public async Task ValidateAzureKeyCredentialDirectModeUpdateAsync()
{
string authKey = ConfigurationManager.AppSettings["MasterKey"];
string endpoint = ConfigurationManager.AppSettings["GatewayEndpoint"];
AzureKeyCredential masterKeyCredential = new AzureKeyCredential(authKey);
using (CosmosClient client = new CosmosClient(
endpoint,
masterKeyCredential))
{
string databaseName = Guid.NewGuid().ToString();
try
{
Cosmos.Database database = client.GetDatabase(databaseName);
ResponseMessage responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode);
{
// Random key: Next set of actions are expected to fail => 401 (UnAuthorized)
masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())));
responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode);
string diagnostics = responseMessage.Diagnostics.ToString();
Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString());
}
{
// Resetting back to master key => 404 (NotFound)
masterKeyCredential.Update(authKey);
responseMessage = await database.ReadStreamAsync();
Assert.AreEqual(HttpStatusCode.NotFound, responseMessage.StatusCode);
}
// Test with resource token interchageability
masterKeyCredential.Update(authKey);
database = await client.CreateDatabaseAsync(databaseName);
string containerId = Guid.NewGuid().ToString();
ContainerResponse containerResponse = await database.CreateContainerAsync(containerId, "/id");
Assert.AreEqual(HttpStatusCode.Created, containerResponse.StatusCode);
{
// Resource token with ALL permissoin's
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
Cosmos.User user = userResponse.User;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, user.Id);
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.All, client.GetContainer(databaseName, containerId));
PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties);
Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(Cosmos.PermissionMode.All, permissionResponse.Resource.PermissionMode);
Assert.IsNotNull(permissionResponse.Resource.Token);
SelflinkValidator.ValidatePermissionSelfLink(permissionResponse.Resource.SelfLink);
// Valdiate ALL on contianer
masterKeyCredential.Update(permissionResponse.Resource.Token);
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.ReadContainerStreamAsync();
Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Created, responseMessage.StatusCode); // Read Only resorce token
}
// Reset to master key for new permission creation
masterKeyCredential.Update(authKey);
{
// Resource token with Read-ONLY permissoin's
string userId = Guid.NewGuid().ToString();
UserResponse userResponse = await database.CreateUserAsync(userId);
Cosmos.User user = userResponse.User;
Assert.AreEqual(HttpStatusCode.Created, userResponse.StatusCode);
Assert.AreEqual(userId, user.Id);
string permissionId = Guid.NewGuid().ToString();
PermissionProperties permissionProperties = new PermissionProperties(permissionId, Cosmos.PermissionMode.Read, client.GetContainer(databaseName, containerId));
PermissionResponse permissionResponse = await database.GetUser(userId).CreatePermissionAsync(permissionProperties);
//Backend returns Created instead of OK
Assert.AreEqual(HttpStatusCode.Created, permissionResponse.StatusCode);
Assert.AreEqual(permissionId, permissionResponse.Resource.Id);
Assert.AreEqual(Cosmos.PermissionMode.Read, permissionResponse.Resource.PermissionMode);
// Valdiate read on contianer
masterKeyCredential.Update(permissionResponse.Resource.Token);
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.ReadContainerStreamAsync();
Assert.AreEqual(HttpStatusCode.OK, responseMessage.StatusCode);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Forbidden, responseMessage.StatusCode); // Read Only resorce token
}
{
// Reset to master key for new permission creation
masterKeyCredential.Update(Convert.ToBase64String(Encoding.UTF8.GetBytes(Guid.NewGuid().ToString())));
ToDoActivity item = ToDoActivity.CreateRandomToDoActivity();
Cosmos.Container container = client.GetContainer(databaseName, containerId);
responseMessage = await container.CreateItemStreamAsync(TestCommon.SerializerCore.ToStream(item), new Cosmos.PartitionKey(item.id));
Assert.AreEqual(HttpStatusCode.Unauthorized, responseMessage.StatusCode); // Read Only resorce token
string diagnostics = responseMessage.Diagnostics.ToString();
Assert.IsTrue(diagnostics.Contains("AuthProvider LifeSpan InSec"), diagnostics.ToString());
}
}
finally
{
// Reset to master key for clean-up
masterKeyCredential.Update(authKey);
await TestCommon.DeleteDatabaseAsync(client, client.GetDatabase(databaseName));
}
}
}
