Пример #1
0
        private string GenerateAndValidateAccountSAS(
            SharedAccessAccountServices service,
            SharedAccessAccountResourceTypes resourceType,
            string permission,
            SharedAccessProtocol?protocol = null,
            string iPAddressOrRange       = null,
            DateTime?startTime            = null, DateTime?expiryTime = null)
        {
            Test.Assert(CommandAgent.NewAzureStorageAccountSAS(
                            service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime), "Should succeeded in generating an account sas with full permissions, services and resource types");

            string sasToken;

            if (lang == Language.PowerShell)
            {
                sasToken = CommandAgent.Output[0][Constants.SASTokenKey].ToString();
            }
            else
            {
                sasToken = "?" + CommandAgent.Output[0][Constants.SASTokenKeyNode];
            }
            AccountSASUtils.ValidateAccountSAS(
                service, resourceType, permission, protocol, iPAddressOrRange, startTime, expiryTime, sasToken);

            return(sasToken);
        }
Пример #2
0
        private static void ValidateResourceType(
            SharedAccessAccountResourceTypes expectedResourceType,
            string sasResourceType)
        {
            string resourceTypeString = SharedAccessAccountPolicy.ResourceTypesToString(expectedResourceType);

            Test.Assert(string.Equals(sasResourceType, resourceTypeString), "Resource type: {0} == {1}", resourceTypeString, sasResourceType);
        }
Пример #3
0
        public void AccountSAS_InvalidParameter()
        {
            SharedAccessAccountServices      service      = SharedAccessAccountServices.Blob | SharedAccessAccountServices.File | SharedAccessAccountServices.Queue | SharedAccessAccountServices.Table;
            SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container | SharedAccessAccountResourceTypes.Object | SharedAccessAccountResourceTypes.Service;
            string permission = AccountSASUtils.fullPermission;
            SharedAccessProtocol sasProtocal = SharedAccessProtocol.HttpsOrHttp;
            string   iPAddressOrRange        = "0.0.0.0-255.255.255.255";
            DateTime startTime  = DateTime.Now.AddMinutes(-5);
            DateTime expiryTime = DateTime.Now.AddMinutes(60);

            //invalid permission
            Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
                            service, resourceType, "racwx", sasProtocal, iPAddressOrRange, startTime, expiryTime), "Set stored access policy with invalid permission should fail");
            if (lang == Language.PowerShell)
            {
                ExpectedContainErrorMessage("Invalid access permission");
            }
            else
            {
                ExpectedContainErrorMessage("Given  \"x\" is invalid");
            }

            //repeated permission - success
            GenerateAndValidateAccountSAS(
                service, resourceType, "rracw", sasProtocal, iPAddressOrRange, startTime, expiryTime);

            //invalid IP/IP range
            Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
                            service, resourceType, permission, null, "123.3.4a", null, null), "Set stored access policy with invalid iPAddressOrRange should fail");
            if (lang == Language.PowerShell)
            {
                ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid.");
            }
            else
            {
                ExpectedContainErrorMessage("Invalid ip range format");
            }
            Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
                            service, resourceType, permission, sasProtocal, "123.4.5.6_125.6.7.8", null, null), "Set stored access policy with invalid iPAddressOrRange should fail");
            if (lang == Language.PowerShell)
            {
                ExpectedContainErrorMessage("Error when parsing IP address: IP address is invalid.");
            }
            else
            {
                ExpectedContainErrorMessage("Invalid ip range format");
            }

            //success: start IP > end IP
            GenerateAndValidateAccountSAS(
                service, resourceType, permission, sasProtocal, "22.22.22.22-11.111.11.11", startTime, expiryTime);

            //Start time > expire Time
            Test.Assert(!CommandAgent.NewAzureStorageAccountSAS(
                            service, resourceType, permission, sasProtocal, iPAddressOrRange, DateTime.Now.AddMinutes(5), DateTime.Now.AddMinutes(-5)), "Set stored access policy with invalid Start Time should fail");
            ExpectedContainErrorMessage("The expiry time of the specified access policy should be greater than start time");
        }
Пример #4
0
        /// <summary>
        /// Create a blob SAS build from Blob Object
        /// </summary>
        public static AccountSasBuilder SetAccountSasBuilder(SharedAccessAccountServices Service,
                                                             SharedAccessAccountResourceTypes type,
                                                             string Permission             = null,
                                                             DateTime?StartTime            = null,
                                                             DateTime?ExpiryTime           = null,
                                                             string iPAddressOrRange       = null,
                                                             SharedAccessProtocol?Protocol = null,
                                                             string EncryptionScope        = null)
        {
            AccountSasBuilder sasBuilder = new AccountSasBuilder();

            sasBuilder.ResourceTypes = GetAccountSasResourceTypes(type);
            sasBuilder.Services      = GetAccountSasServices(Service);

            sasBuilder = SetAccountPermission(sasBuilder, Permission);
            if (StartTime != null)
            {
                sasBuilder.StartsOn = StartTime.Value.ToUniversalTime();
            }
            if (ExpiryTime != null)
            {
                sasBuilder.ExpiresOn = ExpiryTime.Value.ToUniversalTime();
            }
            else
            {
                if (sasBuilder.StartsOn != DateTimeOffset.MinValue && sasBuilder.StartsOn != null)
                {
                    sasBuilder.ExpiresOn = sasBuilder.StartsOn.AddHours(1).ToUniversalTime();
                }
                else
                {
                    sasBuilder.ExpiresOn = DateTimeOffset.UtcNow.AddHours(1);
                }
            }
            if (iPAddressOrRange != null)
            {
                sasBuilder.IPRange = Util.SetupIPAddressOrRangeForSASTrack2(iPAddressOrRange);
            }
            if (Protocol != null)
            {
                if (Protocol.Value == SharedAccessProtocol.HttpsOrHttp)
                {
                    sasBuilder.Protocol = SasProtocol.HttpsAndHttp;
                }
                else //HttpsOnly
                {
                    sasBuilder.Protocol = SasProtocol.Https;
                }
            }
            if (EncryptionScope != null)
            {
                sasBuilder.EncryptionScope = EncryptionScope;
            }
            return(sasBuilder);
        }
Пример #5
0
 public void AccountSASResourceTypes()
 {
     Task[] tasks = new Task[8 * 3];
     for (int i = 0; i < 0x8; i++)
     {
         SharedAccessAccountResourceTypes resourceTypes = (SharedAccessAccountResourceTypes)i;
         SharedAccessAccountPolicy        policy        = GetPolicyWithFullPermissions();
         policy.ResourceTypes = resourceTypes;
         tasks[i]             = this.RunPermissionsTestBlobs(policy);
         tasks[16 + i]        = this.RunPermissionsTestQueues(policy);
         tasks[24 + i]        = this.RunPermissionsTestFiles(policy);
     }
     Task.WaitAll(tasks);
 }
Пример #6
0
        public void AccountSAS_File_Container_w()
        {
            SharedAccessAccountServices      service      = SharedAccessAccountServices.File;
            SharedAccessAccountResourceTypes resourceType = SharedAccessAccountResourceTypes.Container;
            string permission = "w";

            string sasToken = GenerateAndValidateAccountSAS(
                service,
                resourceType,
                permission, null, null, null, null);

            string shareName = "sharetocreatewithsas";

            fileUtil.ValidateShareCreatableWithSasToken(shareName, StorageAccount.Credentials.AccountName, sasToken);
        }
Пример #7
0
        /// <summary>
        /// Get Track2 accunt sas ResourceTypes
        /// </summary>
        public static AccountSasResourceTypes GetAccountSasResourceTypes(SharedAccessAccountResourceTypes type)
        {
            AccountSasResourceTypes outputType = 0;

            if ((type & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
            {
                outputType = outputType | AccountSasResourceTypes.Service;
            }
            if ((type & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
            {
                outputType = outputType | AccountSasResourceTypes.Container;
            }
            if ((type & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
            {
                outputType = outputType | AccountSasResourceTypes.Object;
            }
            return(outputType);
        }
Пример #8
0
        public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
        {
            StringBuilder stringBuilder = new StringBuilder();

            if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
            {
                stringBuilder.Append("s");
            }
            if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
            {
                stringBuilder.Append("c");
            }
            if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
            {
                stringBuilder.Append("o");
            }
            return(stringBuilder.ToString());
        }
Пример #9
0
 public virtual string GetAccountSasFromCmd(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol, string iPAddressOrRange,
                                            DateTime?startTime = null, DateTime?expiryTime = null)
 {
     return(string.Empty);
 }
Пример #10
0
 public virtual bool NewAzureStorageAccountSAS(SharedAccessAccountServices service, SharedAccessAccountResourceTypes resourceType, string permission, SharedAccessProtocol?protocol = null, string iPAddressOrRange = null,
                                               DateTime?startTime = null, DateTime?expiryTime = null)
 {
     return(false);
 }
Пример #11
0
 public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
 {
     throw new System.NotImplementedException();
 }
        /// <summary>
        /// Converts the ResourceTypes specified for the shared access policy to a string.
        /// </summary>
        /// <param name="resourceTypes">A <see cref="SharedAccessAccountResourceTypes"/> object.</param>
        /// <returns>The shared access resource types in string format.</returns>
        public static string ResourceTypesToString(SharedAccessAccountResourceTypes resourceTypes)
        {
            StringBuilder builder = new StringBuilder();

            if ((resourceTypes & SharedAccessAccountResourceTypes.Service) == SharedAccessAccountResourceTypes.Service)
            {
                builder.Append("s");
            }

            if ((resourceTypes & SharedAccessAccountResourceTypes.Container) == SharedAccessAccountResourceTypes.Container)
            {
                builder.Append("c");
            }

            if ((resourceTypes & SharedAccessAccountResourceTypes.Object) == SharedAccessAccountResourceTypes.Object)
            {
                builder.Append("o");
            }

            return builder.ToString();
        }
Пример #13
0
        public static void ValidateAccountSAS(
            SharedAccessAccountServices service,
            SharedAccessAccountResourceTypes resourceType,
            string permission,
            SharedAccessProtocol?protocol,
            string iPAddressOrRange,
            DateTime?startTime,
            DateTime?expiryTime,
            string sasToken)
        {
            Test.Assert(sasToken.StartsWith("?"), "Sas token must be a query string.");
            string[] sasSegs = sasToken.Substring(1).Split('&');

            var sasRequiredOptionList = sasRequiredOptions.ToList();
            var sasOptionList         = sasOptions.ToList();

            if (service == SharedAccessAccountServices.None)
            {
                sasRequiredOptionList.Remove("ss");
            }
            if (resourceType == SharedAccessAccountResourceTypes.None)
            {
                sasRequiredOptionList.Remove("srt");
            }

            foreach (string sasSegment in sasSegs)
            {
                string[] queryPair = sasSegment.Split('=');
                Test.Assert(queryPair.Length == 2, "One segment should be a key value pair: {0}", sasSegment);

                sasRequiredOptionList.Remove(queryPair[0]);
                sasOptionList.Remove(queryPair[0]);

                switch (queryPair[0])
                {
                case "ss":
                    ValidateSASService(service, queryPair[1]);
                    break;

                case "srt":
                    ValidateResourceType(resourceType, queryPair[1]);
                    break;

                case "sp":
                    ValidatePermissions(permission, queryPair[1]);
                    break;

                case "sip":
                    ValidateIpRange(iPAddressOrRange, queryPair[1]);
                    break;

                case "spr":
                    ValidateProtocol(protocol, queryPair[1]);
                    break;

                case "st":
                    ValidateStartTime(startTime, queryPair[1]);
                    break;

                case "se":
                    ValidateExpiryTime(expiryTime, queryPair[1]);
                    break;
                }
            }

            Test.Assert(0 == sasRequiredOptionList.Count, "All required options should exist.");
            if (0 != sasRequiredOptionList.Count)
            {
                Test.Info("Not exist required options: " + sasRequiredOptionList.First());
            }

            if (string.IsNullOrEmpty(iPAddressOrRange))
            {
                Test.Assert(sasOptionList.Contains("sip"), "IPACL option should be null.");
            }
            else if (null == startTime)
            {
                Test.Assert(sasOptionList.Contains("st"), "StartTime option should be null.");
            }
        }