sas raw permissions (#1036)

2020-12-02 13:32:28 +08:00 · 2020-12-02 13:32:28 +08:00 · 31cd0d1e76
commit 31cd0d1e76
parent d0b128049d
12 changed files with 74 additions and 75 deletions
--- a/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp
+++ b/sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_sas_builder.hpp
@ -110,8 +110,6 @@ namespace Azure { namespace Storage { namespace Blobs {
        static_cast<type>(lhs) & static_cast<type>(rhs));
  }

-  std::string BlobContainerSasPermissionsToString(BlobContainerSasPermissions permissions);
-
  /**
   * @brief The list of permissions that can be set for a blob's access policy.
   */
@ -266,10 +264,7 @@ namespace Azure { namespace Storage { namespace Blobs {
     *
     * @param permissions The allowed permissions.
     */
-    void SetPermissions(BlobContainerSasPermissions permissions)
-    {
-      Permissions = BlobContainerSasPermissionsToString(permissions);
-    }
+    void SetPermissions(BlobContainerSasPermissions permissions);

    /**
     * @brief Sets the permissions for the blob SAS.
@ -278,6 +273,13 @@ namespace Azure { namespace Storage { namespace Blobs {
     */
    void SetPermissions(BlobSasPermissions permissions);

+    /**
+     * @brief Sets the permissions for the SAS using a raw permissions string.
+     *
+     * @param rawPermissions Raw permissions string for the SAS.
+     */
+    void SetPermissions(std::string rawPermissions) { Permissions = std::move(rawPermissions); }
+
    /**
     * @brief Uses the StorageSharedKeyCredential to sign this shared access signature, to produce
     * the proper SAS query parameters for authentication requests.
--- a/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp
+++ b/sdk/storage/azure-storage-blobs/src/blob_sas_builder.cpp
@ -33,44 +33,43 @@ namespace Azure { namespace Storage { namespace Blobs {
    }
  } // namespace

-  std::string BlobContainerSasPermissionsToString(BlobContainerSasPermissions permissions)
+  void BlobSasBuilder::SetPermissions(BlobContainerSasPermissions permissions)
  {
-    std::string permissions_str;
+    Permissions.clear();
    // The order matters
    if ((permissions & BlobContainerSasPermissions::Read) == BlobContainerSasPermissions::Read)
    {
-      permissions_str += "r";
+      Permissions += "r";
    }
    if ((permissions & BlobContainerSasPermissions::Add) == BlobContainerSasPermissions::Add)
    {
-      permissions_str += "a";
+      Permissions += "a";
    }
    if ((permissions & BlobContainerSasPermissions::Create) == BlobContainerSasPermissions::Create)
    {
-      permissions_str += "c";
+      Permissions += "c";
    }
    if ((permissions & BlobContainerSasPermissions::Write) == BlobContainerSasPermissions::Write)
    {
-      permissions_str += "w";
+      Permissions += "w";
    }
    if ((permissions & BlobContainerSasPermissions::Delete) == BlobContainerSasPermissions::Delete)
    {
-      permissions_str += "d";
+      Permissions += "d";
    }
    if ((permissions & BlobContainerSasPermissions::DeleteVersion)
        == BlobContainerSasPermissions::DeleteVersion)
    {
-      permissions_str += "x";
+      Permissions += "x";
    }
    if ((permissions & BlobContainerSasPermissions::List) == BlobContainerSasPermissions::List)
    {
-      permissions_str += "l";
+      Permissions += "l";
    }
    if ((permissions & BlobContainerSasPermissions::Tags) == BlobContainerSasPermissions::Tags)
    {
-      permissions_str += "t";
+      Permissions += "t";
    }
-    return permissions_str;
  }

  void BlobSasBuilder::SetPermissions(BlobSasPermissions permissions)
@ -115,7 +114,7 @@ namespace Azure { namespace Storage { namespace Blobs {
    {
      canonicalName += "/" + BlobName;
    }
-    std::string protocol = SasProtocolToString(Protocol);
+    std::string protocol = Storage::Details::SasProtocolToString(Protocol);
    std::string resource = BlobSasResourceToString(Resource);

    std::string snapshotVersion;
@ -203,7 +202,7 @@ namespace Azure { namespace Storage { namespace Blobs {
    {
      canonicalName += "/" + BlobName;
    }
-    std::string protocol = SasProtocolToString(Protocol);
+    std::string protocol = Storage::Details::SasProtocolToString(Protocol);
    std::string resource = BlobSasResourceToString(Resource);

    std::string snapshotVersion;
--- a/sdk/storage/azure-storage-blobs/test/blob_container_client_test.cpp
+++ b/sdk/storage/azure-storage-blobs/test/blob_container_client_test.cpp
@ -355,14 +355,12 @@ namespace Azure { namespace Storage { namespace Test {
    identifier.Id = RandomString(64);
    identifier.StartsOn = ToIso8601(std::chrono::system_clock::now() - std::chrono::minutes(1), 7);
    identifier.ExpiresOn = ToIso8601(std::chrono::system_clock::now() + std::chrono::minutes(1), 7);
-    identifier.Permissions
-        = Blobs::BlobContainerSasPermissionsToString(Blobs::BlobContainerSasPermissions::Read);
+    identifier.Permissions = "r";
    options.SignedIdentifiers.emplace_back(identifier);
    identifier.Id = RandomString(64);
    identifier.StartsOn = ToIso8601(std::chrono::system_clock::now() - std::chrono::minutes(2), 7);
    identifier.ExpiresOn = ToIso8601(std::chrono::system_clock::now() + std::chrono::minutes(2), 7);
-    identifier.Permissions
-        = Blobs::BlobContainerSasPermissionsToString(Blobs::BlobContainerSasPermissions::All);
+    identifier.Permissions = "racwdxlt";
    options.SignedIdentifiers.emplace_back(identifier);

    auto ret = container_client.SetAccessPolicy(options);
--- a/sdk/storage/azure-storage-blobs/test/blob_sas_test.cpp
+++ b/sdk/storage/azure-storage-blobs/test/blob_sas_test.cpp
@ -372,8 +372,7 @@ namespace Azure { namespace Storage { namespace Test {
      identifier.Id = RandomString(64);
      identifier.StartsOn = ToIso8601(std::chrono::system_clock::now() - std::chrono::minutes(5));
      identifier.ExpiresOn = ToIso8601(std::chrono::system_clock::now() + std::chrono::minutes(60));
-      identifier.Permissions
-          = Blobs::BlobContainerSasPermissionsToString(Blobs::BlobContainerSasPermissions::Read);
+      identifier.Permissions = "r";
      options.SignedIdentifiers.emplace_back(identifier);
      m_blobContainerClient->SetAccessPolicy(options);

--- a/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp
+++ b/sdk/storage/azure-storage-common/inc/azure/storage/common/account_sas_builder.hpp
@ -28,10 +28,12 @@ namespace Azure { namespace Storage {
    HttpsOnly,
  };

-  inline std::string SasProtocolToString(SasProtocol protocol)
-  {
-    return protocol == SasProtocol::HttpsAndHttp ? "https,http" : "https";
-  }
+  namespace Details {
+    inline std::string SasProtocolToString(SasProtocol protocol)
+    {
+      return protocol == SasProtocol::HttpsAndHttp ? "https,http" : "https";
+    }
+  } // namespace Details

  /**
   * @brief Specifies the resource types accessible from an account level shared access
@ -248,6 +250,13 @@ namespace Azure { namespace Storage {
     */
    void SetPermissions(AccountSasPermissions permissions);

+    /**
+     * @brief Sets the permissions for the SAS using a raw permissions string.
+     *
+     * @param rawPermissions Raw permissions string for the SAS.
+     */
+    void SetPermissions(std::string rawPermissions) { Permissions = std::move(rawPermissions); }
+
    /**
     * @brief Uses the StorageSharedKeyCredential to sign this shared access signature, to produce
     * the proper SAS query parameters for authentication requests.
--- a/sdk/storage/azure-storage-common/src/account_sas_builder.cpp
+++ b/sdk/storage/azure-storage-common/src/account_sas_builder.cpp
@ -59,15 +59,8 @@ namespace Azure { namespace Storage {

  std::string AccountSasBuilder::GenerateSasToken(const StorageSharedKeyCredential& credential)
  {
-    std::string protocol;
-    if (Protocol == SasProtocol::HttpsAndHttp)
-    {
-      protocol = "https,http";
-    }
-    else
-    {
-      protocol = "https";
-    }
+    std::string protocol = Details::SasProtocolToString(Protocol);
+
    std::string services;
    if ((Services & AccountSasServices::Blobs) == AccountSasServices::Blobs)
    {
--- a/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp
+++ b/sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_sas_builder.hpp
@ -93,9 +93,6 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
        static_cast<type>(lhs) & static_cast<type>(rhs));
  }

-  std::string DataLakeFileSystemSasPermissionsToString(
-      DataLakeFileSystemSasPermissions permissions);
-
  /**
   * @brief The list of permissions that can be set for a file or directory's access policy.
   */
@ -297,10 +294,7 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
     *
     * @param permissions The allowed permissions.
     */
-    void SetPermissions(DataLakeFileSystemSasPermissions permissions)
-    {
-      Permissions = DataLakeFileSystemSasPermissionsToString(permissions);
-    }
+    void SetPermissions(DataLakeFileSystemSasPermissions permissions);

    /**
     * @brief Sets the permissions for the file SAS or directory SAS.
@ -318,6 +312,13 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
     */
    std::string GenerateSasToken(const StorageSharedKeyCredential& credential);

+    /**
+     * @brief Sets the permissions for the SAS using a raw permissions string.
+     *
+     * @param rawPermissions Raw permissions string for the SAS.
+     */
+    void SetPermissions(std::string rawPermissions) { Permissions = std::move(rawPermissions); }
+
    /**
     * @brief Uses an account's user delegation key to sign this shared access signature, to
     * produce the proper SAS query parameters for authentication requests.
--- a/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp
+++ b/sdk/storage/azure-storage-files-datalake/src/datalake_sas_builder.cpp
@ -28,41 +28,40 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
    }
  } // namespace

-  std::string DataLakeFileSystemSasPermissionsToString(DataLakeFileSystemSasPermissions permissions)
+  void DataLakeSasBuilder::SetPermissions(DataLakeFileSystemSasPermissions permissions)
  {
-    std::string permissions_str;
+    Permissions.clear();
    // The order matters
    if ((permissions & DataLakeFileSystemSasPermissions::Read)
        == DataLakeFileSystemSasPermissions::Read)
    {
-      permissions_str += "r";
+      Permissions += "r";
    }
    if ((permissions & DataLakeFileSystemSasPermissions::Add)
        == DataLakeFileSystemSasPermissions::Add)
    {
-      permissions_str += "a";
+      Permissions += "a";
    }
    if ((permissions & DataLakeFileSystemSasPermissions::Create)
        == DataLakeFileSystemSasPermissions::Create)
    {
-      permissions_str += "c";
+      Permissions += "c";
    }
    if ((permissions & DataLakeFileSystemSasPermissions::Write)
        == DataLakeFileSystemSasPermissions::Write)
    {
-      permissions_str += "w";
+      Permissions += "w";
    }
    if ((permissions & DataLakeFileSystemSasPermissions::Delete)
        == DataLakeFileSystemSasPermissions::Delete)
    {
-      permissions_str += "d";
+      Permissions += "d";
    }
    if ((permissions & DataLakeFileSystemSasPermissions::List)
        == DataLakeFileSystemSasPermissions::List)
    {
-      permissions_str += "l";
+      Permissions += "l";
    }
-    return permissions_str;
  }

  void DataLakeSasBuilder::SetPermissions(DataLakeSasPermissions permissions)
@ -120,7 +119,7 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
    {
      canonicalName += "/" + Path;
    }
-    std::string protocol = SasProtocolToString(Protocol);
+    std::string protocol = Storage::Details::SasProtocolToString(Protocol);
    std::string resource = DataLakeSasResourceToString(Resource);

    std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "")
@ -196,7 +195,7 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
    {
      canonicalName += "/" + Path;
    }
-    std::string protocol = SasProtocolToString(Protocol);
+    std::string protocol = Storage::Details::SasProtocolToString(Protocol);
    std::string resource = DataLakeSasResourceToString(Resource);

    std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "")
--- a/sdk/storage/azure-storage-files-datalake/test/datalake_sas_test.cpp
+++ b/sdk/storage/azure-storage-files-datalake/test/datalake_sas_test.cpp
@ -390,8 +390,7 @@ namespace Azure { namespace Storage { namespace Test {
      identifier.Id = RandomString(64);
      identifier.StartsOn = ToIso8601(std::chrono::system_clock::now() - std::chrono::minutes(5));
      identifier.ExpiresOn = ToIso8601(std::chrono::system_clock::now() + std::chrono::minutes(60));
-      identifier.Permissions
-          = Blobs::BlobContainerSasPermissionsToString(Blobs::BlobContainerSasPermissions::Read);
+      identifier.Permissions = "r";
      options.SignedIdentifiers.emplace_back(identifier);
      containerClinet0.SetAccessPolicy(options);

--- a/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp
+++ b/sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_sas_builder.hpp
@ -76,8 +76,6 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
    return static_cast<ShareSasPermissions>(static_cast<type>(lhs) & static_cast<type>(rhs));
  }

-  std::string ShareSasPermissionsToString(ShareSasPermissions permissions);
-
  /**
   * @brief The list of permissions that can be set for a share file's access policy.
   */
@ -205,10 +203,7 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
     *
     * @param permissions The allowed permissions.
     */
-    void SetPermissions(ShareSasPermissions permissions)
-    {
-      Permissions = ShareSasPermissionsToString(permissions);
-    }
+    void SetPermissions(ShareSasPermissions permissions);

    /**
     * @brief Sets the permissions for the share SAS.
@ -217,6 +212,13 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
     */
    void SetPermissions(ShareFileSasPermissions permissions);

+    /**
+     * @brief Sets the permissions for the SAS using a raw permissions string.
+     *
+     * @param rawPermissions Raw permissions string for the SAS.
+     */
+    void SetPermissions(std::string rawPermissions) { Permissions = std::move(rawPermissions); }
+
    /**
     * @brief Uses the StorageSharedKeyCredential to sign this shared access signature, to produce
     * the proper SAS query parameters for authentication requests.
--- a/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp
+++ b/sdk/storage/azure-storage-files-shares/src/share_sas_builder.cpp
@ -25,31 +25,30 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
    }
  } // namespace

-  std::string ShareSasPermissionsToString(ShareSasPermissions permissions)
+  void ShareSasBuilder::SetPermissions(ShareSasPermissions permissions)
  {
-    std::string permissions_str;
+    Permissions.clear();
    // The order matters
    if ((permissions & ShareSasPermissions::Read) == ShareSasPermissions::Read)
    {
-      permissions_str += "r";
+      Permissions += "r";
    }
    if ((permissions & ShareSasPermissions::Create) == ShareSasPermissions::Create)
    {
-      permissions_str += "c";
+      Permissions += "c";
    }
    if ((permissions & ShareSasPermissions::Write) == ShareSasPermissions::Write)
    {
-      permissions_str += "w";
+      Permissions += "w";
    }
    if ((permissions & ShareSasPermissions::Delete) == ShareSasPermissions::Delete)
    {
-      permissions_str += "d";
+      Permissions += "d";
    }
    if ((permissions & ShareSasPermissions::List) == ShareSasPermissions::List)
    {
-      permissions_str += "l";
+      Permissions += "l";
    }
-    return permissions_str;
  }

  void ShareSasBuilder::SetPermissions(ShareFileSasPermissions permissions)
@ -81,7 +80,7 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
    {
      canonicalName += "/" + FilePath;
    }
-    std::string protocol = SasProtocolToString(Protocol);
+    std::string protocol = Storage::Details::SasProtocolToString(Protocol);
    std::string resource = ShareSasResourceToString(Resource);

    std::string stringToSign = Permissions + "\n" + (StartsOn.HasValue() ? StartsOn.GetValue() : "")
--- a/sdk/storage/azure-storage-files-shares/test/share_sas_test.cpp
+++ b/sdk/storage/azure-storage-files-shares/test/share_sas_test.cpp
@ -178,8 +178,7 @@ namespace Azure { namespace Storage { namespace Test {
          = ToIso8601(std::chrono::system_clock::now() - std::chrono::minutes(5));
      identifier.Policy.Expiry
          = ToIso8601(std::chrono::system_clock::now() + std::chrono::minutes(60));
-      identifier.Policy.Permission
-          = Files::Shares::ShareSasPermissionsToString(Files::Shares::ShareSasPermissions::Read);
+      identifier.Policy.Permission = "r";
      m_shareClient->SetAccessPolicy({identifier});

      Files::Shares::ShareSasBuilder builder2 = fileSasBuilder;