}
public override void ExecuteCmdlet()
{
CloudBlob blob = null;
if (ParameterSetName == BlobNamePipelineParmeterSetWithPermission ||
ParameterSetName == BlobNamePipelineParmeterSetWithPolicy)
{
blob = GetCloudBlobByName(Container, Blob);
}
else
{
blob = this.CloudBlob;
}
// When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
bool generateUserDelegationSas = false;
if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
{
if (ShouldProcess(blob.Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
{
generateUserDelegationSas = true;
if (!string.IsNullOrEmpty(accessPolicyIdentifier))
{
throw new ArgumentException("When input Storage Context is OAuth based, Saved Policy is not supported.", "Policy");
}
}
else
{
return;
}
}
if (!(blob is InvalidCloudBlob) && !UseTrack2Sdk())
{
SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, blob.Container.Name, accessPolicy, accessPolicyIdentifier);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange), generateUserDelegationSas);
if (FullUri)
{
string fullUri = blob.SnapshotQualifiedUri.ToString();
if (blob.IsSnapshot)
{
// Since snapshot URL already has '?', need remove '?' in the first char of sas
fullUri = fullUri + "&" + sasToken.Substring(1);
}
else
{
fullUri = fullUri + sasToken;
}
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
else // Use Track2 SDk
{
//Get blob instance
BlobBaseClient blobClient;
if (this.BlobBaseClient != null)
{
blobClient = this.BlobBaseClient;
}
else
{
blobClient = AzureStorageBlob.GetTrack2BlobClient(blob, Channel.StorageContext, this.ClientOptions);
}
// Get contaienr saved policy if any
BlobSignedIdentifier identifier = null;
if (ParameterSetName == BlobNamePipelineParmeterSetWithPolicy || ParameterSetName == BlobPipelineParameterSetWithPolicy)
{
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(Channel.GetContainerReference(blobClient.BlobContainerName), Channel.StorageContext, ClientOptions);
identifier = SasTokenHelper.GetBlobSignedIdentifier(container, this.Policy, CmdletCancellationToken);
}
//Create SAS builder
BlobSasBuilder sasBuilder = SasTokenHelper.SetBlobSasBuilder_FromBlob(blobClient, identifier, this.Permission, this.StartTime, this.ExpiryTime, this.IPAddressOrRange, this.Protocol);
//Create SAS and ourput
string sasToken = SasTokenHelper.GetBlobSharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, ClientOptions, CmdletCancellationToken);
if (sasToken[0] != '?')
{
sasToken = "?" + sasToken;
}
if (FullUri)
{
string fullUri = blobClient.Uri.ToString();
if (blob.IsSnapshot)
{
// Since snapshot URL already has '?', need remove '?' in the first char of sas
fullUri = fullUri + "&" + sasToken.Substring(1);
}
else
{
fullUri = fullUri + sasToken;
}
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
}
public override void ExecuteCmdlet()
{
CloudBlob blob = null;
if (ParameterSetName == BlobNamePipelineParmeterSetWithPermission ||
ParameterSetName == BlobNamePipelineParmeterSetWithPolicy)
{
blob = GetCloudBlobByName(Container, Blob);
}
else
{
blob = this.CloudBlob;
}
// When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
bool generateUserDelegationSas = false;
if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
{
if (ShouldProcess(blob.Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
{
generateUserDelegationSas = true;
if (!string.IsNullOrEmpty(accessPolicyIdentifier))
{
throw new ArgumentException("When input Storage Context is OAuth based, Saved Policy is not supported.", "Policy");
}
}
else
{
return;
}
}
if (!(blob is InvalidCloudBlob) && !UseTrack2SDK())
{
SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, blob.Container.Name, accessPolicy, accessPolicyIdentifier);
SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange), generateUserDelegationSas);
if (FullUri)
{
string fullUri = blob.SnapshotQualifiedUri.ToString();
if (blob.IsSnapshot)
{
// Since snapshot URL already has '?', need remove '?' in the first char of sas
fullUri = fullUri + "&" + sasToken.Substring(1);
}
else
{
fullUri = fullUri + sasToken;
}
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
else // Use Track2 SDk
{
BlobBaseClient blobClient;
if (this.BlobBaseClient != null)
{
blobClient = this.BlobBaseClient;
}
else
{
blobClient = AzureStorageBlob.GetTrack2BlobClient(blob, Channel.StorageContext, this.ClientOptions);
}
BlobSasBuilder sasBuilder;
if (ParameterSetName == BlobNamePipelineParmeterSetWithPolicy || ParameterSetName == BlobPipelineParameterSetWithPolicy)
{
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(Channel.GetContainerReference(blobClient.BlobContainerName), Channel.StorageContext, ClientOptions);
IEnumerable <BlobSignedIdentifier> signedIdentifiers = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value.SignedIdentifiers;
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == this.Policy)
{
signedIdentifier = identifier;
break;
}
}
if (signedIdentifier is null)
{
throw new ArgumentException(string.Format(Resources.InvalidAccessPolicy, this.Policy));
}
sasBuilder = new BlobSasBuilder
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
Identifier = this.Policy
};
if (this.StartTime != null)
{
if (signedIdentifier.AccessPolicy.StartsOn != DateTimeOffset.MinValue)
{
throw new InvalidOperationException(Resources.SignedStartTimeMustBeOmitted);
}
else
{
sasBuilder.StartsOn = this.StartTime.Value.ToUniversalTime();
}
}
if (this.ExpiryTime != null)
{
if (signedIdentifier.AccessPolicy.ExpiresOn != DateTimeOffset.MinValue)
{
throw new ArgumentException(Resources.SignedExpiryTimeMustBeOmitted);
}
else
{
sasBuilder.ExpiresOn = this.ExpiryTime.Value.ToUniversalTime();
}
}
else if (signedIdentifier.AccessPolicy.ExpiresOn == DateTimeOffset.MinValue)
{
if (sasBuilder.StartsOn != DateTimeOffset.MinValue)
{
sasBuilder.ExpiresOn = sasBuilder.StartsOn.ToUniversalTime().AddHours(1);
}
else
{
sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1);
}
}
if (this.Permission != null)
{
if (signedIdentifier.AccessPolicy.Permissions != null)
{
throw new ArgumentException(Resources.SignedPermissionsMustBeOmitted);
}
else
{
sasBuilder.SetPermissions(this.Permission);
}
}
}
else
{
sasBuilder = new BlobSasBuilder
{
BlobContainerName = blobClient.BlobContainerName,
BlobName = blobClient.Name,
};
sasBuilder.SetPermissions(this.Permission);
if (this.StartTime != null)
{
sasBuilder.StartsOn = this.StartTime.Value.ToUniversalTime();
}
if (this.ExpiryTime != null)
{
sasBuilder.ExpiresOn = this.ExpiryTime.Value.ToUniversalTime();
}
else
{
if (sasBuilder.StartsOn != DateTimeOffset.MinValue)
{
sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime();
}
else
{
sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1);
}
}
}
if (this.IPAddressOrRange != null)
{
sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(this.IPAddressOrRange);
}
if (this.Protocol != null)
{
if (this.Protocol.Value == SharedAccessProtocol.HttpsOrHttp)
{
sasBuilder.Protocol = SasProtocol.HttpsAndHttp;
}
else //HttpsOnly
{
sasBuilder.Protocol = SasProtocol.Https;
}
}
if (Util.GetVersionIdFromBlobUri(blobClient.Uri) != null)
{
sasBuilder.BlobVersionId = Util.GetVersionIdFromBlobUri(blobClient.Uri);
}
if (Util.GetSnapshotTimeFromBlobUri(blobClient.Uri) != null)
{
sasBuilder.Snapshot = Util.GetSnapshotTimeFromBlobUri(blobClient.Uri).Value.ToString("o");
}
string sasToken = GetBlobSharedAccessSignature(blobClient, sasBuilder, generateUserDelegationSas);
if (sasToken[0] != '?')
{
sasToken = "?" + sasToken;
}
if (FullUri)
{
string fullUri = blobClient.Uri.ToString();
if (blob.IsSnapshot)
{
// Since snapshot URL already has '?', need remove '?' in the first char of sas
fullUri = fullUri + "&" + sasToken.Substring(1);
}
else
{
fullUri = fullUri + sasToken;
}
WriteObject(fullUri);
}
else
{
WriteObject(sasToken);
}
}
}
