public async Task DataLakeSasBuilder_AgentObjectId() { // Arrange DataLakeServiceClient oauthService = GetServiceClient_OAuth(); string fileSystemName = GetNewFileSystemName(); string directoryName = GetNewDirectoryName(); string unknownGuid = Recording.Random.NewGuid().ToString(); await using DisposingFileSystem test = await GetNewFileSystem(service : oauthService, fileSystemName : fileSystemName); // Arrange DataLakeDirectoryClient directory = test.FileSystem.GetRootDirectoryClient(); Response <UserDelegationKey> userDelegationKey = await oauthService.GetUserDelegationKeyAsync( startsOn : null, expiresOn : Recording.UtcNow.AddHours(1)); // Give UnknownGuid rights IList <PathAccessControlItem> accessControlList = new List <PathAccessControlItem>() { new PathAccessControlItem( AccessControlType.User, RolePermissions.Read | RolePermissions.Write | RolePermissions.Execute, false, unknownGuid) }; await directory.SetAccessControlListAsync(accessControlList); DataLakeSasBuilder dataLakeSasBuilder = new DataLakeSasBuilder { StartsOn = Recording.UtcNow.AddHours(-1), ExpiresOn = Recording.UtcNow.AddHours(1), FileSystemName = test.FileSystem.Name, AgentObjectId = unknownGuid }; dataLakeSasBuilder.SetPermissions(DataLakeSasPermissions.All); DataLakeUriBuilder dataLakeUriBuilder = new DataLakeUriBuilder(test.FileSystem.Uri) { Sas = dataLakeSasBuilder.ToSasQueryParameters(userDelegationKey, test.FileSystem.AccountName) }; DataLakeDirectoryClient sasDirectoryClient = new DataLakeDirectoryClient(dataLakeUriBuilder.ToUri(), GetOptions()); // Act DataLakeFileClient file = await sasDirectoryClient.CreateFileAsync(GetNewFileName()); }
// If recursive is false, remove the ACL from a directory. None of the sub-directory or sub-path ACLs are updated // If recursive is true, remove ACLs from the directory and all sub-directories and sub-paths // When removing ACLs recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL static async Task RemoveACLsForDirectory(DataLakeDirectoryClient directoryClient, AppSettings settings, bool recursive = false) { PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = RemoveACLs(directoryAccessControl.AccessControlList, settings); if (recursive) { await directoryClient.SetAccessControlRecursiveAsync(accessControlList); } else { await directoryClient.SetAccessControlListAsync(accessControlList); } }
// If recursive is false, apply ACLs to a directory. None of the sub-directory or sub-path ACLs are updated // If recursive is true, apply ACLs to the directory and all sub-directories and sub-paths // When applying ACL recursively, the ACLs on all sub-directories and sub-paths are replaced with this directory's ACL static async Task ApplyACLsForDirectory(DataLakeDirectoryClient directoryClient, RolePermissions newACLs, AppSettings settings, bool recursive = false) { PathAccessControl directoryAccessControl = await directoryClient.GetAccessControlAsync(); List <PathAccessControlItem> accessControlList = UpdateACLs(directoryAccessControl.AccessControlList, newACLs, settings); if (recursive) { await directoryClient.SetAccessControlRecursiveAsync(accessControlList); } else { await directoryClient.SetAccessControlListAsync(accessControlList); } }