public void GenerateSas_BuilderIsDirectoryError() { var constants = TestConstants.Create(this); var blobEndpoint = new Uri("http://127.0.0.1/"); UriBuilder blobUriBuilder = new UriBuilder(blobEndpoint); string fileSystemName = GetNewFileSystemName(); string fileName = GetNewFileName(); DataLakeSasPermissions permissions = DataLakeSasPermissions.Read; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); blobUriBuilder.Path += constants.Sas.Account + "/" + fileSystemName + "/" + fileName; DataLakePathClient containerClient = InstrumentClient(new DataLakePathClient( blobUriBuilder.Uri, constants.Sas.SharedKeyCredential, GetOptions())); DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder(permissions, expiresOn) { FileSystemName = fileSystemName, Path = fileName, IsDirectory = true, }; // Act try { containerClient.GenerateSasUri(sasBuilder); Assert.Fail("DataLakeFileClient.GenerateSasUri should have failed with an ArgumentException."); } catch (InvalidOperationException) { //the correct exception came back } }
public async Task DataLakeSasBuilder_BothObjectId_Error() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); string directoryName = GetNewDirectoryName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); // Arrange DataLakeDirectoryClient directory = await test.FileSystem.CreateDirectoryAsync(directoryName); DataLakeFileClient file = await directory.CreateFileAsync(GetNewFileName()); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, PreauthorizedAgentObjectId = Recording.Random.NewGuid().ToString(), AgentObjectId = Recording.Random.NewGuid().ToString() }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); TestHelper.AssertExpectedException <InvalidOperationException>( () => dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName), new InvalidOperationException("SAS cannot have the following parameters specified in conjunction: PreauthorizedAgentObjectId, AgentObjectId")); }
public void GenerateSas_RequiredParameters() { // Arrange var constants = TestConstants.Create(this); string fileSystemName = GetNewFileSystemName(); string path = GetNewFileName(); DataLakeSasPermissions permissions = DataLakeSasPermissions.Read; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); var blobEndpoint = new Uri("http://127.0.0.1/" + constants.Sas.Account + "/" + fileSystemName + "/" + path); DataLakePathClient pathClient = InstrumentClient(new DataLakePathClient( blobEndpoint, constants.Sas.SharedKeyCredential, GetOptions())); // Act Uri sasUri = pathClient.GenerateSasUri(permissions, expiresOn); // Assert DataLakeSasBuilder sasBuilder2 = new DataLakeSasBuilder(permissions, expiresOn) { FileSystemName = fileSystemName, Path = path }; DataLakeUriBuilder expectedUri = new DataLakeUriBuilder(blobEndpoint) { Sas = sasBuilder2.ToSasQueryParameters(constants.Sas.SharedKeyCredential) }; Assert.AreEqual(expectedUri.ToUri().ToString(), sasUri.ToString()); }
public void GenerateSas_BuilderWrongFileSystemName() { // Arrange var constants = new TestConstants(this); var blobEndpoint = new Uri("http://127.0.0.1/"); UriBuilder blobUriBuilder = new UriBuilder(blobEndpoint); string path = GetNewFileName(); DataLakeSasPermissions permissions = DataLakeSasPermissions.Read; DateTimeOffset expiresOn = Recording.UtcNow.AddHours(+1); blobUriBuilder.Path += constants.Sas.Account + "/" + GetNewFileSystemName() + "/" + path; DataLakePathClient pathClient = InstrumentClient(new DataLakePathClient( blobUriBuilder.Uri, constants.Sas.SharedKeyCredential, GetOptions())); DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder(permissions, expiresOn) { FileSystemName = GetNewFileSystemName(), // different filesystem name Path = path, }; // Act try { pathClient.GenerateSasUri(sasBuilder); Assert.Fail("DataLakePathClient.GenerateSasUri should have failed with an ArgumentException."); } catch (InvalidOperationException) { //the correct exception came back } }
public async Task DataLakeSasBuilder_DirectoryDepth(string directoryName) { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); DataLakeDirectoryClient directory = test.FileSystem.GetDirectoryClient(directoryName); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, Path = directoryName, IsDirectory = true }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); DataLakeSasQueryParameters sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName); int expectedDepth = directoryName.Split('/').Length; if (expectedDepth > 0) { expectedDepth -= directoryName.ElementAt(0) == '/' ? 1 : 0; expectedDepth -= directoryName.ElementAt(directoryName.Length - 1) == '/' ? 1 : 0; } Assert.AreEqual(expectedDepth, sas.DirectoryDepth); }
public async Task SetPermissions_Filesystem(DataLakeFileSystemSasPermissions permissions) { // Arrange await using DisposingFileSystem test = await GetNewFileSystem(); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name }; dataLakeSasBuilder.SetPermissions(permissions); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigHierarchicalNamespace.AccountName, TestConfigHierarchicalNamespace.AccountKey); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(test.FileSystem.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(sharedKeyCredential) }; DataLakeFileSystemClient sasFileSystemClient = InstrumentClient(new DataLakeFileSystemClient(dataLakeUriBuilder.ToUri(), GetOptions())); // Act await foreach (PathItem pathItem in sasFileSystemClient.GetPathsAsync()) { // Just make sure the call succeeds. } }
public DataLakeSasQueryParameters GetNewDataLakeSasCredentialsOwner(string fileSystemName, string ownerName, UserDelegationKey userDelegationKey, string accountName) { DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = fileSystemName, AgentObjectId = ownerName }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); return(dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, accountName)); }
public DataLakeSasQueryParameters GetNewDataLakeServiceIdentitySasCredentialsFileSystem(string fileSystemName, UserDelegationKey userDelegationKey, string accountName) { var builder = new DataLakeSasBuilder { FileSystemName = fileSystemName, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(DataLakeFileSystemSasPermissions.All); return(builder.ToSasQueryParameters(userDelegationKey, accountName)); }
public DataLakeSasQueryParameters GetNewDataLakeServiceSasCredentialsFileSystem(string fileSystemName, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new DataLakeSasBuilder { FileSystemName = fileSystemName, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions(DataLakeFileSystemSasPermissions.All); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? GetNewSharedKeyCredentials())); }
public async Task DataLakeSasBuilder_AgentObjectId() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); string directoryName = GetNewDirectoryName(); string unknownGuid = Recording.Random.NewGuid().ToString(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); // Arrange DataLakeDirectoryClient directory = test.FileSystem.GetRootDirectoryClient(); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); // Give UnknownGuid rights IList <PathAccessControlItem> accessControlList = new List <PathAccessControlItem>() { new PathAccessControlItem( AccessControlType.User, RolePermissions.Read | RolePermissions.Write | RolePermissions.Execute, false, unknownGuid) }; await directory.SetAccessControlListAsync(accessControlList); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, AgentObjectId = unknownGuid }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(test.FileSystem.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName) }; DataLakeDirectoryClient sasDirectoryClient = new DataLakeDirectoryClient(dataLakeUriBuilder.ToUri(), GetOptions()); // Act DataLakeFileClient file = await sasDirectoryClient.CreateFileAsync(GetNewFileName()); }
public void EnsureStateTests() { DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder(); // No Identifier, Permissions and ExpiresOn not present. TestHelper.AssertExpectedException( () => sasBuilder.EnsureState(), new InvalidOperationException("SAS is missing required parameter: Permissions")); sasBuilder.SetPermissions(_sasPermissions); // No Identifier, ExpiresOn not present. TestHelper.AssertExpectedException( () => sasBuilder.EnsureState(), new InvalidOperationException("SAS is missing required parameter: ExpiresOn")); }
// </Snippet_GetServiceSasUriForContainer> #endregion #region GetServiceSasUriForDirectory //------------------------------------------------- // Get service SAS for directory //------------------------------------------------- // <Snippet_GetServiceSasUriForDirectory> private static Uri GetServiceSasUriForDirectory(DataLakeDirectoryClient directoryClient, string storedPolicyName = null) { if (directoryClient.CanGenerateSasUri) { // Create a SAS token that's valid for one hour. DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder() { // Specify the file system name, the path, and indicate that // the client object points to a directory. FileSystemName = directoryClient.FileSystemName, Resource = "d", IsDirectory = true, Path = directoryClient.Path, }; // If no stored access policy is specified, create the policy // by specifying expiry and permissions. if (storedPolicyName == null) { sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1); sasBuilder.SetPermissions(DataLakeSasPermissions.Read | DataLakeSasPermissions.Write | DataLakeSasPermissions.List); } else { sasBuilder.Identifier = storedPolicyName; } // Get the SAS URI for the specified directory. Uri sasUri = directoryClient.GenerateSasUri(sasBuilder); Console.WriteLine("SAS URI for ADLS directory is: {0}", sasUri); Console.WriteLine(); return(sasUri); } else { Console.WriteLine(@"DataLakeDirectoryClient must be authorized with Shared Key credentials to create a service SAS."); return(null); } }
public async Task DataLakeSasBuilder_DirectoryDepth_Exists() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); DataLakeDirectoryClient directory = await test.FileSystem.CreateDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory = await directory.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory2 = await subdirectory.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory3 = await subdirectory2.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeFileClient file = await subdirectory3.CreateFileAsync(GetNewFileName()); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, Path = subdirectory3.Path, IsDirectory = true }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(subdirectory3.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName) }; DataLakeDirectoryClient sasDirectoryClient = InstrumentClient(new DataLakeDirectoryClient(dataLakeUriBuilder.ToUri(), GetOptions())); // Act await sasDirectoryClient.ExistsAsync(); }
public async Task DataLakeSasBuilderRawPermissions_2020_02_10(string permissionsString) { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); string directoryName = GetNewDirectoryName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); // Arrange DataLakeDirectoryClient directory = await test.FileSystem.CreateDirectoryAsync(directoryName); DataLakeFileClient file = await directory.CreateFileAsync(GetNewFileName()); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name }; dataLakeSasBuilder.SetPermissions( rawPermissions: permissionsString, normalize: true); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(test.FileSystem.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName) }; DataLakeFileSystemClient sasFileSystemClient = InstrumentClient(new DataLakeFileSystemClient(dataLakeUriBuilder.ToUri(), GetOptions())); // Act await foreach (PathItem pathItem in sasFileSystemClient.GetPathsAsync()) { // Just make sure the call succeeds. } }
public DataLakeSasQueryParameters GetNewDataLakeServiceSasCredentialsPath(string fileSystemName, string path, StorageSharedKeyCredential sharedKeyCredentials = default) { var builder = new DataLakeSasBuilder { FileSystemName = fileSystemName, Path = path, Protocol = SasProtocol.None, StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(+1), IPRange = new SasIPRange(IPAddress.None, IPAddress.None) }; builder.SetPermissions( DataLakeSasPermissions.Read | DataLakeSasPermissions.Add | DataLakeSasPermissions.Create | DataLakeSasPermissions.Delete | DataLakeSasPermissions.Write); return(builder.ToSasQueryParameters(sharedKeyCredentials ?? Tenants.GetNewHnsSharedKeyCredentials())); }
public async Task DataLakeSasBuilder_DirectoryDepth_SharedKey() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); DataLakeDirectoryClient directory = await test.FileSystem.CreateDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory = await directory.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory2 = await subdirectory.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeDirectoryClient subdirectory3 = await subdirectory2.CreateSubDirectoryAsync(GetNewDirectoryName()); DataLakeFileClient file = await subdirectory3.CreateFileAsync(GetNewFileName()); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, Path = subdirectory3.Path, IsDirectory = true }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); StorageSharedKeyCredential sharedKeyCredential = new StorageSharedKeyCredential(TestConfigHierarchicalNamespace.AccountName, TestConfigHierarchicalNamespace.AccountKey); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(subdirectory3.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(sharedKeyCredential) }; DataLakeDirectoryClient sasDirectoryClient = InstrumentClient(new DataLakeDirectoryClient(dataLakeUriBuilder.ToUri(), GetOptions())); // Act await sasDirectoryClient.ExistsAsync(); }
public async Task DataLakeSasBuilder_AgentObjectId_Error() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); string directoryName = GetNewDirectoryName(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); // Arrange DataLakeDirectoryClient directory = await test.FileSystem.CreateDirectoryAsync(directoryName); DataLakeFileClient file = await directory.CreateFileAsync(GetNewFileName()); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, AgentObjectId = Recording.Random.NewGuid().ToString() }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(test.FileSystem.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName) }; DataLakeFileSystemClient sasFileSystemClient = InstrumentClient(new DataLakeFileSystemClient(dataLakeUriBuilder.ToUri(), GetOptions())); // Act await TestHelper.AssertExpectedExceptionAsync <RequestFailedException>( sasFileSystemClient.ExistsAsync(), e => Assert.IsNotNull(e.ErrorCode)); }
private async Task <bool> DoesOAuthWorkAsync() { TestContext.Error.WriteLine($"Datalake Probing OAuth {Process.GetCurrentProcess().Id}"); try { for (int i = 0; i < 10; i++) { // Check flat account. For some reason we observe failures if that one doesn't work before we start datalake run. { BlobServiceClient serviceClient = new BlobServiceClient( new Uri(TestConfigurations.DefaultTargetOAuthTenant.BlobServiceEndpoint), GetOAuthCredential(TestConfigurations.DefaultTargetOAuthTenant)); await serviceClient.GetPropertiesAsync(); var containerName = Guid.NewGuid().ToString(); var containerClient = serviceClient.GetBlobContainerClient(containerName); await containerClient.CreateIfNotExistsAsync(); try { await containerClient.GetPropertiesAsync(); var blobName = Guid.NewGuid().ToString(); var blobClient = containerClient.GetAppendBlobClient(blobName); await blobClient.CreateIfNotExistsAsync(); await blobClient.GetPropertiesAsync(); var userDelegationKey = await serviceClient.GetUserDelegationKeyAsync(startsOn : null, expiresOn : DateTimeOffset.UtcNow.AddHours(1)); var sasBuilder = new BlobSasBuilder(BlobSasPermissions.All, DateTimeOffset.UtcNow.AddHours(1)) { BlobContainerName = containerName, BlobName = blobName, }; var sas = sasBuilder.ToSasQueryParameters(userDelegationKey.Value, serviceClient.AccountName).ToString(); await new BlobBaseClient(blobClient.Uri, new AzureSasCredential(sas)).GetPropertiesAsync(); } finally { await containerClient.DeleteIfExistsAsync(); } } // Check hierarchical account. { DataLakeServiceClient serviceClient = new DataLakeServiceClient( new Uri(TestConfigurations.DefaultTargetHierarchicalNamespaceTenant.BlobServiceEndpoint), GetOAuthCredential(TestConfigurations.DefaultTargetHierarchicalNamespaceTenant)); await serviceClient.GetPropertiesAsync(); var fileSystemName = Guid.NewGuid().ToString(); var fileSystemClient = serviceClient.GetFileSystemClient(fileSystemName); await fileSystemClient.CreateIfNotExistsAsync(); try { var directoryName = Guid.NewGuid().ToString(); var directoryClient = fileSystemClient.GetDirectoryClient(directoryName); await directoryClient.CreateIfNotExistsAsync(); await directoryClient.GetPropertiesAsync(); var fileName = Guid.NewGuid().ToString(); var fileClient = directoryClient.GetFileClient(fileName); await fileClient.CreateIfNotExistsAsync(); await fileClient.GetPropertiesAsync(); // call some APIs that talk to DFS endoint as well. await fileClient.AppendAsync(new MemoryStream(new byte[] { 1 }), 0); await fileClient.GetAccessControlAsync(); var userDelegationKey = await serviceClient.GetUserDelegationKeyAsync(startsOn : null, expiresOn : DateTimeOffset.UtcNow.AddHours(1)); var sasBuilder = new DataLakeSasBuilder(DataLakeSasPermissions.All, DateTimeOffset.UtcNow.AddHours(1)) { FileSystemName = fileSystemName, Path = fileClient.Path, }; var sas = sasBuilder.ToSasQueryParameters(userDelegationKey.Value, serviceClient.AccountName).ToString(); await new DataLakeFileClient(fileClient.Uri, new AzureSasCredential(sas)).GetPropertiesAsync(); } finally { await fileSystemClient.DeleteIfExistsAsync(); } } } } catch (RequestFailedException e) when(e.Status == 403 && e.ErrorCode == "AuthorizationPermissionMismatch") { TestContext.Error.WriteLine($"Datalake Probing OAuth - not ready {Process.GetCurrentProcess().Id}"); return(false); } TestContext.Error.WriteLine($"Datalake Probing OAuth - ready {Process.GetCurrentProcess().Id}"); return(true); }
/// <summary> /// Get SAS string for DatalakeGen2 /// </summary> public static string GetDatalakeGen2SharedAccessSignature(AzureStorageContext context, DataLakeSasBuilder sasBuilder, bool generateUserDelegationSas, DataLakeClientOptions clientOptions, CancellationToken cancelToken) { if (context != null && context.StorageAccount.Credentials.IsSharedKey) { return(sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString()); } if (generateUserDelegationSas) { global::Azure.Storage.Files.DataLake.Models.UserDelegationKey userDelegationKey = null; DataLakeServiceClient oauthService = new DataLakeServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, clientOptions); Util.ValidateUserDelegationKeyStartEndTime(sasBuilder.StartsOn, sasBuilder.ExpiresOn); userDelegationKey = oauthService.GetUserDelegationKey( startsOn: sasBuilder.StartsOn == DateTimeOffset.MinValue || sasBuilder.StartsOn == null ? DateTimeOffset.UtcNow : sasBuilder.StartsOn.ToUniversalTime(), expiresOn: sasBuilder.ExpiresOn.ToUniversalTime(), cancellationToken: cancelToken); return(sasBuilder.ToSasQueryParameters(userDelegationKey, context.StorageAccountName).ToString()); } else { throw new InvalidOperationException("Create SAS only supported with SharedKey or Oauth credentail."); } }
// </Snippet_ListBlobsWithSasAsync> #endregion #region // <Snippet_GetUserDelegationSasDirectory> async static Task <Uri> GetUserDelegationSasDirectory(DataLakeDirectoryClient directoryClient) { try { // Get service endpoint from the directory URI. DataLakeUriBuilder dataLakeServiceUri = new DataLakeUriBuilder(directoryClient.Uri) { FileSystemName = null, DirectoryOrFilePath = null }; // Get service client. DataLakeServiceClient dataLakeServiceClient = new DataLakeServiceClient(dataLakeServiceUri.ToUri(), new DefaultAzureCredential()); // Get a user delegation key that's valid for seven days. // You can use the key to generate any number of shared access signatures // over the lifetime of the key. Azure.Storage.Files.DataLake.Models.UserDelegationKey userDelegationKey = await dataLakeServiceClient.GetUserDelegationKeyAsync(DateTimeOffset.UtcNow, DateTimeOffset.UtcNow.AddDays(7)); // Create a SAS token that's valid for seven days. DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder() { // Specify the file system name and path, and indicate that // the client object points to a directory. FileSystemName = directoryClient.FileSystemName, Resource = "d", IsDirectory = true, Path = directoryClient.Path, ExpiresOn = DateTimeOffset.UtcNow.AddDays(7) }; // Specify racwl permissions for the SAS. sasBuilder.SetPermissions( DataLakeSasPermissions.Read | DataLakeSasPermissions.Add | DataLakeSasPermissions.Create | DataLakeSasPermissions.Write | DataLakeSasPermissions.List ); // Construct the full URI, including the SAS token. DataLakeUriBuilder fullUri = new DataLakeUriBuilder(directoryClient.Uri) { Sas = sasBuilder.ToSasQueryParameters(userDelegationKey, dataLakeServiceClient.AccountName) }; Console.WriteLine("Directory user delegation SAS URI: {0}", fullUri); Console.WriteLine(); return(fullUri.ToUri()); } catch (Exception e) { Console.WriteLine(e.Message); throw; } }
public override void ExecuteCmdlet() { IStorageBlobManagement localChannel = Channel; // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas bool generateUserDelegationSas = false; if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken) { if (ShouldProcess(this.Path, "Generate User Delegation SAS, since input Storage Context is OAuth based.")) { generateUserDelegationSas = true; } else { return; } } if (this.ParameterSetName == ItemParameterSet) { if (this.InputObject.IsDirectory) { this.FileSystem = this.InputObject.Directory.FileSystemName; this.Path = this.InputObject.Directory.Path; } else { this.FileSystem = this.InputObject.File.FileSystemName; this.Path = this.InputObject.File.Path; } } DataLakeSasBuilder sasBuilder = new DataLakeSasBuilder(); sasBuilder.FileSystemName = this.FileSystem; sasBuilder.Path = this.Path; sasBuilder.SetPermissions(this.Permission, true); if (StartTime != null) { sasBuilder.StartsOn = StartTime.Value.ToUniversalTime(); } if (ExpiryTime != null) { sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime(); } else { if (sasBuilder.StartsOn != DateTimeOffset.MinValue) { sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime(); } else { sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1); } } if (this.IPAddressOrRange != null) { sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(this.IPAddressOrRange); } if (this.Protocol != null) { sasBuilder.Protocol = this.Protocol.Value; } DataLakeFileSystemClient fileSystem = GetFileSystemClientByName(localChannel, this.FileSystem); DataLakePathClient pathClient; DataLakeFileClient fileClient; DataLakeDirectoryClient dirClient; if (GetExistDataLakeGen2Item(fileSystem, this.Path, out fileClient, out dirClient)) { // Directory sasBuilder.IsDirectory = true; pathClient = dirClient; //WriteDataLakeGen2Item(localChannel, dirClient); // sasBuilder.ToSasQueryParameters() } else { //File sasBuilder.IsDirectory = false; pathClient = fileClient; //WriteDataLakeGen2Item(Channel, fileClient); } string sasToken = SasTokenHelper.GetDatalakeGen2SharedAccessSignature(Channel.StorageContext, sasBuilder, generateUserDelegationSas, DataLakeClientOptions, CmdletCancellationToken); if (FullUri) { string fullUri = pathClient.Uri.ToString(); fullUri = fullUri + "?" + sasToken; WriteObject(fullUri); } else { WriteObject(sasToken); } }