public async Task SetPermissions_BlobContainerSasPermissions(BlobContainerSasPermissions permissions) { // Arrange await using DisposingContainer test = await GetTestContainerAsync(); BlobSasBuilder blobSasBuilder = new BlobSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), BlobContainerName = test.Container.Name }; blobSasBuilder.SetPermissions(permissions); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey); BlobUriBuilder blobUriBuilder = new BlobUriBuilder(test.Container.Uri) { Sas = blobSasBuilder.ToSasQueryParameters(sharedKeyCredential) }; BlobContainerClient sasContainerClient = new BlobContainerClient(blobUriBuilder.ToUri(), GetOptions()); // Act await foreach (BlobItem blobItem in sasContainerClient.GetBlobsAsync()) { // Just make sure the call succeeds. } }
private static BlobContainerSasPermissions ConvertPermissions(ContainerPermission permission) { BlobContainerSasPermissions blobPermissions = 0; if (permission.HasFlag(ContainerPermission.Read)) { blobPermissions |= BlobContainerSasPermissions.Read; } if (permission.HasFlag(ContainerPermission.Write)) { blobPermissions |= BlobContainerSasPermissions.Write; } if (permission.HasFlag(ContainerPermission.Delete)) { blobPermissions |= BlobContainerSasPermissions.Delete; } if (permission.HasFlag(ContainerPermission.List)) { blobPermissions |= BlobContainerSasPermissions.List; } return(blobPermissions); }
/// <summary> /// Create a permissions string to provide /// <see cref="BlobSasBuilder.Permissions"/>. /// </summary> /// <returns>A permissions string.</returns> internal static string ToPermissionsString(this BlobContainerSasPermissions permissions) { var sb = new StringBuilder(); if ((permissions & BlobContainerSasPermissions.Read) == BlobContainerSasPermissions.Read) { sb.Append(Constants.Sas.Permissions.Read); } if ((permissions & BlobContainerSasPermissions.Add) == BlobContainerSasPermissions.Add) { sb.Append(Constants.Sas.Permissions.Add); } if ((permissions & BlobContainerSasPermissions.Create) == BlobContainerSasPermissions.Create) { sb.Append(Constants.Sas.Permissions.Create); } if ((permissions & BlobContainerSasPermissions.Write) == BlobContainerSasPermissions.Write) { sb.Append(Constants.Sas.Permissions.Write); } if ((permissions & BlobContainerSasPermissions.Delete) == BlobContainerSasPermissions.Delete) { sb.Append(Constants.Sas.Permissions.Delete); } if ((permissions & BlobContainerSasPermissions.List) == BlobContainerSasPermissions.List) { sb.Append(Constants.Sas.Permissions.List); } return(sb.ToString()); }
public async Task SetImmutibilityPolicyAsync_SetLegalHold_ContainerSas(BlobContainerSasPermissions sasPermissions) { // Arrange await using DisposingImmutableStorageWithVersioningContainer vlwContainer = await GetTestVersionLevelWormContainer(TestConfigOAuth); BlobBaseClient blob = await GetNewBlobClient(vlwContainer.Container, GetNewBlobName()); BlobContainerClient sharedKeyContainer = InstrumentClient( GetServiceClient_OAuthAccount_SharedKey().GetBlobContainerClient(vlwContainer.Container.Name)); Uri containerSasUri = sharedKeyContainer.GenerateSasUri(sasPermissions, Recording.UtcNow.AddDays(1)); BlobBaseClient sasBlobClient = InstrumentClient(new BlobContainerClient(containerSasUri, GetOptions()).GetBlobBaseClient(blob.Name)); BlobImmutabilityPolicy immutabilityPolicy = new BlobImmutabilityPolicy { ExpiresOn = Recording.UtcNow.AddMinutes(5), PolicyMode = BlobImmutabilityPolicyMode.Unlocked }; // The service rounds Immutability Policy Expiry to the nearest second. DateTimeOffset expectedImmutabilityPolicyExpiry = RoundToNearestSecond(immutabilityPolicy.ExpiresOn.Value); // Act Response <BlobImmutabilityPolicy> response = await sasBlobClient.SetImmutabilityPolicyAsync( immutabilityPolicy : immutabilityPolicy); // Assert Assert.AreEqual(expectedImmutabilityPolicyExpiry, response.Value.ExpiresOn); Assert.AreEqual(immutabilityPolicy.PolicyMode, response.Value.PolicyMode); // Act Response <BlobLegalHoldResult> legalHoldResponse = await sasBlobClient.SetLegalHoldAsync(hasLegalHold : false); // Assert Assert.IsFalse(legalHoldResponse.Value.HasLegalHold); }
public string GenerateContainerSasUri(string containerName, BlobContainerSasPermissions permissions, DateTimeOffset expiresOn, string storedPolicyName = "") { var message = ""; var containerClient = GetBlobContainerClient(containerName); if (!containerClient.CanGenerateSasUri) { message = "Could not generate the SAS uri."; throw new ApiHttpStatusException <ErrorModel <int> >(HttpStatusCode.BadRequest, message, new ErrorModel <int> { Code = (int)HttpStatusCode.NotAcceptable, Message = message, }); } var builder = new BlobSasBuilder(permissions, expiresOn) { BlobContainerName = containerClient.Name, Resource = "c", }; if (!string.IsNullOrWhiteSpace(storedPolicyName)) { builder = new BlobSasBuilder(); builder.Identifier = storedPolicyName; } var sasUri = containerClient.GenerateSasUri(builder); return(sasUri.ToString()); }
public BlobSasQueryParameters GetContainerSas( string containerName, BlobContainerSasPermissions permissions, StorageSharedKeyCredential sharedKeyCredential = default, string sasVersion = default) { BlobSasBuilder sasBuilder = GetBlobSasBuilder(containerName, sasVersion: sasVersion); sasBuilder.SetPermissions(permissions); return sasBuilder.ToSasQueryParameters(sharedKeyCredential ?? GetNewSharedKeyCredentials()); }
public string CreateSASToken(int tokenExpirationInDays, BlobContainerSasPermissions containerPermissions) { BlobSasBuilder builder = new BlobSasBuilder { BlobContainerName = Container.Name, ExpiresOn = DateTimeOffset.UtcNow.AddDays(tokenExpirationInDays) }; builder.SetPermissions(containerPermissions); return(builder.ToSasQueryParameters(_credential).ToString()); }
public BlobSasQueryParameters GetContainerIdentitySas( string containerName, BlobContainerSasPermissions permissions, UserDelegationKey userDelegationKey, string accountName, string sasVersion = default) { BlobSasBuilder sasBuilder = GetBlobSasBuilder(containerName, sasVersion: sasVersion); sasBuilder.SetPermissions(permissions); return sasBuilder.ToSasQueryParameters(userDelegationKey, accountName); }
/// <summary> /// Set blob permission to SAS builder /// </summary> public static BlobSasBuilder SetBlobPermission(BlobSasBuilder sasBuilder, string rawPermission) { BlobContainerSasPermissions permission = 0; foreach (char c in rawPermission) { switch (c) { case 'r': permission = permission | BlobContainerSasPermissions.Read; break; case 'a': permission = permission | BlobContainerSasPermissions.Add; break; case 'c': permission = permission | BlobContainerSasPermissions.Create; break; case 'w': permission = permission | BlobContainerSasPermissions.Write; break; case 'd': permission = permission | BlobContainerSasPermissions.Delete; break; case 'l': permission = permission | BlobContainerSasPermissions.List; break; case 't': permission = permission | BlobContainerSasPermissions.Tag; break; case 'x': permission = permission | BlobContainerSasPermissions.DeleteBlobVersion; break; case 'i': permission = permission | BlobContainerSasPermissions.SetImmutabilityPolicy; break; default: // Can't convert to permission supported by XSCL, so use raw permission string sasBuilder.SetPermissions(rawPermission); return(sasBuilder); } } sasBuilder.SetPermissions(permission); return(sasBuilder); }
public async Task <UriBuilder> CreateUriBuilder( string containerName, string resourceType = "c", BlobContainerSasPermissions permission = BlobContainerSasPermissions.Read, int expiresOnMinutes = 10, CancellationToken cancellationToken = default ) { var accountName = AzureStorageUtils.GetAccountName(_connectionParameters); if (!String.IsNullOrWhiteSpace(accountName)) { var uriBuilder = new UriBuilder() { Scheme = "https", Host = string.Format("{0}.blob.core.windows.net", accountName) }; if (_connectionParameters.IsDevelopmentStorage) { return(uriBuilder); } else { var sasBuilder = CreateBlobSasBuilder(containerName, resourceType, permission, expiresOnMinutes); StorageSharedKeyCredential credential; if (!String.IsNullOrWhiteSpace(_connectionParameters.ConnectionString)) { credential = AzureStorageUtils.CreateCredentialFromConnectionString(_connectionParameters.ConnectionString); } else { string accessKey = await GetStorageAccountKey(cancellationToken); credential = new StorageSharedKeyCredential(_connectionParameters.StorageAccountName, accessKey); } var sasToken = sasBuilder.ToSasQueryParameters(credential); uriBuilder.Query = sasToken.ToString(); return(uriBuilder); } } else { return(null); } }
public static Uri?GetContainerSasUrlService( BlobContainerClient client, BlobContainerSasPermissions permissions, bool tag = false, TimeSpan?timeSpan = null) { var(start, expiry) = SasTimeWindow(timeSpan ?? TimeSpan.FromDays(30.0)); var sasBuilder = new BlobSasBuilder(permissions, expiry) { StartsOn = start }; return(client.GenerateSasUri(sasBuilder)); }
private Uri GetStorageAccountSasUriForCleanupJob(BlobContainerClient blobContainerClient) { // We want to provide "Read", "Write" and "Delete" permissions to the storage container, so that it can // create a blob, read it and subsequently delete it. BlobContainerSasPermissions sasPermissions = BlobContainerSasPermissions.Write | BlobContainerSasPermissions.Read | BlobContainerSasPermissions.Delete; BlobSasBuilder sasBuilder = new BlobSasBuilder(sasPermissions, DateTimeOffset.UtcNow.AddHours(1)) { BlobContainerName = blobContainerClient.Name, }; return(blobContainerClient.GenerateSasUri(sasBuilder)); }
/// <summary> /// Create a permissions string to provide /// <see cref="BlobSasBuilder.Permissions"/>. /// </summary> /// <returns>A permissions string.</returns> internal static string ToPermissionsString(this BlobContainerSasPermissions permissions) { var sb = new StringBuilder(); if ((permissions & BlobContainerSasPermissions.Read) == BlobContainerSasPermissions.Read) { sb.Append(Constants.Sas.Permissions.Read); } if ((permissions & BlobContainerSasPermissions.Add) == BlobContainerSasPermissions.Add) { sb.Append(Constants.Sas.Permissions.Add); } if ((permissions & BlobContainerSasPermissions.Create) == BlobContainerSasPermissions.Create) { sb.Append(Constants.Sas.Permissions.Create); } if ((permissions & BlobContainerSasPermissions.Write) == BlobContainerSasPermissions.Write) { sb.Append(Constants.Sas.Permissions.Write); } if ((permissions & BlobContainerSasPermissions.Delete) == BlobContainerSasPermissions.Delete) { sb.Append(Constants.Sas.Permissions.Delete); } if ((permissions & BlobContainerSasPermissions.DeleteBlobVersion) == BlobContainerSasPermissions.DeleteBlobVersion) { sb.Append(Constants.Sas.Permissions.DeleteBlobVersion); } if ((permissions & BlobContainerSasPermissions.List) == BlobContainerSasPermissions.List) { sb.Append(Constants.Sas.Permissions.List); } if ((permissions & BlobContainerSasPermissions.Tag) == BlobContainerSasPermissions.Tag) { sb.Append(Constants.Sas.Permissions.Tag); } if ((permissions & BlobContainerSasPermissions.Filter) == BlobContainerSasPermissions.Filter) { sb.Append(Constants.Sas.Permissions.FilterByTags); } if ((permissions & BlobContainerSasPermissions.SetImmutabilityPolicy) == BlobContainerSasPermissions.SetImmutabilityPolicy) { sb.Append(Constants.Sas.Permissions.SetImmutabilityPolicy); } return(sb.ToString()); }
public async Async.Task <Uri> GetContainerSasUrl(Container container, StorageType storageType, BlobContainerSasPermissions permissions, TimeSpan?duration = null) { var client = await FindContainer(container, storageType) ?? throw new Exception($"unable to find container: {container.ContainerName} - {storageType}"); var(accountName, accountKey) = await _storage.GetStorageAccountNameAndKey(client.AccountName); var(startTime, endTime) = SasTimeWindow(duration ?? TimeSpan.FromDays(30)); var sasBuilder = new BlobSasBuilder(permissions, endTime) { StartsOn = startTime, BlobContainerName = container.ContainerName, }; var sasUrl = client.GenerateSasUri(sasBuilder); return(sasUrl); }
public static Uri GetContainerSas(string containerName, StorageSharedKeyCredential key, BlobContainerSasPermissions permissions = BlobContainerSasPermissions.Read, uint durationMinutes = 10) { var sasBuilder = new BlobSasBuilder() { BlobContainerName = containerName, Resource = "c", StartsOn = DateTimeOffset.UtcNow.AddMinutes(-5), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(durationMinutes) }; sasBuilder.SetPermissions(permissions); var sasToken = sasBuilder.ToSasQueryParameters(key).ToString(); var fullUri = new UriBuilder() { Scheme = "https", Host = $"{key.AccountName}.blob.core.windows.net", Path = $"{containerName}", Query = sasToken }; return(fullUri.Uri); }
private string GetSasTokenForPermissions(BlobContainerSasPermissions permissions, DateTime expiration) { string sas = _container.GenerateSasUri(permissions, expiration).ToString(); return(sas.Substring(sas.IndexOf('?'))); }
public async Async.Task <Uri> GetContainerSasUrl(Container container, StorageType storageType, BlobContainerSasPermissions permissions, TimeSpan?duration = null) { var client = await FindContainer(container, storageType) ?? throw new Exception($"unable to find container: {container.ContainerName} - {storageType}"); var(startTime, endTime) = SasTimeWindow(duration ?? CONTAINER_SAS_DEFAULT_DURATION); var sasBuilder = new BlobSasBuilder(permissions, endTime) { StartsOn = startTime, BlobContainerName = _config.OneFuzzStoragePrefix + container.ContainerName, }; var sasUrl = client.GenerateSasUri(sasBuilder); return(sasUrl); }
BlobSasBuilder CreateBlobSasBuilder(string containerName, string resourceType = "c", BlobContainerSasPermissions permission = BlobContainerSasPermissions.Read, int expiresOnMinutes = 10) { var sasBuilder = new BlobSasBuilder() { BlobContainerName = containerName, Resource = resourceType, StartsOn = DateTimeOffset.UtcNow.AddMinutes(-1), ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(expiresOnMinutes) }; sasBuilder.SetPermissions(permission); return(sasBuilder); }