/// <summary>
/// Get a signed access url using supplied permissions and expiry
/// </summary>
/// <param name="folderPath">Folder Path we want access to</param>
/// <param name="signedAccessConfig">Config object with required access permissions and expiry</param>
/// <returns></returns>
public async Task <string> GetSignedFolderAccessUrl(string folderPath, ISignedAccessConfig signedAccessConfig)
{
var blobPolicyPermissions = GetAzureBlobPolicyPermissions(signedAccessConfig.AccessPermissions);
var accessPolicy = new SharedAccessBlobPolicy
{
SharedAccessExpiryTime = signedAccessConfig.AccessExpiry,
Permissions = blobPolicyPermissions
};
var container = GetContainer(folderPath);
var subPath = GetPathWithoutContainer(folderPath);
var containerSignature = container.GetSharedAccessSignature(accessPolicy);
string uri;
if (!string.IsNullOrWhiteSpace(subPath))
{
var folder = container.GetDirectoryReference(folderPath.Replace($"{container.Name}/", string.Empty));
uri = folder.Uri.ToString();
}
else
{
uri = container.Uri.ToString();
}
return($"{uri}{containerSignature}");
}
/// <summary>
/// Get a signed access url using supplied permissions and expiry
/// </summary>
/// <param name="signedAccessConfig">Config object with required access permissions and expiry</param>
/// <returns></returns>
public string GetSignedAccessUrl(ISignedAccessConfig signedAccessConfig)
{
var queuePolicyPermissions = GetAzureAccessQueuePolicyPermissions(signedAccessConfig.AccessPermissions);
var accessPolicy = new SharedAccessQueuePolicy
{
Permissions = queuePolicyPermissions,
SharedAccessExpiryTime = signedAccessConfig.AccessExpiry
};
var queueSignature = ReceiverQueue.GetSharedAccessSignature(accessPolicy);
var queueAccessUrl = ReceiverQueue.Uri + queueSignature;
return(queueAccessUrl);
}
public void Test_ServiceBusMessenger_GetAccessTokenUrlNotImplemented()
{
// Arrange/Act
var msiConfig = new MsiConfig()
{
SharedAccessPolicyName = ""
};
var connectionConfig = new ConnectionConfig();
var spConfig = new ServicePrincipleConfig()
{
SharedAccessPolicyName = "TestPolicy", InstanceName = "testSBInstance", AppId = "TestAppId", AppSecret = "TestAppSecret", TenantId = "TestTenantId", SubscriptionId = "FakeSubscriptionId"
};
var serviceBus = new ServiceBusMessenger(spConfig);
ISignedAccessConfig sharedAccessConfig = null;
// Assert
serviceBus.ToString().Should().NotBeNullOrEmpty();
serviceBus.Name.Should().Be("testSBInstance");
(serviceBus.Config as ServicePrincipleConfig).Should().NotBeNull();
Assert.Throws <NotImplementedException>(() => serviceBus.GetSignedAccessUrl(sharedAccessConfig));
}
/// <summary>
/// Get a signed access url with an absolute expiry.
/// </summary>
/// <param name="blobPath">Blob to give access to.</param>
/// <param name="signedAccessConfig">Access config including required permissions and expiry</param>
/// <returns>String access url.</returns>
public async Task <string> GetSignedBlobAccessUrl(string blobPath, ISignedAccessConfig signedAccessConfig)
{
var blobPolicyPermissions = GetAzureBlobPolicyPermissions(signedAccessConfig.AccessPermissions);
var blob = GetBlockBlobReference(blobPath);
var policy = new SharedAccessBlobPolicy
{
Permissions = blobPolicyPermissions
};
policy.SharedAccessStartTime = DateTime.Now.AddDays(-1);
if (signedAccessConfig.AccessExpiry != null)
{
policy.SharedAccessExpiryTime = signedAccessConfig.AccessExpiry;
}
else
{
policy.SharedAccessExpiryTime = DateTime.Now.AddDays(365);
}
return(new Uri(blob.Uri, blob.GetSharedAccessSignature(policy)).ToString());
}
/// <summary>
/// Interface method to allow retrieval of SignedAccessUrls for supported Message Providers.
/// ServiceBus is not currently a supported Message Provider so it will error with "Not Implemented" if it is used.
/// </summary>
/// <param name="accessConfig"></param>
/// <returns></returns>
public string GetSignedAccessUrl(ISignedAccessConfig accessConfig)
{
throw new NotImplementedException();
}
public void Test_StorageQueue_GetSignedAccessUrl(Dictionary <string, string> expectedOutputs, ISignedAccessConfig testAccessConfig)
{
var testQueue = GetMessengerClient("testqueue");
var accessUrl = testQueue.GetSignedAccessUrl(testAccessConfig);
//Assertions
Assert.NotNull(accessUrl);
Assert.Contains(expectedOutputs["ExpiryDate"], accessUrl);
Assert.Contains(expectedOutputs["Permission"], accessUrl);
Assert.Contains(expectedOutputs["QueueName"], accessUrl);
}
public void Test_BlobStorage_GetSignedFolderAccessUrl(Dictionary <string, string> expectedOutputs, ISignedAccessConfig testAccessConfig, string folderPath)
{
// Arrange/Act
var accessUrl = _client.GetSignedFolderAccessUrl(folderPath, testAccessConfig).GetAwaiter().GetResult();
// Assert
Assert.NotNull(accessUrl);
Assert.Contains(expectedOutputs["ExpiryDate"], accessUrl);
Assert.Contains(expectedOutputs["Permission"], accessUrl);
Assert.Contains(expectedOutputs["FolderPath"], accessUrl);
}
