public void GenerateAccountSas_RequiredParameters()
{
// Arrange
var constants = new TestConstants(this);
var queueEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var queueSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, queueStorageUri: (queueEndpoint, queueSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = new QueueServiceClient(connectionString, GetOptions());
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(
permissions: permissions,
expiresOn: expiresOn,
resourceTypes: resourceTypes);
// Assert
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, AccountSasServices.Queues, resourceTypes);
UriBuilder expectedUri = new UriBuilder(queueEndpoint)
{
Query = sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString()
};
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
public void GenerateAccountSas_Builder()
{
// Arrange
var constants = new TestConstants(this);
var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var blobSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, blobStorageUri: (blobEndpoint, blobSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient(
blobEndpoint,
constants.Sas.SharedKeyCredential, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
UriBuilder expectedUri = new UriBuilder(blobEndpoint);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri.ToString(), sasUri.ToString());
}
public void GenerateAccountSas_WrongService_Service()
{
var constants = new TestConstants(this);
var queueEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account);
var queueSecondaryEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "-secondary");
var storageConnectionString = new StorageConnectionString(constants.Sas.SharedKeyCredential, queueStorageUri: (queueEndpoint, queueSecondaryEndpoint));
string connectionString = storageConnectionString.ToString(true);
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Blobs;// Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(new QueueServiceClient(connectionString, GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
IPRange = new SasIPRange(System.Net.IPAddress.None, System.Net.IPAddress.None),
StartsOn = Recording.UtcNow.AddHours(-1)
};
// Act
try
{
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
Assert.Fail("BlobContainerClient.GenerateSasUri should have failed with an ArgumentException.");
}
catch (InvalidOperationException)
{
// the correct exception came back
}
}
public void GenerateAccountSas_Builder()
{
// Arrange
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.dfs.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
DateTimeOffset startsOn = Recording.UtcNow.AddHours(-1);
AccountSasServices services = AccountSasServices.Blobs;
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
DataLakeServiceClient serviceClient = InstrumentClient(new DataLakeServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
// Act
Uri sasUri = serviceClient.GenerateAccountSasUri(sasBuilder);
// Assert
AccountSasBuilder sasBuilder2 = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes)
{
StartsOn = startsOn
};
UriBuilder expectedUri = new UriBuilder(serviceUri);
expectedUri.Query += sasBuilder.ToSasQueryParameters(constants.Sas.SharedKeyCredential).ToString();
Assert.AreEqual(expectedUri.Uri, sasUri);
}
/// <summary>
/// The <see cref="GenerateAccountSasUri(AccountSasPermissions, DateTimeOffset, AccountSasResourceTypes)"/>
/// returns a <see cref="Uri"/> that generates a Queue
/// Account Shared Access Signature based on the
/// Client properties and parameters passed. The SAS is signed by the
/// shared key credential of the client.
///
/// For more information, see
/// <see href="https://docs.microsoft.com/en-us/rest/api/storageservices/create-account-sas">
/// Constructing a Service SAS</see>
/// </summary>
/// <param name="permissions">
/// Required. Specifies the list of permissions to be associated with the SAS.
/// See <see cref="AccountSasPermissions"/>.
/// </param>
/// <param name="expiresOn">
/// Required. The time at which the shared access signature becomes invalid.
/// </param>
/// <param name="resourceTypes">
/// Specifies the resource types associated with the shared access signature.
/// The user is restricted to operations on the specified resources.
/// See <see cref="AccountSasResourceTypes"/>.
/// </param>
/// <returns>
/// A <see cref="Uri"/> containing the SAS Uri.
/// </returns>
/// <remarks>
/// A <see cref="RequestFailedException"/> will be thrown if
/// a failure occurs.
/// </remarks>
public Uri GenerateAccountSasUri(
AccountSasPermissions permissions,
DateTimeOffset expiresOn,
AccountSasResourceTypes resourceTypes) =>
GenerateAccountSasUri(new AccountSasBuilder(
permissions,
expiresOn,
AccountSasServices.Queues,
resourceTypes));
public SasQueryParameters GetNewAccountSasCredentials(StorageSharedKeyCredential sharedKeyCredentials = default,
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.Container,
AccountSasPermissions permissions = AccountSasPermissions.Create | AccountSasPermissions.Delete)
{
var builder = new AccountSasBuilder
{
Protocol = SasProtocol.None,
Services = AccountSasServices.Files,
ResourceTypes = resourceTypes,
StartsOn = Recording.UtcNow.AddHours(-1),
ExpiresOn = Recording.UtcNow.AddHours(+1),
IPRange = new SasIPRange(IPAddress.None, IPAddress.None)
};
builder.SetPermissions(permissions);
return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials()));
}
public void SasQueryParameters_RoundTrip()
{
var version = "2018-03-28";
AccountSasServices service = AccountSasServices.Blobs;
AccountSasResourceTypes resourceType = AccountSasResourceTypes.Container;
SasProtocol protocol = SasProtocol.Https;
DateTimeOffset startTime = DateTimeOffset.Now;
DateTimeOffset expiryTime = startTime.AddDays(1);
var ipRange = new SasIPRange();
var identifier = "foo";
var resource = "bar";
var permissions = "rw";
var signature = "a+b=";
var cacheControl = "no-store";
var contentDisposition = "inline";
var contentEncoding = "identity";
var contentLanguage = "en-US";
var contentType = "text/html";
var sasQueryParameters = SasQueryParametersInternals.Create(
version,
service,
resourceType,
protocol,
startTime,
expiryTime,
ipRange,
identifier,
resource,
permissions,
signature,
cacheControl: cacheControl,
contentDisposition: contentDisposition,
contentEncoding: contentEncoding,
contentLanguage: contentLanguage,
contentType: contentType
);
Assert.AreEqual(signature, sasQueryParameters.Signature);
var sasString = sasQueryParameters.ToString();
var roundTripSas = SasQueryParametersInternals.Create(new UriQueryParamsCollection(sasString));
Assert.AreEqual(sasQueryParameters.ToString(), roundTripSas.ToString());
}
internal SharedAccessSignatureCredentials GetAccountSasCredentials(
AccountSasServices services = AccountSasServices.All,
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All,
AccountSasPermissions permissions = AccountSasPermissions.All)
{
var sasBuilder = new AccountSasBuilder
{
ExpiresOn = Recording.UtcNow.AddHours(1),
Services = services,
ResourceTypes = resourceTypes,
Protocol = SasProtocol.Https,
};
sasBuilder.SetPermissions(permissions);
var cred = new StorageSharedKeyCredential(TestConfigDefault.AccountName, TestConfigDefault.AccountKey);
return(new SharedAccessSignatureCredentials(sasBuilder.ToSasQueryParameters(cred).ToString()));
}
/// <summary>
/// Get Track2 accunt sas ResourceTypes
/// </summary>
public static AccountSasResourceTypes GetAccountSasResourceTypes(SharedAccessAccountResourceTypes type)
{
AccountSasResourceTypes outputType = 0;
if ((type & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
{
outputType = outputType | AccountSasResourceTypes.Service;
}
if ((type & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
{
outputType = outputType | AccountSasResourceTypes.Container;
}
if ((type & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
{
outputType = outputType | AccountSasResourceTypes.Object;
}
return(outputType);
}
public SasQueryParameters GetNewAccountSas(
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All,
AccountSasPermissions permissions = AccountSasPermissions.All,
StorageSharedKeyCredential sharedKeyCredentials = default)
{
var builder = new AccountSasBuilder
{
Protocol = SasProtocol.None,
Services = AccountSasServices.Blobs,
ResourceTypes = resourceTypes,
StartsOn = Recording.UtcNow.AddHours(-1),
ExpiresOn = Recording.UtcNow.AddHours(+1),
IPRange = new SasIPRange(IPAddress.None, IPAddress.None),
Version = ToSasVersion(_serviceVersion)
};
builder.SetPermissions(permissions);
return builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials());
}
/// <inheritdoc />
public string CreateSharedAccessToken(
CreateSharedAccessSignatureConfiguration configuration
, AccountSasPermissions permissions
, AccountSasResourceTypes resourceTypes
, AccountSasServices services = AccountSasServices.Blobs
)
{
var sas = new AccountSasBuilder
{
ResourceTypes = resourceTypes,
Services = services,
StartsOn = DateTimeOffset.UtcNow.AddMinutes(-configuration.ValidFromInMinutes),
ExpiresOn = DateTimeOffset.UtcNow.AddMinutes(configuration.ValidForInMinutes + configuration.ClockScrewInMinutes)
};
sas.SetPermissions(permissions);
return("?" + sas.ToSasQueryParameters(this.Options.CreateStorageSharedKeyCredential()));
}
public void GenerateAccountSas_WrongService_Service()
{
TestConstants constants = TestConstants.Create(this);
Uri serviceUri = new Uri($"https://{constants.Sas.Account}.queue.core.windows.net");
AccountSasPermissions permissions = AccountSasPermissions.Read | AccountSasPermissions.Write;
DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1);
AccountSasServices services = AccountSasServices.Blobs; // Wrong Service
AccountSasResourceTypes resourceTypes = AccountSasResourceTypes.All;
QueueServiceClient serviceClient = InstrumentClient(
new QueueServiceClient(
serviceUri,
constants.Sas.SharedKeyCredential,
GetOptions()));
AccountSasBuilder sasBuilder = new AccountSasBuilder(permissions, expiresOn, services, resourceTypes);
// Act
TestHelper.AssertExpectedException(
() => serviceClient.GenerateAccountSasUri(sasBuilder),
new InvalidOperationException("SAS Uri cannot be generated. builder.Services does specify Queues. builder.Services must either specify Queues or specify all Services are accessible in the value."));
}
