Storage/STG91 Audience remove scope (#5019)
* Audience remove scope * update record * update test * Update sdk/storage/azure-storage-common/src/storage_credential.cpp Co-authored-by: JinmingHu <jinmhu@microsoft.com> --------- Co-authored-by: JinmingHu <jinmhu@microsoft.com>
This commit is contained in:
microzchang
GitHub
parent
5acdb5ba1b
commit
504d9f2753
@ -2,5 +2,5 @@
|
||||
"AssetsRepo": "Azure/azure-sdk-assets",
|
||||
"AssetsRepoPrefixPath": "cpp",
|
||||
"TagPrefix": "cpp/storage",
|
||||
"Tag": "cpp/storage_e44851d82e"
|
||||
"Tag": "cpp/storage_38dec59ffb"
|
||||
}
|
||||
|
||||
@ -87,8 +87,9 @@ namespace Azure { namespace Storage { namespace Blobs {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::BlobAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -170,8 +170,9 @@ namespace Azure { namespace Storage { namespace Blobs {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::BlobAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery);
|
||||
perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
namespace Azure { namespace Storage { namespace Blobs {
|
||||
|
||||
namespace Models {
|
||||
const BlobAudience BlobAudience::PublicAudience(Azure::Storage::_internal::StorageScope);
|
||||
const BlobAudience BlobAudience::PublicAudience(_internal::StoragePublicAudience);
|
||||
} // namespace Models
|
||||
|
||||
BlobQueryInputTextOptions BlobQueryInputTextOptions::CreateCsvTextOptions(
|
||||
|
||||
@ -83,8 +83,9 @@ namespace Azure { namespace Storage { namespace Blobs {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::BlobAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery);
|
||||
perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());
|
||||
|
||||
@ -51,8 +51,8 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
|
||||
// With custom audience
|
||||
auto blobUrl = Azure::Core::Url(m_blockBlobClient->GetUrl());
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience(
|
||||
blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
|
||||
blobClient = Blobs::BlobClient(
|
||||
m_blockBlobClient->GetUrl(),
|
||||
std::make_shared<Azure::Identity::ClientSecretCredential>(
|
||||
|
||||
@ -1456,14 +1456,14 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
|
||||
// custom audience
|
||||
auto containerUrl = Azure::Core::Url(containerClient.GetUrl());
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience(
|
||||
containerUrl.GetScheme() + "://" + containerUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Blobs::Models::BlobAudience(containerUrl.GetScheme() + "://" + containerUrl.GetHost());
|
||||
containerClient
|
||||
= Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(containerClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
|
||||
containerClient
|
||||
= Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(containerClient.GetProperties(), StorageException);
|
||||
|
||||
@ -514,14 +514,14 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
|
||||
// custom audience
|
||||
auto serviceUrl = Azure::Core::Url(serviceClient.GetUrl());
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience(
|
||||
serviceUrl.GetScheme() + "://" + serviceUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Blobs::Models::BlobAudience(serviceUrl.GetScheme() + "://" + serviceUrl.GetHost());
|
||||
serviceClient
|
||||
= Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(serviceClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
|
||||
serviceClient
|
||||
= Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(serviceClient.GetProperties(), StorageException);
|
||||
|
||||
@ -2040,16 +2040,27 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
= Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(blockBlobClient.GetProperties());
|
||||
|
||||
// public audience
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience::PublicAudience;
|
||||
blockBlobClient
|
||||
= Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(blockBlobClient.GetProperties());
|
||||
|
||||
// custom audience
|
||||
auto blobUrl = Azure::Core::Url(blockBlobClient.GetUrl());
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience(
|
||||
blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
|
||||
blockBlobClient
|
||||
= Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(blockBlobClient.GetProperties());
|
||||
clientOptions.Audience
|
||||
= Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/");
|
||||
blockBlobClient
|
||||
= Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(blockBlobClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
|
||||
blockBlobClient
|
||||
= Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(blockBlobClient.GetProperties(), StorageException);
|
||||
|
||||
@ -11,6 +11,7 @@ namespace Azure { namespace Storage { namespace _internal {
|
||||
constexpr static const char* HttpQuerySnapshot = "snapshot";
|
||||
constexpr static const char* HttpQueryVersionId = "versionid";
|
||||
constexpr static const char* StorageScope = "https://storage.azure.com/.default";
|
||||
constexpr static const char* StoragePublicAudience = "https://storage.azure.com";
|
||||
constexpr static const char* HttpHeaderDate = "date";
|
||||
constexpr static const char* HttpHeaderXMsVersion = "x-ms-version";
|
||||
constexpr static const char* HttpHeaderRequestId = "x-ms-request-id";
|
||||
|
||||
@ -90,6 +90,8 @@ namespace Azure { namespace Storage {
|
||||
|
||||
ConnectionStringParts ParseConnectionString(const std::string& connectionString);
|
||||
|
||||
std::string GetDefaultScopeForAudience(const std::string& audience);
|
||||
|
||||
} // namespace _internal
|
||||
|
||||
}} // namespace Azure::Storage
|
||||
|
||||
@ -114,4 +114,13 @@ namespace Azure { namespace Storage { namespace _internal {
|
||||
|
||||
return connectionStringParts;
|
||||
}
|
||||
|
||||
std::string GetDefaultScopeForAudience(const std::string& audience)
|
||||
{
|
||||
if (!audience.empty() && audience.back() == '/')
|
||||
{
|
||||
return audience + ".default";
|
||||
}
|
||||
return audience + "/.default";
|
||||
}
|
||||
}}} // namespace Azure::Storage::_internal
|
||||
|
||||
@ -98,8 +98,9 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::DataLakeAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -5,6 +5,6 @@
|
||||
|
||||
namespace Azure { namespace Storage { namespace Files { namespace DataLake { namespace Models {
|
||||
|
||||
const DataLakeAudience DataLakeAudience::PublicAudience(Azure::Storage::_internal::StorageScope);
|
||||
const DataLakeAudience DataLakeAudience::PublicAudience(_internal::StoragePublicAudience);
|
||||
|
||||
}}}}} // namespace Azure::Storage::Files::DataLake::Models
|
||||
|
||||
@ -96,8 +96,9 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::DataLakeAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -92,8 +92,9 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::DataLakeAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -924,14 +924,14 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
// custom audience
|
||||
auto fileSystemUrl = Azure::Core::Url(fileSystemClient.GetUrl());
|
||||
clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
|
||||
fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost() + "/.default");
|
||||
fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost());
|
||||
fileSystemClient = Files::DataLake::DataLakeFileSystemClient(
|
||||
m_fileSystemClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(fileSystemClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com/.default");
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
|
||||
fileSystemClient = Files::DataLake::DataLakeFileSystemClient(
|
||||
m_fileSystemClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(fileSystemClient.GetProperties(), StorageException);
|
||||
|
||||
@ -494,17 +494,23 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
= Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(pathClient.GetProperties());
|
||||
|
||||
// public audience
|
||||
clientOptions.Audience = Files::DataLake::Models::DataLakeAudience::PublicAudience;
|
||||
pathClient
|
||||
= Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(pathClient.GetProperties());
|
||||
|
||||
// custom audience
|
||||
auto pathUrl = Azure::Core::Url(pathClient.GetUrl());
|
||||
clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
|
||||
pathUrl.GetScheme() + "://" + pathUrl.GetHost() + "/.default");
|
||||
pathUrl.GetScheme() + "://" + pathUrl.GetHost());
|
||||
pathClient
|
||||
= Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(pathClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com/.default");
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
|
||||
pathClient
|
||||
= Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(pathClient.GetProperties(), StorageException);
|
||||
|
||||
@ -360,14 +360,14 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
// custom audience
|
||||
auto fileSystemUrl = Azure::Core::Url(serviceClient.GetUrl());
|
||||
clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
|
||||
fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost() + "/.default");
|
||||
fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost());
|
||||
serviceClient = Files::DataLake::DataLakeServiceClient(
|
||||
m_dataLakeServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(serviceClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com/.default");
|
||||
= Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
|
||||
serviceClient = Files::DataLake::DataLakeServiceClient(
|
||||
m_dataLakeServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(serviceClient.GetProperties(), StorageException);
|
||||
|
||||
@ -79,8 +79,9 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::ShareAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext));
|
||||
|
||||
@ -81,8 +81,9 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::ShareAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext));
|
||||
|
||||
@ -86,8 +86,9 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::ShareAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext));
|
||||
|
||||
@ -5,6 +5,6 @@
|
||||
|
||||
namespace Azure { namespace Storage { namespace Files { namespace Shares { namespace Models {
|
||||
|
||||
const ShareAudience ShareAudience::PublicAudience(Azure::Storage::_internal::StorageScope);
|
||||
const ShareAudience ShareAudience::PublicAudience(_internal::StoragePublicAudience);
|
||||
|
||||
}}}}} // namespace Azure::Storage::Files::Shares::Models
|
||||
|
||||
@ -76,8 +76,9 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::ShareAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext));
|
||||
|
||||
@ -719,14 +719,13 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
|
||||
// custom audience
|
||||
auto shareUrl = Azure::Core::Url(shareClient.GetUrl());
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience(
|
||||
shareUrl.GetScheme() + "://" + shareUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Files::Shares::Models::ShareAudience(shareUrl.GetScheme() + "://" + shareUrl.GetHost());
|
||||
shareClient = Files::Shares::ShareClient(m_shareClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(shareClient.GetPermission(created.FilePermissionKey));
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::Shares::Models::ShareAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
|
||||
shareClient = Files::Shares::ShareClient(m_shareClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(shareClient.GetPermission(created.FilePermissionKey), StorageException);
|
||||
}
|
||||
|
||||
@ -1224,14 +1224,13 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
// custom audience
|
||||
auto directoryUrl = Azure::Core::Url(directoryClient.GetUrl());
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience(
|
||||
directoryUrl.GetScheme() + "://" + directoryUrl.GetHost() + "/.default");
|
||||
directoryUrl.GetScheme() + "://" + directoryUrl.GetHost());
|
||||
directoryClient = Files::Shares::ShareDirectoryClient(
|
||||
m_fileShareDirectoryClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(directoryClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::Shares::Models::ShareAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
|
||||
directoryClient = Files::Shares::ShareDirectoryClient(
|
||||
m_fileShareDirectoryClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(directoryClient.GetProperties(), StorageException);
|
||||
|
||||
@ -1707,10 +1707,15 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
= Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(fileClient.GetProperties());
|
||||
|
||||
// public audience
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience::PublicAudience;
|
||||
fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(fileClient.GetProperties());
|
||||
|
||||
// custom audience
|
||||
auto fileUrl = Azure::Core::Url(fileClient.GetUrl());
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience(
|
||||
fileUrl.GetScheme() + "://" + fileUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Files::Shares::Models::ShareAudience(fileUrl.GetScheme() + "://" + fileUrl.GetHost());
|
||||
fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(fileClient.GetProperties());
|
||||
|
||||
@ -1723,8 +1728,7 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
EXPECT_NO_THROW(fileClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Files::Shares::Models::ShareAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
|
||||
fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(fileClient.GetProperties(), StorageException);
|
||||
|
||||
|
||||
@ -75,8 +75,9 @@ namespace Azure { namespace Storage { namespace Queues {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::QueueAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -7,7 +7,7 @@ namespace Azure { namespace Storage { namespace Queues {
|
||||
|
||||
namespace Models {
|
||||
|
||||
const QueueAudience QueueAudience::PublicAudience(Azure::Storage::_internal::StorageScope);
|
||||
const QueueAudience QueueAudience::PublicAudience(_internal::StoragePublicAudience);
|
||||
} // namespace Models
|
||||
|
||||
const ServiceVersion ServiceVersion::V2018_03_28(std::string("2018-03-28"));
|
||||
|
||||
@ -73,8 +73,9 @@ namespace Azure { namespace Storage { namespace Queues {
|
||||
{
|
||||
Azure::Core::Credentials::TokenRequestContext tokenContext;
|
||||
tokenContext.Scopes.emplace_back(
|
||||
options.Audience.HasValue() ? options.Audience.Value().ToString()
|
||||
: Models::QueueAudience::PublicAudience.ToString());
|
||||
options.Audience.HasValue()
|
||||
? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
|
||||
: _internal::StorageScope);
|
||||
perRetryPolicies.emplace_back(
|
||||
std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
|
||||
credential, tokenContext, options.EnableTenantDiscovery));
|
||||
|
||||
@ -246,10 +246,15 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
auto queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(queueClient.GetProperties());
|
||||
|
||||
// public audience
|
||||
clientOptions.Audience = Queues::Models::QueueAudience::PublicAudience;
|
||||
queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(queueClient.GetProperties());
|
||||
|
||||
// custom audience
|
||||
auto queueUrl = Azure::Core::Url(queueClient.GetUrl());
|
||||
clientOptions.Audience = Queues::Models::QueueAudience(
|
||||
queueUrl.GetScheme() + "://" + queueUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Queues::Models::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
|
||||
queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(queueClient.GetProperties());
|
||||
|
||||
@ -259,8 +264,7 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
EXPECT_NO_THROW(queueClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Queues::Models::QueueAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Queues::Models::QueueAudience("https://disk.compute.azure.com");
|
||||
queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(queueClient.GetProperties(), StorageException);
|
||||
|
||||
|
||||
@ -330,15 +330,14 @@ namespace Azure { namespace Storage { namespace Test {
|
||||
|
||||
// custom audience
|
||||
auto queueUrl = Azure::Core::Url(queueServiceClient.GetUrl());
|
||||
clientOptions.Audience = Queues::Models::QueueAudience(
|
||||
queueUrl.GetScheme() + "://" + queueUrl.GetHost() + "/.default");
|
||||
clientOptions.Audience
|
||||
= Queues::Models::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
|
||||
queueServiceClient
|
||||
= Queues::QueueServiceClient(m_queueServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_NO_THROW(queueServiceClient.GetProperties());
|
||||
|
||||
// error audience
|
||||
clientOptions.Audience
|
||||
= Queues::Models::QueueAudience("https://disk.compute.azure.com/.default");
|
||||
clientOptions.Audience = Queues::Models::QueueAudience("https://disk.compute.azure.com");
|
||||
queueServiceClient
|
||||
= Queues::QueueServiceClient(m_queueServiceClient->GetUrl(), credential, clientOptions);
|
||||
EXPECT_THROW(queueServiceClient.GetProperties(), StorageException);
|
||||
|
||||
Loading…
Reference in New Issue
Block a user