internal async Task GetAzureContainerStoredAccessPolicyAsync(long taskId, IStorageBlobManagement localChannel, string containerName, string policyName)
{
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = (await container.GetAccessPolicyAsync(BlobRequestConditions, cancellationToken: CmdletCancellationToken).ConfigureAwait(false)).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
if (!String.IsNullOrEmpty(policyName))
{
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
else
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier));
}
}
else
{
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(identifier));
}
}
}
private string GetContainerSASWithLighthouse(BlobServiceClient service, string storageAccount,
string storageContainer, string blobName, StorageSharedKeyCredential credential)
{
BlobSasBuilder blobSasBuilder;
BlobContainerClient container = service.GetBlobContainerClient(storageContainer);
BlobContainerAccessPolicy policy = container.GetAccessPolicy();
BlobSignedIdentifier blobSignedIdentifier = policy.SignedIdentifiers.FirstOrDefault(x => x.Id == "expiresapr");
// if stored access policy exists, use it, otherwise, specify permissions
if (blobSignedIdentifier != null)
{
blobSasBuilder = new BlobSasBuilder
{
BlobContainerName = storageContainer,
Identifier = blobSignedIdentifier.Id
};
/* load test how fast we can generate SAS token
* for (int ii = 0; ii < 100000; ++ii )
* {
* var blobSas = new BlobSasBuilder
* {
* BlobContainerName = storageContainer,
* BlobName = "abc" + ii,
* Identifier = blobSignedIdentifier.Id
* };
* var param = blobSas.ToSasQueryParameters(credential).ToString();
* }*/
}
else
{
DateTimeOffset expiresOn = DateTimeOffset.UtcNow.AddHours(2);
blobSasBuilder = new BlobSasBuilder
{
BlobContainerName = storageContainer,
ExpiresOn = expiresOn,
};
blobSasBuilder.SetPermissions(
BlobContainerSasPermissions.Read |
BlobContainerSasPermissions.Create |
BlobContainerSasPermissions.List);
}
var sasQueryParameters = blobSasBuilder.ToSasQueryParameters(credential).ToString();
String uri = String.IsNullOrEmpty(blobName) ?
String.Format("https://{0}.blob.core.windows.net/{1}?restype=container&comp=list&{2}",
storageAccount,
storageContainer,
sasQueryParameters.ToString()) :
String.Format("https://{0}.blob.core.windows.net/{1}/{2}?{3}",
storageAccount,
storageContainer,
blobName,
sasQueryParameters.ToString());
return(uri);
}
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime)
{
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//Set the policy with new value
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (noStartTime)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = DateTimeOffset.MinValue;
}
else if (startTime != null)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime();
}
if (noExpiryTime)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = DateTimeOffset.MinValue;
}
else if (ExpiryTime != null)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime();
}
if (this.Permission != null)
{
signedIdentifier.AccessPolicy.Permissions = this.Permission;
signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission);
}
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, signedIdentifiers, BlobRequestConditions, CmdletCancellationToken);
WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier));
return(policyName);
}
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission)
{
if (!NameUtil.IsValidStoredAccessPolicyName(policyName))
{
throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName));
}
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//Add new policy
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName));
}
}
BlobSignedIdentifier signedIdentifier = new BlobSignedIdentifier();
signedIdentifier.Id = policyName;
signedIdentifier.AccessPolicy = new BlobAccessPolicy();
if (StartTime != null)
{
signedIdentifier.AccessPolicy.PolicyStartsOn = StartTime.Value.ToUniversalTime();
}
if (ExpiryTime != null)
{
signedIdentifier.AccessPolicy.PolicyExpiresOn = ExpiryTime.Value.ToUniversalTime();
}
signedIdentifier.AccessPolicy.Permissions = AccessPolicyHelper.OrderBlobPermission(this.Permission);
var newsignedIdentifiers = new List <BlobSignedIdentifier>(signedIdentifiers);
newsignedIdentifiers.Add(signedIdentifier);
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, newsignedIdentifiers, BlobRequestConditions, CmdletCancellationToken);
return(policyName);
}
public async Task ChangeContainerPermissionTest()
{
string containerName = _mockupService.Randomize(AppConstant.SAMPLE_CONTAINER_NAME);
try
{
BlobContainerClient container = new BlobContainerClient(connectionString, containerName);
await container.CreateAsync();
await _containerService.ChangeContainerPermission(containerName, PublicAccessType.BlobContainer);
BlobContainerAccessPolicy accessPolicies = await container.GetAccessPolicyAsync();
Assert.AreEqual(accessPolicies.BlobPublicAccess, PublicAccessType.BlobContainer);
}
finally
{
//// delete container
await _containerService.DeleteContainerAsync(containerName);
}
}
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName)
{
bool success = false;
string result = string.Empty;
//Get container instance, Get existing permissions
CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName);
BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions);
BlobContainerAccessPolicy accessPolicy = container.GetAccessPolicy(cancellationToken: CmdletCancellationToken).Value;
IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers;
//remove policy
BlobSignedIdentifier signedIdentifier = null;
foreach (BlobSignedIdentifier identifier in signedIdentifiers)
{
if (identifier.Id == policyName)
{
signedIdentifier = identifier;
}
}
if (signedIdentifier == null)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
if (ShouldProcess(policyName, "Remove policy"))
{
List <BlobSignedIdentifier> policyList = new List <BlobSignedIdentifier>(signedIdentifiers);
policyList.Remove(signedIdentifier);
//Set permissions back to container
container.SetAccessPolicy(accessPolicy.BlobPublicAccess, policyList, BlobRequestConditions, CmdletCancellationToken);
success = true;
}
return(success);
}
public async Task CreateSharedAccessPolicy()
{
string connectionString = this.ConnectionString;
string containerName = Randomize("sample-container");
BlobContainerClient containerClient = new BlobContainerClient(connectionString, containerName);
try
{
await containerClient.CreateIfNotExistsAsync();
#region Snippet:SampleSnippetsBlobMigration_SharedAccessPolicy
// Create one or more stored access policies.
List <BlobSignedIdentifier> signedIdentifiers = new List <BlobSignedIdentifier>
{
new BlobSignedIdentifier
{
Id = "mysignedidentifier",
AccessPolicy = new BlobAccessPolicy
{
StartsOn = DateTimeOffset.UtcNow.AddHours(-1),
ExpiresOn = DateTimeOffset.UtcNow.AddDays(1),
Permissions = "rw"
}
}
};
// Set the container's access policy.
await containerClient.SetAccessPolicyAsync(permissions : signedIdentifiers);
#endregion
BlobContainerAccessPolicy containerAccessPolicy = containerClient.GetAccessPolicy();
Assert.AreEqual(signedIdentifiers.First().Id, containerAccessPolicy.SignedIdentifiers.First().Id);
}
finally
{
await containerClient.DeleteIfExistsAsync();
}
}
public void SetTrack2Permission(BlobContainerAccessPolicy accesspolicy = null)
{
// Try to get container permission if not input it, and container not deleted
if (accesspolicy == null && (this.IsDeleted == null || !this.IsDeleted.Value))
{
try
{
accesspolicy = privateBlobContainerClient.GetAccessPolicy().Value;
}
catch (global::Azure.RequestFailedException e) when(e.Status == 403 || e.Status == 404)
{
// 404 Not found, or 403 Forbidden means we don't have permission to query the Permission of the specified container.
// Just skip return container permission in this case.
}
}
if (accesspolicy != null)
{
AccessPolicy = accesspolicy;
switch (accesspolicy.BlobPublicAccess)
{
case PublicAccessType.Blob:
PublicAccess = BlobContainerPublicAccessType.Blob;
break;
case PublicAccessType.BlobContainer:
PublicAccess = BlobContainerPublicAccessType.Container;
break;
case PublicAccessType.None:
default:
PublicAccess = BlobContainerPublicAccessType.Off;
break;
}
}
}
