internal async Task GetAzureContainerStoredAccessPolicyAsync(long taskId, IStorageBlobManagement localChannel, string containerName, string policyName) { //Get container instance, Get existing permissions CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName); BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions); BlobContainerAccessPolicy accessPolicy = (await container.GetAccessPolicyAsync(BlobRequestConditions, cancellationToken: CmdletCancellationToken).ConfigureAwait(false)).Value; IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers; if (!String.IsNullOrEmpty(policyName)) { BlobSignedIdentifier signedIdentifier = null; foreach (BlobSignedIdentifier identifier in signedIdentifiers) { if (identifier.Id == policyName) { signedIdentifier = identifier; } } if (signedIdentifier == null) { throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } else { OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier)); } } else { foreach (BlobSignedIdentifier identifier in signedIdentifiers) { OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(identifier)); } } }
private string GetContainerSASWithLighthouse(BlobServiceClient service, string storageAccount, string storageContainer, string blobName, StorageSharedKeyCredential credential) { BlobSasBuilder blobSasBuilder; BlobContainerClient container = service.GetBlobContainerClient(storageContainer); BlobContainerAccessPolicy policy = container.GetAccessPolicy(); BlobSignedIdentifier blobSignedIdentifier = policy.SignedIdentifiers.FirstOrDefault(x => x.Id == "expiresapr"); // if stored access policy exists, use it, otherwise, specify permissions if (blobSignedIdentifier != null) { blobSasBuilder = new BlobSasBuilder { BlobContainerName = storageContainer, Identifier = blobSignedIdentifier.Id }; /* load test how fast we can generate SAS token * for (int ii = 0; ii < 100000; ++ii ) * { * var blobSas = new BlobSasBuilder * { * BlobContainerName = storageContainer, * BlobName = "abc" + ii, * Identifier = blobSignedIdentifier.Id * }; * var param = blobSas.ToSasQueryParameters(credential).ToString(); * }*/ } else { DateTimeOffset expiresOn = DateTimeOffset.UtcNow.AddHours(2); blobSasBuilder = new BlobSasBuilder { BlobContainerName = storageContainer, ExpiresOn = expiresOn, }; blobSasBuilder.SetPermissions( BlobContainerSasPermissions.Read | BlobContainerSasPermissions.Create | BlobContainerSasPermissions.List); } var sasQueryParameters = blobSasBuilder.ToSasQueryParameters(credential).ToString(); String uri = String.IsNullOrEmpty(blobName) ? String.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list&{2}", storageAccount, storageContainer, sasQueryParameters.ToString()) : String.Format("https://{0}.blob.core.windows.net/{1}/{2}?{3}", storageAccount, storageContainer, blobName, sasQueryParameters.ToString()); return(uri); }
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime) { //Get container instance, Get existing permissions CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName); BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions); BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value; IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers; //Set the policy with new value BlobSignedIdentifier signedIdentifier = null; foreach (BlobSignedIdentifier identifier in signedIdentifiers) { if (identifier.Id == policyName) { signedIdentifier = identifier; } } if (signedIdentifier == null) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } if (noStartTime) { signedIdentifier.AccessPolicy.PolicyStartsOn = DateTimeOffset.MinValue; } else if (startTime != null) { signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime(); } if (noExpiryTime) { signedIdentifier.AccessPolicy.PolicyExpiresOn = DateTimeOffset.MinValue; } else if (ExpiryTime != null) { signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime(); } if (this.Permission != null) { signedIdentifier.AccessPolicy.Permissions = this.Permission; signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission); } //Set permissions back to container container.SetAccessPolicy(accessPolicy.BlobPublicAccess, signedIdentifiers, BlobRequestConditions, CmdletCancellationToken); WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier)); return(policyName); }
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission) { if (!NameUtil.IsValidStoredAccessPolicyName(policyName)) { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName)); } //Get container instance, Get existing permissions CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName); BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions); BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value; IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers; //Add new policy foreach (BlobSignedIdentifier identifier in signedIdentifiers) { if (identifier.Id == policyName) { throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName)); } } BlobSignedIdentifier signedIdentifier = new BlobSignedIdentifier(); signedIdentifier.Id = policyName; signedIdentifier.AccessPolicy = new BlobAccessPolicy(); if (StartTime != null) { signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime(); } if (ExpiryTime != null) { signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime(); } signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission); var newsignedIdentifiers = new List <BlobSignedIdentifier>(signedIdentifiers); newsignedIdentifiers.Add(signedIdentifier); //Set permissions back to container container.SetAccessPolicy(accessPolicy.BlobPublicAccess, newsignedIdentifiers, BlobRequestConditions, CmdletCancellationToken); return(policyName); }
public async Task ChangeContainerPermissionTest() { string containerName = _mockupService.Randomize(AppConstant.SAMPLE_CONTAINER_NAME); try { BlobContainerClient container = new BlobContainerClient(connectionString, containerName); await container.CreateAsync(); await _containerService.ChangeContainerPermission(containerName, PublicAccessType.BlobContainer); BlobContainerAccessPolicy accessPolicies = await container.GetAccessPolicyAsync(); Assert.AreEqual(accessPolicies.BlobPublicAccess, PublicAccessType.BlobContainer); } finally { //// delete container await _containerService.DeleteContainerAsync(containerName); } }
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName) { bool success = false; string result = string.Empty; //Get container instance, Get existing permissions CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName); BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions); BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value; IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers; //remove policy BlobSignedIdentifier signedIdentifier = null; foreach (BlobSignedIdentifier identifier in signedIdentifiers) { if (identifier.Id == policyName) { signedIdentifier = identifier; } } if (signedIdentifier == null) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } if (ShouldProcess(policyName, "Remove policy")) { List <BlobSignedIdentifier> policyList = new List <BlobSignedIdentifier>(signedIdentifiers); policyList.Remove(signedIdentifier); //Set permissions back to container container.SetAccessPolicy(accessPolicy.BlobPublicAccess, policyList, BlobRequestConditions, CmdletCancellationToken); success = true; } return(success); }
public async Task CreateSharedAccessPolicy() { string connectionString = this.ConnectionString; string containerName = Randomize("sample-container"); BlobContainerClient containerClient = new BlobContainerClient(connectionString, containerName); try { await containerClient.CreateIfNotExistsAsync(); #region Snippet:SampleSnippetsBlobMigration_SharedAccessPolicy // Create one or more stored access policies. List <BlobSignedIdentifier> signedIdentifiers = new List <BlobSignedIdentifier> { new BlobSignedIdentifier { Id = "mysignedidentifier", AccessPolicy = new BlobAccessPolicy { StartsOn = DateTimeOffset.UtcNow.AddHours(-1), ExpiresOn = DateTimeOffset.UtcNow.AddDays(1), Permissions = "rw" } } }; // Set the container's access policy. await containerClient.SetAccessPolicyAsync(permissions : signedIdentifiers); #endregion BlobContainerAccessPolicy containerAccessPolicy = containerClient.GetAccessPolicy(); Assert.AreEqual(signedIdentifiers.First().Id, containerAccessPolicy.SignedIdentifiers.First().Id); } finally { await containerClient.DeleteIfExistsAsync(); } }
public void SetTrack2Permission(BlobContainerAccessPolicy accesspolicy = null) { // Try to get container permission if not input it, and container not deleted if (accesspolicy == null && (this.IsDeleted == null || !this.IsDeleted.Value)) { try { accesspolicy = privateBlobContainerClient.GetAccessPolicy().Value; } catch (global::Azure.RequestFailedException e) when(e.Status == 403 || e.Status == 404) { // 404 Not found, or 403 Forbidden means we don't have permission to query the Permission of the specified container. // Just skip return container permission in this case. } } if (accesspolicy != null) { AccessPolicy = accesspolicy; switch (accesspolicy.BlobPublicAccess) { case PublicAccessType.Blob: PublicAccess = BlobContainerPublicAccessType.Blob; break; case PublicAccessType.BlobContainer: PublicAccess = BlobContainerPublicAccessType.Container; break; case PublicAccessType.None: default: PublicAccess = BlobContainerPublicAccessType.Off; break; } } }