/// <summary> /// Gets the primary key of the given storage account /// </summary> /// <param name="storageAccountInfo">Storage account info</param> /// <returns>The primary key</returns> public async Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo) { var azureClient = await GetAzureManagementClientAsync(); var storageAccount = await azureClient.WithSubscription(storageAccountInfo.SubscriptionId).StorageAccounts.GetByIdAsync(storageAccountInfo.Id); return((await storageAccount.GetKeysAsync()).First().Value); }
/// <summary> /// Gets the primary key of the given storage account /// </summary> /// <param name="storageAccountInfo">Storage account info</param> /// <returns>The primary key</returns> public async Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo) { try { var azureClient = await GetAzureManagementClientAsync(); var storageAccount = await azureClient.WithSubscription(storageAccountInfo.SubscriptionId).StorageAccounts.GetByIdAsync(storageAccountInfo.Id); return((await storageAccount.GetKeysAsync()).First().Value); } catch (Exception ex) { logger.LogError(ex, $"An exception occurred when getting the storage account key for account {storageAccountInfo.Name}."); throw; } }
///<inheritdoc/> public Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo) { return(cache.GetOrAddAsync(storageAccountInfo.Id, () => azureProxy.GetStorageAccountKeyAsync(storageAccountInfo), DateTimeOffset.Now.AddHours(1))); }
/// <inheritdoc /> public async Task <string> MapLocalPathToSasUrlAsync(string path, bool getContainerSas = false) { // TODO: Optional: If path is /container/... where container matches the name of the container in the default storage account, prepend the account name to the path. // This would allow the user to omit the account name for files stored in the default storage account // /cromwell-executions/... URLs become /defaultStorageAccountName/cromwell-executions/... to unify how URLs starting with /acct/container/... pattern are handled. if (path.StartsWith(CromwellPathPrefix, StringComparison.OrdinalIgnoreCase)) { path = $"/{defaultStorageAccountName}{path}"; } if (!StorageAccountUrlSegments.TryCreate(path, out var pathSegments)) { logger.LogError($"Could not parse path '{path}'."); return(null); } if (TryGetExternalStorageAccountInfo(pathSegments.AccountName, pathSegments.ContainerName, out var externalStorageAccountInfo)) { return(new StorageAccountUrlSegments(externalStorageAccountInfo.BlobEndpoint, pathSegments.ContainerName, pathSegments.BlobName, externalStorageAccountInfo.SasToken).ToUriString()); } else { StorageAccountInfo storageAccountInfo = null; if (!await TryGetStorageAccountInfoAsync(pathSegments.AccountName, info => storageAccountInfo = info)) { logger.LogError($"Could not find storage account '{pathSegments.AccountName}' corresponding to path '{path}'. Either the account does not exist or the TES app service does not have permission to it."); return(null); } try { var accountKey = await azureProxy.GetStorageAccountKeyAsync(storageAccountInfo); var resultPathSegments = new StorageAccountUrlSegments(storageAccountInfo.BlobEndpoint, pathSegments.ContainerName, pathSegments.BlobName); if (pathSegments.IsContainer || getContainerSas) { var policy = new SharedAccessBlobPolicy() { Permissions = SharedAccessBlobPermissions.Add | SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write, SharedAccessExpiryTime = DateTime.Now.Add(sasTokenDuration) }; var containerUri = new StorageAccountUrlSegments(storageAccountInfo.BlobEndpoint, pathSegments.ContainerName).ToUri(); resultPathSegments.SasToken = new CloudBlobContainer(containerUri, new StorageCredentials(storageAccountInfo.Name, accountKey)).GetSharedAccessSignature(policy, null, SharedAccessProtocol.HttpsOnly, null); } else { var policy = new SharedAccessBlobPolicy() { Permissions = SharedAccessBlobPermissions.Read, SharedAccessExpiryTime = DateTime.Now.Add(sasTokenDuration) }; resultPathSegments.SasToken = new CloudBlob(resultPathSegments.ToUri(), new StorageCredentials(storageAccountInfo.Name, accountKey)).GetSharedAccessSignature(policy, null, null, SharedAccessProtocol.HttpsOnly, null); } return(resultPathSegments.ToUriString()); } catch (Exception ex) { logger.LogError(ex, $"Could not get the key of storage account '{pathSegments.AccountName}'. Make sure that the TES app service has Contributor access to it."); return(null); } } }
/// <inheritdoc/> public Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo) => cache.GetOrAddAsync(storageAccountInfo.Id, () => asyncRetryPolicy.ExecuteAsync(() => azureProxy.GetStorageAccountKeyAsync(storageAccountInfo)), DateTimeOffset.Now.AddHours(1));