/// <summary>
/// Gets the primary key of the given storage account
/// </summary>
/// <param name="storageAccountInfo">Storage account info</param>
/// <returns>The primary key</returns>
public async Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo)
{
var azureClient = await GetAzureManagementClientAsync();
var storageAccount = await azureClient.WithSubscription(storageAccountInfo.SubscriptionId).StorageAccounts.GetByIdAsync(storageAccountInfo.Id);
return((await storageAccount.GetKeysAsync()).First().Value);
}
/// <summary>
/// Gets the primary key of the given storage account
/// </summary>
/// <param name="storageAccountInfo">Storage account info</param>
/// <returns>The primary key</returns>
public async Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo)
{
try
{
var azureClient = await GetAzureManagementClientAsync();
var storageAccount = await azureClient.WithSubscription(storageAccountInfo.SubscriptionId).StorageAccounts.GetByIdAsync(storageAccountInfo.Id);
return((await storageAccount.GetKeysAsync()).First().Value);
}
catch (Exception ex)
{
logger.LogError(ex, $"An exception occurred when getting the storage account key for account {storageAccountInfo.Name}.");
throw;
}
}
///<inheritdoc/>
public Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo)
{
return(cache.GetOrAddAsync(storageAccountInfo.Id, () => azureProxy.GetStorageAccountKeyAsync(storageAccountInfo), DateTimeOffset.Now.AddHours(1)));
}
/// <inheritdoc />
public async Task <string> MapLocalPathToSasUrlAsync(string path, bool getContainerSas = false)
{
// TODO: Optional: If path is /container/... where container matches the name of the container in the default storage account, prepend the account name to the path.
// This would allow the user to omit the account name for files stored in the default storage account
// /cromwell-executions/... URLs become /defaultStorageAccountName/cromwell-executions/... to unify how URLs starting with /acct/container/... pattern are handled.
if (path.StartsWith(CromwellPathPrefix, StringComparison.OrdinalIgnoreCase))
{
path = $"/{defaultStorageAccountName}{path}";
}
if (!StorageAccountUrlSegments.TryCreate(path, out var pathSegments))
{
logger.LogError($"Could not parse path '{path}'.");
return(null);
}
if (TryGetExternalStorageAccountInfo(pathSegments.AccountName, pathSegments.ContainerName, out var externalStorageAccountInfo))
{
return(new StorageAccountUrlSegments(externalStorageAccountInfo.BlobEndpoint, pathSegments.ContainerName, pathSegments.BlobName, externalStorageAccountInfo.SasToken).ToUriString());
}
else
{
StorageAccountInfo storageAccountInfo = null;
if (!await TryGetStorageAccountInfoAsync(pathSegments.AccountName, info => storageAccountInfo = info))
{
logger.LogError($"Could not find storage account '{pathSegments.AccountName}' corresponding to path '{path}'. Either the account does not exist or the TES app service does not have permission to it.");
return(null);
}
try
{
var accountKey = await azureProxy.GetStorageAccountKeyAsync(storageAccountInfo);
var resultPathSegments = new StorageAccountUrlSegments(storageAccountInfo.BlobEndpoint, pathSegments.ContainerName, pathSegments.BlobName);
if (pathSegments.IsContainer || getContainerSas)
{
var policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Add | SharedAccessBlobPermissions.Create | SharedAccessBlobPermissions.List | SharedAccessBlobPermissions.Read | SharedAccessBlobPermissions.Write,
SharedAccessExpiryTime = DateTime.Now.Add(sasTokenDuration)
};
var containerUri = new StorageAccountUrlSegments(storageAccountInfo.BlobEndpoint, pathSegments.ContainerName).ToUri();
resultPathSegments.SasToken = new CloudBlobContainer(containerUri, new StorageCredentials(storageAccountInfo.Name, accountKey)).GetSharedAccessSignature(policy, null, SharedAccessProtocol.HttpsOnly, null);
}
else
{
var policy = new SharedAccessBlobPolicy()
{
Permissions = SharedAccessBlobPermissions.Read, SharedAccessExpiryTime = DateTime.Now.Add(sasTokenDuration)
};
resultPathSegments.SasToken = new CloudBlob(resultPathSegments.ToUri(), new StorageCredentials(storageAccountInfo.Name, accountKey)).GetSharedAccessSignature(policy, null, null, SharedAccessProtocol.HttpsOnly, null);
}
return(resultPathSegments.ToUriString());
}
catch (Exception ex)
{
logger.LogError(ex, $"Could not get the key of storage account '{pathSegments.AccountName}'. Make sure that the TES app service has Contributor access to it.");
return(null);
}
}
}
/// <inheritdoc/>
public Task <string> GetStorageAccountKeyAsync(StorageAccountInfo storageAccountInfo)
=> cache.GetOrAddAsync(storageAccountInfo.Id, () =>
asyncRetryPolicy.ExecuteAsync(() => azureProxy.GetStorageAccountKeyAsync(storageAccountInfo)), DateTimeOffset.Now.AddHours(1));
