private string GenerateAndValidateAccountSAS(
SharedAccessAccountServices service,
SharedAccessAccountResourceTypes resourceType,
string permission,
SharedAccessProtocol?protocol = null,
string iPAddressOrRange = null,
DateTime?startTime = null, DateTime?expiryTime = null)
{
Test.Assert(CommandAgent.NewAzureStorageAccountSAS(
service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime), "Should succeeded in generating an account sas with full permissions, services and resource types");
string sasToken;
if (lang == Language.PowerShell)
{
sasToken = CommandAgent.Output[0][Constants.SASTokenKey].ToString();
}
else
{
sasToken = "?" + CommandAgent.Output[0][Constants.SASTokenKeyNode];
}
AccountSASUtils.ValidateAccountSAS(
service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime, sasToken);
return(sasToken);
}
private static void ValidateResourceType(
SharedAccessAccountResourceTypes expectedResourceType,
string sasResourceType)
{
string resourceTypeString = SharedAccessAccountPolicy.ResourceTypesToString(expectedResourceType);
Test.Assert(string.Equals(sasResourceType, resourceTypeString), "Resource type: {0} == {1}", resourceTypeString, sasResourceType);
}
public void AccountSAS_InvalidParameter()
{
SharedAccessAccountServices service = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File | SharedAccessAccountServices.Queue | SharedAccessAccountServices.Table;
SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Service;
string permission = AccountSASUtils.fullPermission;
SharedAccessProtocol sasProtocal = SharedAccessProtocol.HttpsOrHttp;
string iPAddressOrRange = "0.0.0.0-255.255.255.255";
DateTime startTime = DateTime.Now.AddMinutes(-5);
DateTime expiryTime = DateTime.Now.AddMinutes(60);
//invalid permission
Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
service, resourceType, "racwx", sasProtocal, iPAddressOrRange, startTime, expiryTime), "Set stored access policy with invalid permission should fail");
if (lang == Language.PowerShell)
{
ExpectedContainErrorMessage("Invalid access permission");
}
else
{
ExpectedContainErrorMessage("Given \"x\" is invalid");
}
//repeated permission - success
GenerateAndValidateAccountSAS(
service, resourceType, "rracw", sasProtocal, iPAddressOrRange, startTime, expiryTime);
//invalid IP/IP range
Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
service, resourceType, permission, null, "123.3.4a", null, null), "Set stored access policy with invalid iPAddressOrRange should fail");
if (lang == Language.PowerShell)
{
ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid.");
}
else
{
ExpectedContainErrorMessage("Invalid ip range format");
}
Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
service, resourceType, permission, sasProtocal, "123.4.5.6_125.6.7.8", null, null), "Set stored access policy with invalid iPAddressOrRange should fail");
if (lang == Language.PowerShell)
{
ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid.");
}
else
{
ExpectedContainErrorMessage("Invalid ip range format");
}
//success: start IP > end IP
GenerateAndValidateAccountSAS(
service, resourceType, permission, sasProtocal, "22.22.22.22-11.111.11.11", startTime, expiryTime);
//Start time > expire Time
Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
service, resourceType, permission, sasProtocal, iPAddressOrRange, DateTime.Now.AddMinutes(5), DateTime.Now.AddMinutes(-5)), "Set stored access policy with invalid Start Time should fail");
ExpectedContainErrorMessage("The expiry time of the specified access policy should be greater than start time");
}
/// <summary>
/// Create a blob SAS build from Blob Object
/// </summary>
public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices Service,
SharedAccessAccountResourceTypes type,
string Permission = null,
DateTime?StartTime = null,
DateTime?ExpiryTime = null,
string iPAddressOrRange = null,
SharedAccessProtocol?Protocol = null,
string EncryptionScope = null)
{
AccountSasBuilder sasBuilder = new AccountSasBuilder();
sasBuilder.ResourceTypes = GetAccountSasResourceTypes(type);
sasBuilder.Services = GetAccountSasServices(Service);
sasBuilder = SetAccountPermission(sasBuilder, Permission);
if (StartTime != null)
{
sasBuilder.StartsOn = StartTime.Value.ToUniversalTime();
}
if (ExpiryTime != null)
{
sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime();
}
else
{
if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null)
{
sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime();
}
else
{
sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1);
}
}
if (iPAddressOrRange != null)
{
sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(iPAddressOrRange);
}
if (Protocol != null)
{
if (Protocol.Value == SharedAccessProtocol.HttpsOrHttp)
{
sasBuilder.Protocol = SasProtocol.HttpsAndHttp;
}
else //HttpsOnly
{
sasBuilder.Protocol = SasProtocol.Https;
}
}
if (EncryptionScope != null)
{
sasBuilder.EncryptionScope = EncryptionScope;
}
return(sasBuilder);
}
public void AccountSASResourceTypes()
{
Task[] tasks = new Task[8 * 3];
for (int i = 0; i < 0x8; i++)
{
SharedAccessAccountResourceTypes resourceTypes = (SharedAccessAccountResourceTypes)i;
SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions();
policy.ResourceTypes = resourceTypes;
tasks[i] = this.RunPermissionsTestBlobs(policy);
tasks[16 + i] = this.RunPermissionsTestQueues(policy);
tasks[24 + i] = this.RunPermissionsTestFiles(policy);
}
Task.WaitAll(tasks);
}
public void AccountSAS_File_Container_w()
{
SharedAccessAccountServices service = SharedAccessAccountServices.File;
SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container;
string permission = "w";
string sasToken = GenerateAndValidateAccountSAS(
service,
resourceType,
permission, null, null, null, null);
string shareName = "sharetocreatewithsas";
fileUtil.ValidateShareCreatableWithSasToken(shareName, StorageAccount.Credentials.AccountName, sasToken);
}
/// <summary>
/// Get Track2 accunt sas ResourceTypes
/// </summary>
public static AccountSasResourceTypes GetAccountSasResourceTypes(SharedAccessAccountResourceTypes type)
{
AccountSasResourceTypes outputType = 0;
if ((type & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
{
outputType = outputType | AccountSasResourceTypes.Service;
}
if ((type & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
{
outputType = outputType | AccountSasResourceTypes.Container;
}
if ((type & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
{
outputType = outputType | AccountSasResourceTypes.Object;
}
return(outputType);
}
public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
{
StringBuilder stringBuilder = new StringBuilder();
if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
{
stringBuilder.Append("s");
}
if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
{
stringBuilder.Append("c");
}
if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
{
stringBuilder.Append("o");
}
return(stringBuilder.ToString());
}
public virtual string GetAccountSasFromCmd(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange,
DateTime?startTime = null, DateTime?expiryTime = null)
{
return(string.Empty);
}
public virtual bool NewAzureStorageAccountSAS(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null,
DateTime?startTime = null, DateTime?expiryTime = null)
{
return(false);
}
public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
{
throw new System.NotImplementedException();
}
/// <summary>
/// Converts the ResourceTypes specified for the shared access policy to a string.
/// </summary>
/// <param name="resourceTypes">A <see cref="SharedAccessAccountResourceTypes"/> object.</param>
/// <returns>The shared access resource types in string format.</returns>
public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
{
StringBuilder builder = new StringBuilder();
if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
{
builder.Append("s");
}
if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
{
builder.Append("c");
}
if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
{
builder.Append("o");
}
return builder.ToString();
}
public static void ValidateAccountSAS(
SharedAccessAccountServices service,
SharedAccessAccountResourceTypes resourceType,
string permission,
SharedAccessProtocol?protocol,
string iPAddressOrRange,
DateTime?startTime,
DateTime?expiryTime,
string sasToken)
{
Test.Assert(sasToken.StartsWith("?"), "Sas token must be a query string.");
string[] sasSegs = sasToken.Substring(1).Split('&');
var sasRequiredOptionList = sasRequiredOptions.ToList();
var sasOptionList = sasOptions.ToList();
if (service == SharedAccessAccountServices.None)
{
sasRequiredOptionList.Remove("ss");
}
if (resourceType == SharedAccessAccountResourceTypes.None)
{
sasRequiredOptionList.Remove("srt");
}
foreach (string sasSegment in sasSegs)
{
string[] queryPair = sasSegment.Split('=');
Test.Assert(queryPair.Length == 2, "One segment should be a key value pair: {0}", sasSegment);
sasRequiredOptionList.Remove(queryPair[0]);
sasOptionList.Remove(queryPair[0]);
switch (queryPair[0])
{
case "ss":
ValidateSASService(service, queryPair[1]);
break;
case "srt":
ValidateResourceType(resourceType, queryPair[1]);
break;
case "sp":
ValidatePermissions(permission, queryPair[1]);
break;
case "sip":
ValidateIpRange(iPAddressOrRange, queryPair[1]);
break;
case "spr":
ValidateProtocol(protocol, queryPair[1]);
break;
case "st":
ValidateStartTime(startTime, queryPair[1]);
break;
case "se":
ValidateExpiryTime(expiryTime, queryPair[1]);
break;
}
}
Test.Assert(0 == sasRequiredOptionList.Count, "All required options should exist.");
if (0 != sasRequiredOptionList.Count)
{
Test.Info("Not exist required options: " + sasRequiredOptionList.First());
}
if (string.IsNullOrEmpty(iPAddressOrRange))
{
Test.Assert(sasOptionList.Contains("sip"), "IPACL option should be null.");
}
else if (null == startTime)
{
Test.Assert(sasOptionList.Contains("st"), "StartTime option should be null.");
}
}
