public void NewContainerSas_Httpsonly() { blobUtil.SetupTestContainerAndBlob(); try { string containerPermission = "rwdl"; string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission, null, null, false, SharedAccessProtocol.HttpsOnly); blobUtil.ValidateBlobWriteableWithSasToken(blobUtil.Blob, sastoken); try { blobUtil.ValidateBlobWriteableWithSasToken(blobUtil.Blob, sastoken, useHttps: false); Test.Error(string.Format("Write blob with http should fail since the sas is HttpsOnly.")); } catch (StorageException e) { Test.Info(e.Message); ExpectEqual(306, e.RequestInformation.HttpStatusCode, "Protocal not match error: "); } } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSasWithPolicy() { blobUtil.SetupTestContainerAndBlob(); try { TimeSpan sasLifeTime = TimeSpan.FromMinutes(10); BlobContainerPermissions permission = new BlobContainerPermissions(); string policyName = Utility.GenNameString("saspolicy"); permission.SharedAccessPolicies.Add(policyName, new SharedAccessBlobPolicy { SharedAccessExpiryTime = DateTime.Now.Add(sasLifeTime), Permissions = SharedAccessBlobPermissions.Read, }); blobUtil.Container.SetPermissions(permission); string sasToken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, policyName, string.Empty); Test.Info("Sleep and wait for sas policy taking effect"); double lifeTime = 1; Thread.Sleep(TimeSpan.FromMinutes(lifeTime)); ValidateSasToken(blobUtil.Container, "r", sasToken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSasWithLimitedPermission() { blobUtil.SetupTestContainerAndBlob(); try { //Container read permission string containerPermission = "r"; string limitedPermission = lang == Language.PowerShell ? "wdlac" : "wdl"; string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); //Container write permission containerPermission = "w"; limitedPermission = "rdl"; sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); //Container delete permission containerPermission = "d"; limitedPermission = lang == Language.PowerShell ? "rwlac" : "rwl"; sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); //Container list permission containerPermission = "l"; limitedPermission = lang == Language.PowerShell ? "rwdac" : "rwd"; sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); // TODO: Enable it when xplat supports the permissions if (lang == Language.PowerShell) { //Container add permission containerPermission = "a"; limitedPermission = "rwdlc"; sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); //Container create permission containerPermission = "c"; limitedPermission = "rwdla"; sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); } //Container none permission //containerPermission = ""; //limitedPermission = "rdwl"; //sastoken = agent.GetContainerSasFromPsCmd(blobUtil.Container.Name, string.Empty, containerPermission); //ValidateLimitedSasPermission(blobUtil.Container, limitedPermission, sastoken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
/// <summary> /// Generate a sas token and validate it. /// </summary> /// <param name="containerPermission">Container permission</param> internal void GenerateSasTokenAndValid(string containerPermission) { blobUtil.SetupTestContainerAndBlob(); try { string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); ValidateSasToken(blobUtil.Container, containerPermission, sastoken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSasWithFullUri() { blobUtil.SetupTestContainerAndBlob(); try { string containerPermission = Utility.GenRandomCombination(Utility.ContainerPermission); string fullUri = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission); string sasToken = (lang == Language.PowerShell ? fullUri.Substring(fullUri.IndexOf("?")) : fullUri); ValidateSasToken(blobUtil.Container, containerPermission, sasToken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSas_CurrentIPRange() { blobUtil.SetupTestContainerAndBlob(); try { string containerPermission = "rwdl"; string fullUri = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission, null, null, true, null, "0.0.0.0-255.255.255.255"); string sastoken = (lang == Language.PowerShell ? fullUri.Substring(fullUri.IndexOf("?")) : fullUri); blobUtil.ValidateBlobWriteableWithSasToken(blobUtil.Blob, sastoken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSasWithLifeTime() { blobUtil.SetupTestContainerAndBlob(); double lifeTime = 3; //Minutes const double deltaTime = 0.5; DateTime startTime = DateTime.Now.AddMinutes(lifeTime); DateTime expiryTime = startTime.AddMinutes(lifeTime); try { string containerPermission = Utility.GenRandomCombination(Utility.ContainerPermission); string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission, startTime, expiryTime); try { ValidateSasToken(blobUtil.Container, containerPermission, sastoken); Test.Error(string.Format("Access container should fail since the start time is {0}, but now is {1}", startTime.ToUniversalTime().ToString(), DateTime.UtcNow.ToString())); } catch (StorageException e) { Test.Info(e.Message); ExpectEqual(e.RequestInformation.HttpStatusCode, 403, "(403) Forbidden"); } Test.Info("Sleep and wait for the sas token start time"); Thread.Sleep(TimeSpan.FromMinutes(lifeTime + deltaTime)); ValidateSasToken(blobUtil.Container, containerPermission, sastoken); Test.Info("Sleep and wait for sas token expiry time"); Thread.Sleep(TimeSpan.FromMinutes(lifeTime + deltaTime)); try { ValidateSasToken(blobUtil.Container, containerPermission, sastoken); Test.Error(string.Format("Access container should fail since the expiry time is {0}, but now is {1}", expiryTime.ToUniversalTime().ToString(), DateTime.UtcNow.ToString())); } catch (StorageException e) { Test.Info(e.Message); ExpectEqual(e.RequestInformation.HttpStatusCode, 403, "(403) Forbidden"); } } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void ContainerWithListPermission() { blobUtil.SetupTestContainerAndBlob(); try { string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.ContainerName, string.Empty, "l"); CommandAgent.SetStorageContextWithSASToken(StorageAccount.Credentials.AccountName, sastoken, StorageEndpoint); // List blobs with the generated SAS token Test.Assert(CommandAgent.GetAzureStorageBlob(string.Empty, blobUtil.ContainerName), string.Format("List blobs in container {0} should succeed", blobUtil.ContainerName)); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void PolicyWithSASStartTimeFutureToPast() { blobUtil.SetupTestContainerAndBlob(); try { TimeSpan sasLifeTime = TimeSpan.FromMinutes(10); string policyName = Utility.GenNameString("saspolicy"); DateTime?expiryTime = DateTime.Today.AddDays(10); DateTime?startTime = DateTime.Today.AddDays(2); string permission = "r"; //start time is in the future CreateStoredAccessPolicy(policyName, permission, startTime, expiryTime, blobUtil.Container, false); string sasToken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, policyName, string.Empty); Test.Info("Sleep and wait for sas policy taking effect"); double lifeTime = 1; Thread.Sleep(TimeSpan.FromMinutes(lifeTime)); try { blobUtil.ValidateContainerReadableWithSasToken(blobUtil.Container, sasToken); Test.Error(string.Format("Access container should fail since the start time is {0}, but now is {1}", startTime.Value.ToUniversalTime().ToString(), DateTime.UtcNow.ToString())); } catch (StorageException e) { Test.Info(e.Message); ExpectEqual(e.RequestInformation.HttpStatusCode, 403, "(403) Forbidden"); } //modify start time to past startTime = DateTime.Today.AddDays(-2); CommandAgent.SetAzureStorageContainerStoredAccessPolicy(blobUtil.Container.Name, policyName, null, startTime, null); Test.Info("Sleep and wait for sas policy taking effect"); Thread.Sleep(TimeSpan.FromMinutes(lifeTime)); blobUtil.ValidateContainerReadableWithSasToken(blobUtil.Container, sasToken); } finally { blobUtil.CleanupTestContainerAndBlob(); } }
public void NewContainerSas_NotCurrentIP() { blobUtil.SetupTestContainerAndBlob(); try { string containerPermission = "rwdl"; string sastoken = CommandAgent.GetContainerSasFromCmd(blobUtil.Container.Name, string.Empty, containerPermission, null, null, false, null, "1.1.1.1"); try { blobUtil.ValidateBlobWriteableWithSasToken(blobUtil.Blob, sastoken); Test.Error(string.Format("Write blob with should fail since the ipAcl is not current IP.")); } catch (StorageException e) { Test.Info(e.Message); ExpectEqual(e.RequestInformation.HttpStatusCode, 403, "(403) Forbidden"); } } finally { blobUtil.CleanupTestContainerAndBlob(); } }