private string GenerateAndValidateAccountSAS( SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null, DateTime?startTime = null, DateTime?expiryTime = null) { Test.Assert(CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime), "Should succeeded in generating an account sas with full permissions, services and resource types"); string sasToken; if (lang == Language.PowerShell) { sasToken = CommandAgent.Output[0][Constants.SASTokenKey].ToString(); } else { sasToken = "?" + CommandAgent.Output[0][Constants.SASTokenKeyNode]; } AccountSASUtils.ValidateAccountSAS( service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime, sasToken); return(sasToken); }
private static void ValidateResourceType( SharedAccessAccountResourceTypes expectedResourceType, string sasResourceType) { string resourceTypeString = SharedAccessAccountPolicy.ResourceTypesToString(expectedResourceType); Test.Assert(string.Equals(sasResourceType, resourceTypeString), "Resource type: {0} == {1}", resourceTypeString, sasResourceType); }
public void AccountSAS_InvalidParameter() { SharedAccessAccountServices service = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File | SharedAccessAccountServices.Queue | SharedAccessAccountServices.Table; SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Service; string permission = AccountSASUtils.fullPermission; SharedAccessProtocol sasProtocal = SharedAccessProtocol.HttpsOrHttp; string iPAddressOrRange = "0.0.0.0-255.255.255.255"; DateTime startTime = DateTime.Now.AddMinutes(-5); DateTime expiryTime = DateTime.Now.AddMinutes(60); //invalid permission Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, "racwx", sasProtocal, iPAddressOrRange, startTime, expiryTime), "Set stored access policy with invalid permission should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Invalid access permission"); } else { ExpectedContainErrorMessage("Given \"x\" is invalid"); } //repeated permission - success GenerateAndValidateAccountSAS( service, resourceType, "rracw", sasProtocal, iPAddressOrRange, startTime, expiryTime); //invalid IP/IP range Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, null, "123.3.4a", null, null), "Set stored access policy with invalid iPAddressOrRange should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid."); } else { ExpectedContainErrorMessage("Invalid ip range format"); } Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, sasProtocal, "123.4.5.6_125.6.7.8", null, null), "Set stored access policy with invalid iPAddressOrRange should fail"); if (lang == Language.PowerShell) { ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid."); } else { ExpectedContainErrorMessage("Invalid ip range format"); } //success: start IP > end IP GenerateAndValidateAccountSAS( service, resourceType, permission, sasProtocal, "22.22.22.22-11.111.11.11", startTime, expiryTime); //Start time > expire Time Test.Assert(!CommandAgent.NewAzureStorageAccountSAS( service, resourceType, permission, sasProtocal, iPAddressOrRange, DateTime.Now.AddMinutes(5), DateTime.Now.AddMinutes(-5)), "Set stored access policy with invalid Start Time should fail"); ExpectedContainErrorMessage("The expiry time of the specified access policy should be greater than start time"); }
/// <summary> /// Create a blob SAS build from Blob Object /// </summary> public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices Service, SharedAccessAccountResourceTypes type, string Permission = null, DateTime?StartTime = null, DateTime?ExpiryTime = null, string iPAddressOrRange = null, SharedAccessProtocol?Protocol = null, string EncryptionScope = null) { AccountSasBuilder sasBuilder = new AccountSasBuilder(); sasBuilder.ResourceTypes = GetAccountSasResourceTypes(type); sasBuilder.Services = GetAccountSasServices(Service); sasBuilder = SetAccountPermission(sasBuilder, Permission); if (StartTime != null) { sasBuilder.StartsOn = StartTime.Value.ToUniversalTime(); } if (ExpiryTime != null) { sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime(); } else { if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null) { sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime(); } else { sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1); } } if (iPAddressOrRange != null) { sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(iPAddressOrRange); } if (Protocol != null) { if (Protocol.Value == SharedAccessProtocol.HttpsOrHttp) { sasBuilder.Protocol = SasProtocol.HttpsAndHttp; } else //HttpsOnly { sasBuilder.Protocol = SasProtocol.Https; } } if (EncryptionScope != null) { sasBuilder.EncryptionScope = EncryptionScope; } return(sasBuilder); }
public void AccountSASResourceTypes() { Task[] tasks = new Task[8 * 3]; for (int i = 0; i < 0x8; i++) { SharedAccessAccountResourceTypes resourceTypes = (SharedAccessAccountResourceTypes)i; SharedAccessAccountPolicy policy = GetPolicyWithFullPermissions(); policy.ResourceTypes = resourceTypes; tasks[i] = this.RunPermissionsTestBlobs(policy); tasks[16 + i] = this.RunPermissionsTestQueues(policy); tasks[24 + i] = this.RunPermissionsTestFiles(policy); } Task.WaitAll(tasks); }
public void AccountSAS_File_Container_w() { SharedAccessAccountServices service = SharedAccessAccountServices.File; SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container; string permission = "w"; string sasToken = GenerateAndValidateAccountSAS( service, resourceType, permission, null, null, null, null); string shareName = "sharetocreatewithsas"; fileUtil.ValidateShareCreatableWithSasToken(shareName, StorageAccount.Credentials.AccountName, sasToken); }
/// <summary> /// Get Track2 accunt sas ResourceTypes /// </summary> public static AccountSasResourceTypes GetAccountSasResourceTypes(SharedAccessAccountResourceTypes type) { AccountSasResourceTypes outputType = 0; if ((type & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service) { outputType = outputType | AccountSasResourceTypes.Service; } if ((type & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container) { outputType = outputType | AccountSasResourceTypes.Container; } if ((type & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object) { outputType = outputType | AccountSasResourceTypes.Object; } return(outputType); }
public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes) { StringBuilder stringBuilder = new StringBuilder(); if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service) { stringBuilder.Append("s"); } if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container) { stringBuilder.Append("c"); } if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object) { stringBuilder.Append("o"); } return(stringBuilder.ToString()); }
public virtual string GetAccountSasFromCmd(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange, DateTime?startTime = null, DateTime?expiryTime = null) { return(string.Empty); }
public virtual bool NewAzureStorageAccountSAS(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null, DateTime?startTime = null, DateTime?expiryTime = null) { return(false); }
public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes) { throw new System.NotImplementedException(); }
/// <summary> /// Converts the ResourceTypes specified for the shared access policy to a string. /// </summary> /// <param name="resourceTypes">A <see cref="SharedAccessAccountResourceTypes"/> object.</param> /// <returns>The shared access resource types in string format.</returns> public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes) { StringBuilder builder = new StringBuilder(); if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service) { builder.Append("s"); } if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container) { builder.Append("c"); } if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object) { builder.Append("o"); } return builder.ToString(); }
public static void ValidateAccountSAS( SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange, DateTime?startTime, DateTime?expiryTime, string sasToken) { Test.Assert(sasToken.StartsWith("?"), "Sas token must be a query string."); string[] sasSegs = sasToken.Substring(1).Split('&'); var sasRequiredOptionList = sasRequiredOptions.ToList(); var sasOptionList = sasOptions.ToList(); if (service == SharedAccessAccountServices.None) { sasRequiredOptionList.Remove("ss"); } if (resourceType == SharedAccessAccountResourceTypes.None) { sasRequiredOptionList.Remove("srt"); } foreach (string sasSegment in sasSegs) { string[] queryPair = sasSegment.Split('='); Test.Assert(queryPair.Length == 2, "One segment should be a key value pair: {0}", sasSegment); sasRequiredOptionList.Remove(queryPair[0]); sasOptionList.Remove(queryPair[0]); switch (queryPair[0]) { case "ss": ValidateSASService(service, queryPair[1]); break; case "srt": ValidateResourceType(resourceType, queryPair[1]); break; case "sp": ValidatePermissions(permission, queryPair[1]); break; case "sip": ValidateIpRange(iPAddressOrRange, queryPair[1]); break; case "spr": ValidateProtocol(protocol, queryPair[1]); break; case "st": ValidateStartTime(startTime, queryPair[1]); break; case "se": ValidateExpiryTime(expiryTime, queryPair[1]); break; } } Test.Assert(0 == sasRequiredOptionList.Count, "All required options should exist."); if (0 != sasRequiredOptionList.Count) { Test.Info("Not exist required options: " + sasRequiredOptionList.First()); } if (string.IsNullOrEmpty(iPAddressOrRange)) { Test.Assert(sasOptionList.Contains("sip"), "IPACL option should be null."); } else if (null == startTime) { Test.Assert(sasOptionList.Contains("st"), "StartTime option should be null."); } }