/// <summary> /// Validate the container access policy /// </summary> /// <param name="policy">SharedAccessBlobPolicy object</param> /// <param name="policyIdentifier">The policy identifier which need to be checked.</param> public static bool ValidateContainerAccessPolicy(IStorageBlobManagement channel, string containerName, SharedAccessBlobPolicy policy, string policyIdentifier) { if (string.IsNullOrEmpty(policyIdentifier)) { return(true); } CloudBlobContainer container = channel.GetContainerReference(containerName); AccessCondition accessCondition = null; BlobRequestOptions options = null; OperationContext context = null; BlobContainerPermissions permission = channel.GetContainerPermissions(container, accessCondition, options, context); SharedAccessBlobPolicy sharedAccessPolicy = GetExistingPolicy <SharedAccessBlobPolicy>(permission.SharedAccessPolicies, policyIdentifier); if (policy.Permissions != SharedAccessBlobPermissions.None) { throw new ArgumentException(Resources.SignedPermissionsMustBeOmitted); } if (policy.SharedAccessExpiryTime.HasValue && sharedAccessPolicy.SharedAccessExpiryTime.HasValue) { throw new ArgumentException(Resources.SignedExpiryTimeMustBeOmitted); } return(!sharedAccessPolicy.SharedAccessExpiryTime.HasValue); }
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission) { if (!NameUtil.IsValidStoredAccessPolicyName(policyName)) { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName)); } //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //Add new policy if (blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName)); } SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy(); AccessPolicyHelper.SetupAccessPolicy <SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission); blobContainerPermissions.SharedAccessPolicies.Add(policyName, policy); //Set permissions back to container localChannel.SetContainerPermissions(container, blobContainerPermissions); return(policyName); }
internal string CreateAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime? startTime, DateTime? expiryTime, string permission) { if (!NameUtil.IsValidStoredAccessPolicyName(policyName)) { throw new ArgumentException(String.Format(CultureInfo.CurrentCulture, Resources.InvalidAccessPolicyName, policyName)); } //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //Add new policy if (blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceAlreadyExistException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyAlreadyExists, policyName)); } SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy(); AccessPolicyHelper.SetupAccessPolicy<SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission); blobContainerPermissions.SharedAccessPolicies.Add(policyName, policy); //Set permissions back to container localChannel.SetContainerPermissions(container, blobContainerPermissions); return policyName; }
/// <summary> /// set the access level of specified container /// </summary> /// <param name="name">container name</param> /// <param name="accessLevel">access level in ("off", "blob", "container")</param> internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel) { if (!NameUtil.IsValidContainerName(name)) { throw new ArgumentException(String.Format(Resources.InvalidContainerName, name)); } BlobRequestOptions requestOptions = RequestOptions; AccessCondition accessCondition = null; CloudBlobContainer container = localChannel.GetContainerReference(name); // Get container permission and set the public access as input BlobContainerPermissions permissions; try { permissions = localChannel.GetContainerPermissions(container); } catch (StorageException e) when(e.IsNotFoundException()) { throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name)); } permissions.PublicAccess = accessLevel; await localChannel.SetContainerPermissionsAsync(container, permissions, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false); if (PassThru) { WriteCloudContainerObject(taskId, localChannel, container, permissions); } }
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime? startTime, DateTime? expiryTime, string permission, bool noStartTime, bool noExpiryTime) { //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //Set the policy with new value if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } SharedAccessBlobPolicy policy = blobContainerPermissions.SharedAccessPolicies[policyName]; AccessPolicyHelper.SetupAccessPolicy<SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime); blobContainerPermissions.SharedAccessPolicies[policyName] = policy; //Set permission back to container localChannel.SetContainerPermissions(container, blobContainerPermissions); WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject<SharedAccessBlobPolicy>(blobContainerPermissions.SharedAccessPolicies, policyName)); return policyName; }
internal string SetAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName, DateTime?startTime, DateTime?expiryTime, string permission, bool noStartTime, bool noExpiryTime) { //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //Set the policy with new value if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ArgumentException(string.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } SharedAccessBlobPolicy policy = blobContainerPermissions.SharedAccessPolicies[policyName]; AccessPolicyHelper.SetupAccessPolicy <SharedAccessBlobPolicy>(policy, startTime, expiryTime, permission, noStartTime, noExpiryTime); blobContainerPermissions.SharedAccessPolicies[policyName] = policy; //Set permission back to container localChannel.SetContainerPermissions(container, blobContainerPermissions); WriteObject(AccessPolicyHelper.ConstructPolicyOutputPSObject <SharedAccessBlobPolicy>(blobContainerPermissions.SharedAccessPolicies, policyName)); return(policyName); }
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName) { bool success = false; string result = string.Empty; //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //remove the specified policy if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } if (this.Force || ConfirmRemove(policyName)) { blobContainerPermissions.SharedAccessPolicies.Remove(policyName); localChannel.SetContainerPermissions(container, blobContainerPermissions); success = true; } return(success); }
internal bool RemoveAzureContainerStoredAccessPolicy(IStorageBlobManagement localChannel, string containerName, string policyName) { bool success = false; string result = string.Empty; //Get existing permissions CloudBlobContainer container = localChannel.GetContainerReference(containerName); BlobContainerPermissions blobContainerPermissions = localChannel.GetContainerPermissions(container); //remove the specified policy if (!blobContainerPermissions.SharedAccessPolicies.Keys.Contains(policyName)) { throw new ResourceNotFoundException(String.Format(CultureInfo.CurrentCulture, Resources.PolicyNotFound, policyName)); } if (this.Force || ConfirmRemove(policyName)) { blobContainerPermissions.SharedAccessPolicies.Remove(policyName); localChannel.SetContainerPermissions(container, blobContainerPermissions); success = true; } return success; }
/// <summary> /// set the access level of specified container /// </summary> /// <param name="name">container name</param> /// <param name="accessLevel">access level in ("off", "blob", "container")</param> internal async Task SetContainerAcl(long taskId, IStorageBlobManagement localChannel, string name, BlobContainerPublicAccessType accessLevel) { if (!NameUtil.IsValidContainerName(name)) { throw new ArgumentException(String.Format(Resources.InvalidContainerName, name)); } BlobRequestOptions requestOptions = RequestOptions; AccessCondition accessCondition = null; bool needUseTrack2 = false; CloudBlobContainer container = localChannel.GetContainerReference(name); // Get container permission and set the public access as input BlobContainerPermissions permissions = null; try { permissions = localChannel.GetContainerPermissions(container, null, requestOptions, OperationContext); } catch (StorageException e) when(e.IsNotFoundException()) { throw new ResourceNotFoundException(String.Format(Resources.ContainerNotFound, name)); } catch (StorageException e) when(e.IsConflictException()) { // 409 Conflict, might caused by the container has an Stored access policy contains a permission that is not supported by Track1 SDK API veresion, so switch to Track2 SDK needUseTrack2 = true; } if (!needUseTrack2) // Track1 { permissions.PublicAccess = accessLevel; await localChannel.SetContainerPermissionsAsync(container, permissions, accessCondition, requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false); if (PassThru) { WriteCloudContainerObject(taskId, localChannel, container, permissions); } } else // Track2 { BlobContainerClient containerClient = AzureStorageContainer.GetTrack2BlobContainerClient(container, this.Channel.StorageContext, ClientOptions); // Get container permission and set the public access as input BlobContainerAccessPolicy accessPolicy; accessPolicy = containerClient.GetAccessPolicy(null, this.CmdletCancellationToken); PublicAccessType publicAccessType = PublicAccessType.None; switch (accessLevel) { case BlobContainerPublicAccessType.Blob: publicAccessType = PublicAccessType.Blob; break; case BlobContainerPublicAccessType.Container: publicAccessType = PublicAccessType.BlobContainer; break; case BlobContainerPublicAccessType.Off: publicAccessType = PublicAccessType.None; break; default: case BlobContainerPublicAccessType.Unknown: throw new ArgumentOutOfRangeException("Permission"); } await containerClient.SetAccessPolicyAsync(publicAccessType, accessPolicy.SignedIdentifiers, null, this.CmdletCancellationToken).ConfigureAwait(false); if (PassThru) { AzureStorageContainer storageContainer = new AzureStorageContainer(container, null); storageContainer.Context = localChannel.StorageContext; storageContainer.SetTrack2Permission(); OutputStream.WriteObject(taskId, storageContainer); } } }