internal void CreateStoredAccessPolicyAndValidate(string policyName, string permission, DateTime?startTime, DateTime?expiryTime, string containerName = null, bool ifCleanUpContainer = true, bool ifCleanUpPolicy = true)
{
CloudBlobContainer container = blobUtil.CreateContainer(containerName);
try
{
//create the policy
CreateStoredAccessPolicy(policyName, permission, startTime, expiryTime, container, ifCleanUpPolicy);
//get the policy and validate
SharedAccessBlobPolicies expectedPolicies = new SharedAccessBlobPolicies();
expectedPolicies.Add(policyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(startTime, expiryTime, permission));
Utility.RawStoredAccessPolicy policy = new Utility.RawStoredAccessPolicy(policyName, startTime, expiryTime, permission);
Utility.WaitForPolicyBecomeValid <CloudBlobContainer>(container, policy);
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
}
finally
{
if (ifCleanUpPolicy)
{
Utility.ClearStoredAccessPolicy <CloudBlobContainer>(container);
}
if (ifCleanUpContainer)
{
blobUtil.RemoveContainer(container);
}
}
}
public void NewPolicyDifferentValues()
{
List <Utility.RawStoredAccessPolicy> samplePolicies = Utility.SetUpStoredAccessPolicyData <SharedAccessBlobPolicy>();
string containerName = Utility.GenNameString("container");
CloudBlobContainer container = blobUtil.CreateContainer(containerName);
Utility.ClearStoredAccessPolicy <CloudBlobContainer>(container);
try
{
foreach (Utility.RawStoredAccessPolicy rawPolicy in samplePolicies)
{
CreateStoredAccessPolicy(rawPolicy.PolicyName, rawPolicy.Permission, rawPolicy.StartTime, rawPolicy.ExpiryTime, container, false);
}
Utility.WaitForPolicyBecomeValid <CloudBlobContainer>(container, expectedCount: samplePolicies.Count);
SharedAccessBlobPolicies expectedPolicies = new SharedAccessBlobPolicies();
foreach (Utility.RawStoredAccessPolicy rawPolicy in samplePolicies)
{
expectedPolicies.Add(rawPolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(rawPolicy.StartTime, rawPolicy.ExpiryTime, rawPolicy.Permission));
}
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
}
finally
{
blobUtil.RemoveContainer(container);
}
}
public void SetPolicyNoStartTimeNoExpiryTime()
{
CloudBlobContainer container = blobUtil.CreateContainer();
Utility.ClearStoredAccessPolicy <CloudBlobContainer>(container);
Utility.RawStoredAccessPolicy samplePolicy = Utility.SetUpStoredAccessPolicyData <SharedAccessBlobPolicy>()[0];
double effectiveTime = 30;
try
{
CreateStoredAccessPolicy(samplePolicy.PolicyName, samplePolicy.Permission, samplePolicy.StartTime, samplePolicy.ExpiryTime, container);
//NoStartTime
Test.Assert(CommandAgent.SetAzureStorageContainerStoredAccessPolicy(container.Name, samplePolicy.PolicyName, null, null, null, true, false),
"Set stored access policy with -NoStartTime should succeed");
Thread.Sleep(TimeSpan.FromSeconds(effectiveTime));
SharedAccessBlobPolicies expectedPolicies = new SharedAccessBlobPolicies();
expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, samplePolicy.ExpiryTime, samplePolicy.Permission));
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
SharedAccessBlobPolicy policy = Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, samplePolicy.ExpiryTime, samplePolicy.Permission);
Collection <Dictionary <string, object> > comp = new Collection <Dictionary <string, object> >();
comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessBlobPolicy>(policy, samplePolicy.PolicyName));
CommandAgent.OutputValidation(comp);
//NoExpiryTime
Test.Assert(CommandAgent.SetAzureStorageContainerStoredAccessPolicy(container.Name, samplePolicy.PolicyName, null, null, null, false, true),
"Set stored access policy with -NoExpiryTime should succeed");
Thread.Sleep(TimeSpan.FromSeconds(effectiveTime));
expectedPolicies = new SharedAccessBlobPolicies();
expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, null, samplePolicy.Permission));
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
policy = Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, null, samplePolicy.Permission);
comp = new Collection <Dictionary <string, object> >();
comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessBlobPolicy>(policy, samplePolicy.PolicyName));
CommandAgent.OutputValidation(comp);
//both
Utility.ClearStoredAccessPolicy <CloudBlobContainer>(container);
CreateStoredAccessPolicy(samplePolicy.PolicyName, samplePolicy.Permission, samplePolicy.StartTime, samplePolicy.ExpiryTime, container);
Test.Assert(CommandAgent.SetAzureStorageContainerStoredAccessPolicy(container.Name, samplePolicy.PolicyName, null, null, null, true, true),
"Set stored access policy with both -NoStartTime and -NoExpiryTime should succeed");
Thread.Sleep(TimeSpan.FromSeconds(effectiveTime));
expectedPolicies = new SharedAccessBlobPolicies();
expectedPolicies.Add(samplePolicy.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, null, samplePolicy.Permission));
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
policy = Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(null, null, samplePolicy.Permission);
comp = new Collection <Dictionary <string, object> >();
comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessBlobPolicy>(policy, samplePolicy.PolicyName));
CommandAgent.OutputValidation(comp);
}
finally
{
blobUtil.RemoveContainer(container);
}
}
internal void SetStoredAccessPolicyAndValidate(Utility.RawStoredAccessPolicy policy1, Utility.RawStoredAccessPolicy policy2, string containerName = null, bool ifCleanupPolicy = true, bool ifCleanupContainer = true)
{
CloudBlobContainer container = blobUtil.CreateContainer(containerName);
if (ifCleanupPolicy)
{
Utility.ClearStoredAccessPolicy <CloudBlobContainer>(container);
}
policy2.PolicyName = policy1.PolicyName;
try
{
CommandAgent.NewAzureStorageContainerStoredAccessPolicy(container.Name, policy1.PolicyName, policy1.Permission, policy1.StartTime, policy1.ExpiryTime);
Test.Assert(CommandAgent.SetAzureStorageContainerStoredAccessPolicy(container.Name, policy2.PolicyName, policy2.Permission, policy2.StartTime, policy2.ExpiryTime),
"Set stored access policy in container should succeed");
Test.Info("Set stored access policy:{0}", policy2.PolicyName);
//get the policy and validate
SharedAccessBlobPolicies expectedPolicies = new SharedAccessBlobPolicies();
if (policy2.StartTime == null)
{
policy2.StartTime = policy1.StartTime;
}
if (policy2.ExpiryTime == null)
{
policy2.ExpiryTime = policy1.ExpiryTime;
}
if (policy2.Permission == null)
{
policy2.Permission = policy1.Permission;
}
expectedPolicies.Add(policy2.PolicyName, Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(policy2.StartTime, policy2.ExpiryTime, policy2.Permission));
Utility.WaitForPolicyBecomeValid <CloudBlobContainer>(container, policy2);
Utility.ValidateStoredAccessPolicies <SharedAccessBlobPolicy>(container.GetPermissions().SharedAccessPolicies, expectedPolicies);
//validate the output
SharedAccessBlobPolicy policy = Utility.SetupSharedAccessPolicy <SharedAccessBlobPolicy>(policy2.StartTime, policy2.ExpiryTime, policy2.Permission);
Collection <Dictionary <string, object> > comp = new Collection <Dictionary <string, object> >();
comp.Add(Utility.ConstructGetPolicyOutput <SharedAccessBlobPolicy>(policy, policy2.PolicyName));
CommandAgent.OutputValidation(comp);
}
finally
{
if (ifCleanupContainer)
{
blobUtil.RemoveContainer(container);
}
}
}
static void SerializeAccessPolicies(XmlWriter writer, SharedAccessBlobPolicies policies)
{
writer.WriteStartElement("SignedIdentifiers");
foreach (KeyValuePair <string, SharedAccessBlobPolicy> pair in policies)
{
writer.WriteStartElement("SignedIdentifier");
writer.WriteElementString("Id", pair.Key);
writer.WriteStartElement("AccessPolicy");
if (pair.Value.SharedAccessStartTime != null)
{
DateTimeOffset start = (DateTimeOffset)pair.Value.SharedAccessStartTime;
writer.WriteElementString("Start", start.ToString("s") + "Z");
}
else
{
writer.WriteElementString("Start", "");
}
if (pair.Value.SharedAccessExpiryTime != null)
{
DateTimeOffset expiry = (DateTimeOffset)pair.Value.SharedAccessExpiryTime;
writer.WriteElementString("Expiry", expiry.ToString("s") + "Z");
}
else
{
writer.WriteElementString("Expiry", "");
}
var permissions = pair.Value.Permissions;
string permString = "";
if (permissions.HasFlag(SharedAccessBlobPermissions.Delete))
{
permString += "d";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.List))
{
permString += "l";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.Read))
{
permString += "r";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.Write))
{
permString += "w";
}
writer.WriteElementString("Permission", permString);
writer.WriteEndElement(); // AccessPolicy
writer.WriteEndElement(); // SignedIdentifier
}
writer.WriteEndElement(); // SignedIdentifiers
}
/// <summary>
/// Writes a collection of shared access policies to the specified stream in XML format.
/// </summary>
/// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
/// <param name="outputStream">An output stream.</param>
public static void WriteSharedAccessIdentifiers(SharedAccessBlobPolicies sharedAccessPolicies, Stream outputStream)
{
Request.WriteSharedAccessIdentifiers(
sharedAccessPolicies,
outputStream,
(policy, writer) =>
{
writer.WriteElementString(
Constants.Start,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
writer.WriteElementString(
Constants.Expiry,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
writer.WriteElementString(
Constants.Permission,
SharedAccessBlobPolicy.PermissionsToString(policy.Permissions));
});
}
/// <summary>
/// Writes a collection of shared access policies to the specified stream in XML format.
/// </summary>
/// <param name="sharedAccessPolicies">A collection of shared access policies.</param>
/// <param name="outputStream">An output stream.</param>
public static void WriteSharedAccessIdentifiers(SharedAccessBlobPolicies sharedAccessPolicies, Stream outputStream)
{
Request.WriteSharedAccessIdentifiers(
sharedAccessPolicies,
outputStream,
(policy, writer) =>
{
writer.WriteElementString(
Constants.Start,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessStartTime));
writer.WriteElementString(
Constants.Expiry,
SharedAccessSignatureHelper.GetDateTimeOrEmpty(policy.SharedAccessExpiryTime));
writer.WriteElementString(
Constants.Permission,
SharedAccessBlobPolicy.PermissionsToString(policy.Permissions));
});
}
private async Task <HttpResponseMessage> SetContainerAcl(CloudBlobContainer container)
{
var formatter = GlobalConfiguration.Configuration.Formatters.XmlFormatter;
var stream = await Request.Content.ReadAsStreamAsync();
SharedAccessBlobPolicies policies = (SharedAccessBlobPolicies)await formatter.ReadFromStreamAsync(typeof(SharedAccessBlobPolicies), stream, null, null);
string accessLevel = Request.Headers.GetValues("x-ms-blob-public-access").FirstOrDefault();
BlobContainerPublicAccessType access = BlobContainerPublicAccessType.Off;
if (!String.IsNullOrWhiteSpace(accessLevel))
{
if (accessLevel.ToLower() == "blob")
{
access = BlobContainerPublicAccessType.Blob;
}
else if (accessLevel.ToLower() == "container")
{
access = BlobContainerPublicAccessType.Container;
}
}
BlobContainerPermissions perms = new BlobContainerPermissions()
{
PublicAccess = access
};
foreach (var policy in policies)
{
perms.SharedAccessPolicies.Add(policy);
}
var status = await ContainerHandler.DoForAllContainersAsync(container.Name,
HttpStatusCode.OK,
async containerObj => await containerObj.SetPermissionsAsync(perms),
true);
HttpResponseMessage response = new HttpResponseMessage(status.StatusCode);
await AddBasicContainerHeaders(response, container);
return(response);
}
internal async Task GetAzureContainerStoredAccessPolicyAsync(long taskId, IStorageBlobManagement localChannel, string containerName, string policyName)
{
SharedAccessBlobPolicies shareAccessPolicies = await GetPoliciesAsync(localChannel, containerName, policyName).ConfigureAwait(false);
if (!String.IsNullOrEmpty(policyName))
{
if (shareAccessPolicies.Keys.Contains(policyName))
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessBlobPolicy>(shareAccessPolicies, policyName));
}
else
{
throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName));
}
}
else
{
foreach (string key in shareAccessPolicies.Keys)
{
OutputStream.WriteObject(taskId, AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessBlobPolicy>(shareAccessPolicies, key));
}
}
}
static SharedAccessBlobPolicies DeserializeAccessPolicies(XmlReader reader)
{
SharedAccessBlobPolicies ret = new SharedAccessBlobPolicies();
string signedIdentifier = "SignedIdentifier";
string accessPolicy = "AccessPolicy";
string wrapper = "SignedIdentifiers";
reader.Read(); //Advance past xml declaration element
reader.Read();
while (!reader.EOF)
{
if (reader.Name == wrapper && !reader.IsStartElement())
{
break; //Reached the end of the file
}
while (reader.Name != signedIdentifier && !reader.EOF)
{
reader.Read(); //Advance to the next policy
}
if (reader.EOF)
{
break;
}
string id = "";
DateTimeOffset?start = new DateTimeOffset();
DateTimeOffset?expiry = new DateTimeOffset();
//Set permissions to None by default
SharedAccessBlobPermissions permissionObj = 0;
reader.Read(); //Go past start tag.
// Keep reading until we reach the end of the identifier
while (reader.Name != signedIdentifier)
{
if (reader.Name == "Id")
{
reader.Read(); //Get to the value.
id = reader.Value;
reader.Read();
}
else if (reader.Name == accessPolicy)
{
reader.Read();
while (reader.Name != accessPolicy)
{
if (reader.Name == "Start")
{
reader.Read();
if (!string.IsNullOrWhiteSpace(reader.Value))
{
start = DateTimeOffset.Parse(reader.Value);
}
else
{
start = null;
}
reader.Read();
}
else if (reader.Name == "Expiry")
{
reader.Read();
if (!string.IsNullOrWhiteSpace(reader.Value))
{
expiry = DateTimeOffset.Parse(reader.Value);
}
else
{
expiry = null;
}
reader.Read();
}
else if (reader.Name == "Permission")
{
reader.Read();
string permissions = reader.Value;
if (permissions.Contains('r'))
{
permissionObj |= SharedAccessBlobPermissions.Read;
}
if (permissions.Contains('w'))
{
permissionObj |= SharedAccessBlobPermissions.Write;
}
if (permissions.Contains('d'))
{
permissionObj |= SharedAccessBlobPermissions.Delete;
}
if (permissions.Contains('l'))
{
permissionObj |= SharedAccessBlobPermissions.List;
}
reader.Read();
}
reader.Read();
}
}
reader.Read();
}
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
{
SharedAccessStartTime = start,
SharedAccessExpiryTime = expiry,
Permissions = permissionObj
};
ret.Add(new KeyValuePair <string, SharedAccessBlobPolicy>(id, policy));
reader.Read();
}
return(ret);
}
static SharedAccessBlobPolicies DeserializeAccessPolicies(XmlReader reader)
{
SharedAccessBlobPolicies ret = new SharedAccessBlobPolicies();
string signedIdentifier = "SignedIdentifier";
string accessPolicy = "AccessPolicy";
string wrapper = "SignedIdentifiers";
reader.Read(); //Advance past xml declaration element
reader.Read();
while (!reader.EOF)
{
if (reader.Name == wrapper && !reader.IsStartElement())
{
break; //Reached the end of the file
}
while (reader.Name != signedIdentifier && !reader.EOF)
{
reader.Read(); //Advance to the next policy
}
if (reader.EOF)
{
break;
}
string id = "";
DateTimeOffset? start = null;
DateTimeOffset? expiry = null;
//Set permissions to None by default
SharedAccessBlobPermissions permissionObj = 0;
reader.Read(); //Go past start tag.
// Keep reading until we reach the end of the identifier
while (reader.Name != signedIdentifier)
{
if (reader.Name == "Id")
{
reader.Read(); //Get to the value.
id = reader.Value;
reader.Read();
}
else if (reader.Name == accessPolicy)
{
reader.Read();
while (reader.Name != accessPolicy)
{
if (reader.Name == "Start")
{
reader.Read();
if (!string.IsNullOrWhiteSpace(reader.Value))
{
start = DateTimeOffset.Parse(reader.Value);
}
else
{
start = null;
}
reader.Read();
}
else if (reader.Name == "Expiry")
{
reader.Read();
if (!string.IsNullOrWhiteSpace(reader.Value))
{
expiry = DateTimeOffset.Parse(reader.Value);
}
else
{
expiry = null;
}
reader.Read();
}
else if (reader.Name == "Permission")
{
reader.Read();
string permissions = reader.Value;
if (permissions.Contains('r'))
{
permissionObj |= SharedAccessBlobPermissions.Read;
}
if (permissions.Contains('w'))
{
permissionObj |= SharedAccessBlobPermissions.Write;
}
if (permissions.Contains('d'))
{
permissionObj |= SharedAccessBlobPermissions.Delete;
}
if (permissions.Contains('l'))
{
permissionObj |= SharedAccessBlobPermissions.List;
}
reader.Read();
}
reader.Read();
}
}
reader.Read();
}
SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy()
{
SharedAccessStartTime = start,
SharedAccessExpiryTime = expiry,
Permissions = permissionObj
};
ret.Add(new KeyValuePair<string, SharedAccessBlobPolicy>(id, policy));
reader.Read();
}
return ret;
}
static void SerializeAccessPolicies(XmlWriter writer, SharedAccessBlobPolicies policies)
{
writer.WriteStartElement("SignedIdentifiers");
foreach (KeyValuePair<string, SharedAccessBlobPolicy> pair in policies)
{
writer.WriteStartElement("SignedIdentifier");
writer.WriteElementString("Id", pair.Key);
writer.WriteStartElement("AccessPolicy");
if (pair.Value.SharedAccessStartTime != null)
{
DateTimeOffset start = (DateTimeOffset)pair.Value.SharedAccessStartTime;
writer.WriteElementString("Start", start.ToString("s") + "Z");
}
else
{
writer.WriteElementString("Start", "");
}
if (pair.Value.SharedAccessExpiryTime != null)
{
DateTimeOffset expiry = (DateTimeOffset)pair.Value.SharedAccessExpiryTime;
writer.WriteElementString("Expiry", expiry.ToString("s") + "Z");
}
else
{
writer.WriteElementString("Expiry", "");
}
var permissions = pair.Value.Permissions;
string permString = "";
if (permissions.HasFlag(SharedAccessBlobPermissions.Delete))
{
permString += "d";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.List))
{
permString += "l";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.Read))
{
permString += "r";
}
if (permissions.HasFlag(SharedAccessBlobPermissions.Write))
{
permString += "w";
}
writer.WriteElementString("Permission", permString);
writer.WriteEndElement(); // AccessPolicy
writer.WriteEndElement(); // SignedIdentifier
}
writer.WriteEndElement(); // SignedIdentifiers
}
public void AssertIdentifierInSharedAccessPolicies(SharedAccessBlobPolicies sharedAccessPolicies, Basic.Azure.Storage.Communications.Common.BlobSignedIdentifier expectedIdentifier, SharedAccessBlobPermissions permissions)
{
var policy = sharedAccessPolicies.Where(i => i.Key.Equals(expectedIdentifier.Id, StringComparison.InvariantCultureIgnoreCase)).FirstOrDefault();
Assert.IsNotNull(policy);
Assert.AreEqual(expectedIdentifier.AccessPolicy.StartTime, policy.Value.SharedAccessStartTime.Value.UtcDateTime);
Assert.AreEqual(expectedIdentifier.AccessPolicy.Expiry, policy.Value.SharedAccessExpiryTime.Value.UtcDateTime);
Assert.IsTrue(policy.Value.Permissions.HasFlag(permissions));
}
private void SavePolicies_Click(object sender, RoutedEventArgs e)
{
SharedAccessBlobPolicies policies = new SharedAccessBlobPolicies();
if (PolicyViews != null)
{
foreach (PolicyView policyView in PolicyViews)
{
if (!String.IsNullOrEmpty(policyView.PolicyName))
{
if (!policyView.Validate())
{
MessageBox.Show("Policy '" + policyView.PolicyName + "' has one or more fields that are not formatted properly.", "Validation Error", MessageBoxButton.OK);
return;
}
policies.Add(policyView.PolicyName, policyView.Policy);
}
}
}
try
{
Cursor = Cursors.Wait;
ViewModel.SetContainerAccessPolicies(containerName, policies);
MessageBox.Show("Container policies have been saved.", "Save Complete", MessageBoxButton.OK);
}
catch (Exception ex)
{
MessageBox.Show("Saving policies failed due to an error.\r\n\r\n" + ex.ToString(), "Save Error", MessageBoxButton.OK);
}
finally
{
Cursor = Cursors.Arrow;
}
}
public static void WriteSharedAccessIdentifiers(SharedAccessBlobPolicies sharedAccessPolicies, Stream outputStream)
{
throw new System.NotImplementedException();
}
public void SetContainerAccessPolicies(string containerName, SharedAccessBlobPolicies policies)
{
CloudBlobClient client = CloudStorageAccount.CreateCloudBlobClient();
client.RetryPolicy = new LinearRetry(TimeSpan.Zero, 20);
//client.RetryPolicy = RetryPolicies.Retry(20, TimeSpan.Zero);
CloudBlobContainer container = client.GetContainerReference(containerName);
BlobContainerPermissions permissions = container.GetPermissions();
permissions.SharedAccessPolicies.Clear();
if (policies != null)
{
foreach (KeyValuePair<string, SharedAccessBlobPolicy> policy in policies)
{
permissions.SharedAccessPolicies.Add(policy.Key, policy.Value);
}
}
container.SetPermissions(permissions);
}