internal async Task GetAzureContainerStoredAccessPolicyAsync(long taskId, IStorageBlobManagement localChannel, string containerName, string policyName) { //Get container instance, Get existing permissions CloudBlobContainer container_Track1 = Channel.GetContainerReference(containerName); BlobContainerClient container = AzureStorageContainer.GetTrack2BlobContainerClient(container_Track1, Channel.StorageContext, ClientOptions); BlobContainerAccessPolicy accessPolicy = (await container.GetAccessPolicyAsync(BlobRequestConditions, cancellationToken: CmdletCancellationToken).ConfigureAwait(false)).Value; IEnumerable <BlobSignedIdentifier> signedIdentifiers = accessPolicy.SignedIdentifiers; if (!String.IsNullOrEmpty(policyName)) { BlobSignedIdentifier signedIdentifier = null; foreach (BlobSignedIdentifier identifier in signedIdentifiers) { if (identifier.Id == policyName) { signedIdentifier = identifier; } } if (signedIdentifier == null) { throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } else { OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(signedIdentifier)); } } else { foreach (BlobSignedIdentifier identifier in signedIdentifiers) { OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <BlobSignedIdentifier>(identifier)); } } }
/// <summary> /// Create a container if doesn't exist, setting permission with policy, and return assosciated SAS signature /// </summary> /// <param name="account">Storage account</param> /// <param name="Key">Storage account key</param> /// <param name="blobUri">Blob endpoint URI</param> /// <param name="containerName">Name of the container to be created</param> /// <param name="policy">Name for the policy</param> /// <param name="start">Start time of the policy</param> /// <param name="end">Expire time of the policy</param> /// <param name="permissions">Blob access permissions</param> /// <returns>the SAS for the container, in full URI format.</returns>. private static async Task <string> CreateContainerWithPolicySASIfNotExistAsync(string account, string key, Uri blobUri, string containerName, string policy, DateTime start, DateTime end, string permissions) { // 1. form the credentail and initial client StagingStorageAccount stagingCredentials = new StagingStorageAccount(account, key, blobUri.ToString()); StorageSharedKeyCredential shardKeyCredentials = new StorageSharedKeyCredential(account, key); BlobContainerClient containerClient = BlobUtilities.GetBlobContainerClient(containerName, stagingCredentials); // 2. create container if it doesn't exist containerClient.CreateIfNotExists(); // 3. validate policy, create/overwrite if doesn't match BlobSignedIdentifier identifier = new BlobSignedIdentifier { Id = policy, AccessPolicy = new BlobAccessPolicy { Permissions = permissions, StartsOn = start, ExpiresOn = end, }, }; var accessPolicy = (await containerClient.GetAccessPolicyAsync()).Value; bool policyFound = accessPolicy.SignedIdentifiers.Any(i => i == identifier); if (policyFound == false) { await containerClient.SetAccessPolicyAsync(PublicAccessType.BlobContainer, permissions : new List <BlobSignedIdentifier> { identifier }); } BlobSasBuilder sasBuilder = new BlobSasBuilder { BlobContainerName = containerName, StartsOn = start, ExpiresOn = end, }; sasBuilder.SetPermissions(permissions); BlobUriBuilder builder = new BlobUriBuilder(containerClient.Uri) { Sas = sasBuilder.ToSasQueryParameters(shardKeyCredentials) }; string fullSas = builder.ToString(); return(fullSas); }
public async Task ChangeContainerPermissionTest() { string containerName = _mockupService.Randomize(AppConstant.SAMPLE_CONTAINER_NAME); try { BlobContainerClient container = new BlobContainerClient(connectionString, containerName); await container.CreateAsync(); await _containerService.ChangeContainerPermission(containerName, PublicAccessType.BlobContainer); BlobContainerAccessPolicy accessPolicies = await container.GetAccessPolicyAsync(); Assert.AreEqual(accessPolicies.BlobPublicAccess, PublicAccessType.BlobContainer); } finally { //// delete container await _containerService.DeleteContainerAsync(containerName); } }