[Storage] Fix context issues - misleading StorageAccountName field and null reference issue when context has no Credentials field (#21741)

* Fix context issue

* Add more checks

Author: yifanz7

src/Storage/Storage.Management/ChangeLog.md

@@ -18,6 +18,9 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed an issue of StorageAccountName field in context object when the context is invalid 
+    - `New-AzStorageContext`
+* Fixed an issue when a context does not have Crendentials field 
 * Added "$blobchangefeed" to be a valid container name
 
 ## Version 5.6.0

src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs

@@ -180,7 +180,7 @@ public override void ExecuteCmdlet()
 
             // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
             bool generateUserDelegationSas = false;
-            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials !=null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
             {
                 if (ShouldProcess(blob.Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
                 {

src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs

@@ -127,7 +127,7 @@ public override void ExecuteCmdlet()
 
             // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
             bool generateUserDelegationSas = false;
-            if (Channel!=null && Channel.StorageContext!= null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
+            if (Channel!=null && Channel.StorageContext!= null && Channel.StorageContext.StorageAccount.Credentials != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
             {
                 if (ShouldProcess(Name, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
                 {

src/Storage/Storage/Blob/Cmdlet/StartAzureStorageBlobCopy.cs

@@ -677,6 +677,8 @@ private async Task StartCopyFromBlob(long taskId, IStorageBlobManagement destCha
                 if (Channel!=null && destChannel != null && 
                     Channel.StorageContext!= null && destChannel.StorageContext != null 
                     && Channel.StorageContext.StorageAccountName == destChannel.StorageContext.StorageAccountName
+                    && Channel.StorageContext.StorageAccount != null 
+                    && Channel.StorageContext.StorageAccount.Credentials != null
                     && Channel.StorageContext.StorageAccount.Credentials.IsToken)
                 {
                     // if inside same account, source blob can be anonumous
@@ -712,6 +714,8 @@ private async Task StartCopyFromBlob(long taskId, IStorageBlobManagement destCha
                 if (Channel != null && destChannel != null &&
                     Channel.StorageContext != null && destChannel.StorageContext != null
                     && Channel.StorageContext.StorageAccountName == destChannel.StorageContext.StorageAccountName
+                    && Channel.StorageContext.StorageAccount != null
+                    && Channel.StorageContext.StorageAccount.Credentials != null
                     && Channel.StorageContext.StorageAccount.Credentials.IsToken)
                 {
                     // if inside same account, source blob can be anonumous

src/Storage/Storage/Blob/StorageCloudBlobCmdletBase.cs

@@ -713,15 +713,15 @@ internal DataLakeFileSystemClient GetFileSystemClientByName(IStorageBlobManageme
             Uri fileSystemUri = localChannel.StorageContext.StorageAccount.CreateCloudBlobClient().GetContainerReference(fileSystemName).Uri;
             DataLakeFileSystemClient fileSystem;
 
-            if (localChannel.StorageContext.StorageAccount.Credentials.IsToken) //Oauth
+            if (localChannel.StorageContext.StorageAccount.Credentials != null && localChannel.StorageContext.StorageAccount.Credentials.IsToken) //Oauth
             {
                 fileSystem = new DataLakeFileSystemClient(fileSystemUri, localChannel.StorageContext.Track2OauthToken, this.DataLakeClientOptions);
             }
-            else if (localChannel.StorageContext.StorageAccount.Credentials.IsSAS) //SAS
+            else if (localChannel.StorageContext.StorageAccount.Credentials != null && localChannel.StorageContext.StorageAccount.Credentials.IsSAS) //SAS
             {
                 fileSystem = new DataLakeFileSystemClient(new Uri (fileSystemUri.ToString() + "?" + Util.GetSASStringWithoutQuestionMark(localChannel.StorageContext.StorageAccount.Credentials.SASToken)), this.DataLakeClientOptions);
             }
-            else if (localChannel.StorageContext.StorageAccount.Credentials.IsSharedKey) //Shared Key
+            else if (localChannel.StorageContext.StorageAccount.Credentials != null && localChannel.StorageContext.StorageAccount.Credentials.IsSharedKey) //Shared Key
             {
                 fileSystem = new DataLakeFileSystemClient(fileSystemUri,
                      new StorageSharedKeyCredential(localChannel.StorageContext.StorageAccountName, localChannel.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey()), this.DataLakeClientOptions);

src/Storage/Storage/Common/AzureStorageBlob.cs

@@ -313,7 +313,7 @@ public AzureStorageBlob(TaggedBlobItem blob, AzureStorageContext storageContext,
                 BlobName = blob.BlobName
             };
             Uri blobUri = uriBuilder.ToUri();
-            if (storageContext.StorageAccount.Credentials.IsSAS)
+            if (storageContext.StorageAccount != null && storageContext.StorageAccount.Credentials != null && storageContext.StorageAccount.Credentials.IsSAS)
             {
                 blobUri= new Uri(blobUri.ToString() + storageContext.StorageAccount.Credentials.SASToken);
             }
@@ -497,12 +497,12 @@ public static BlobClient GetTrack2BlobClient(BlobBaseClient blobBaseClient, Azur
                 return (BlobClient)blobBaseClient;
             }
             BlobClient blobClient;
-            if (context.StorageAccount.Credentials.IsToken) //Oauth
+            if (context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsToken) //Oauth
             {
                 blobClient = new BlobClient(blobBaseClient.Uri, context.Track2OauthToken, options);
 
             }
-            else if (context.StorageAccount.Credentials.IsSharedKey) //Shared Key
+            else if (context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey) //Shared Key
             {
                 blobClient = new BlobClient(blobBaseClient.Uri,
                     new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey()), options);

src/Storage/Storage/Common/AzureStorageContext.cs

@@ -186,7 +186,7 @@ public AzureStorageContext(CloudStorageAccount account, string accountName = nul
                 {
                     StorageAccountName = "[AccessToken]";
                 }
-                else
+                else if (account.Credentials != null && account.Credentials.IsAnonymous)
                 {
                     StorageAccountName = "[Anonymous]";
                 }

src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs

@@ -90,7 +90,8 @@ public NewAzureStorageAccountSasTokenCommand(IStorageBlobManagement channel)
         [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
         public override void ExecuteCmdlet()
         {
-            if (Channel != null && Channel.StorageContext != null && !Channel.StorageContext.StorageAccount.Credentials.IsSharedKey)
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount != null 
+                && Channel.StorageContext.StorageAccount.Credentials != null && !Channel.StorageContext.StorageAccount.Credentials.IsSharedKey)
             {
                 throw new ArgumentException("Storage account SAS token must be secured with the storage account key.", "Context");
             }

src/Storage/Storage/Common/SasTokenHelper.cs

@@ -448,7 +448,7 @@ public static ShareSasBuilder SetShareSasBuilder(string shareName,
         /// </summary>
         public static string GetFileSharedAccessSignature(AzureStorageContext context, ShareSasBuilder sasBuilder, CancellationToken cancelToken)
         {
-            if (context != null && context.StorageAccount.Credentials.IsSharedKey)
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey)
             {
                 return sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
             }
@@ -687,7 +687,7 @@ public static BlobSasBuilder SetBlobPermission(BlobSasBuilder sasBuilder, string
         /// </summary>
         public static string GetBlobSharedAccessSignature(AzureStorageContext context, BlobSasBuilder sasBuilder, bool generateUserDelegationSas, BlobClientOptions ClientOptions, CancellationToken cancelToken)
         {
-            if (context != null && context.StorageAccount.Credentials.IsSharedKey)
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey)
             {
                 return sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
             }
@@ -716,7 +716,7 @@ public static string GetBlobSharedAccessSignature(AzureStorageContext context, B
         /// </summary>
         public static string GetDatalakeGen2SharedAccessSignature(AzureStorageContext context, DataLakeSasBuilder sasBuilder, bool generateUserDelegationSas, DataLakeClientOptions clientOptions, CancellationToken cancelToken)
         {
-            if (context != null && context.StorageAccount.Credentials.IsSharedKey)
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey)
             {
                 return sasBuilder.ToSasQueryParameters(new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey())).ToString();
             }

src/Storage/Storage/Common/StorageExtensions.cs

@@ -197,7 +197,7 @@ internal static Uri GenerateUriWithCredentials(
             {
                 throw new ArgumentNullException("blob");
             }
-            else if (context.StorageAccount.Credentials.IsSAS)
+            else if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSAS)
             {
                 return blob.Uri;
             }

src/Storage/Storage/Common/Util.cs

@@ -426,7 +426,7 @@ public static BlobBaseClient GetTrack2BlobClient(Uri blobUri, AzureStorageContex
             {
                 options = new BlobClientOptions();
             }
-            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials.IsToken) //Oauth
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsToken) //Oauth
             {
                 if (blobType == null)
                 {
@@ -448,7 +448,7 @@ public static BlobBaseClient GetTrack2BlobClient(Uri blobUri, AzureStorageContex
                     }
                 }
             }
-            else if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials.IsSharedKey) //Shared Key
+            else if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey) //Shared Key
             {
                 if (blobType == null)
                 {
@@ -503,7 +503,7 @@ public static BlobBaseClient GetTrack2BlobClientWithType(BlobBaseClient blob, Az
         public static BlobServiceClient GetTrack2BlobServiceClient(AzureStorageContext context, BlobClientOptions options = null)
         {
             BlobServiceClient blobServiceClient;
-            if (context.StorageAccount.Credentials.IsToken) //Oauth
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsToken) //Oauth
             {
                 blobServiceClient = new BlobServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, options);
             }
@@ -512,7 +512,7 @@ public static BlobServiceClient GetTrack2BlobServiceClient(AzureStorageContext c
                 string connectionString = context.ConnectionString;
 
                 // remove the "?" at the begin of SAS if any
-                if (context.StorageAccount.Credentials.IsSAS)
+                if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSAS)
                 {
                     connectionString = connectionString.Replace("SharedAccessSignature=?", "SharedAccessSignature=");
                 }
@@ -524,15 +524,15 @@ public static BlobServiceClient GetTrack2BlobServiceClient(AzureStorageContext c
         public static DataLakeServiceClient GetTrack2DataLakeServiceClient(AzureStorageContext context, DataLakeClientOptions options = null)
         {
             DataLakeServiceClient serviceClient;
-            if (context.StorageAccount.Credentials.IsToken) //Oauth
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsToken) //Oauth
             {
                 serviceClient = new DataLakeServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, options);
             }
-            else if (context.StorageAccount.Credentials.IsSharedKey) //key 
+            else if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSharedKey) //key 
             {
                 serviceClient = new DataLakeServiceClient(context.StorageAccount.BlobEndpoint, new StorageSharedKeyCredential(context.StorageAccountName, context.StorageAccount.Credentials.ExportBase64EncodedKey()), options);
             }
-            else if (context.StorageAccount.Credentials.IsSAS) //sas 
+            else if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSAS) //sas 
             {
                 serviceClient = new DataLakeServiceClient(new Uri(context.StorageAccount.BlobEndpoint.ToString() + context.StorageAccount.Credentials.SASToken), options);
             }
@@ -768,7 +768,7 @@ public static ShareServiceClient GetTrack2FileServiceClient(AzureStorageContext
             string connectionString = context.ConnectionString;
 
             // remove the "?" at the begin of SAS if any
-            if (context.StorageAccount.Credentials.IsSAS)
+            if (context != null && context.StorageAccount != null && context.StorageAccount.Credentials != null && context.StorageAccount.Credentials.IsSAS)
             {
                 connectionString = connectionString.Replace("SharedAccessSignature=?", "SharedAccessSignature=");
             }

src/Storage/Storage/DatalakeGen2/Cmdlet/GetAzDataLakeGen2FileContent.cs

@@ -264,7 +264,8 @@ public override void ExecuteCmdlet()
             {
                 if (!InputObject.IsDirectory)
                 {
-                    if (Channel.StorageContext.StorageAccount.Credentials.IsSAS)
+                    if (Channel.StorageContext.StorageAccount != null &&
+                        Channel.StorageContext.StorageAccount.Credentials != null && Channel.StorageContext.StorageAccount.Credentials.IsSAS)
                     {
                         // For SAS, the Uri already contains the sas token, so can't repeatedly inout the credential
                         blob = new CloudBlockBlob(InputObject.File.Uri);

src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs

@@ -214,8 +214,8 @@ public override void ExecuteCmdlet()
                 if (ShouldProcess(GetDataLakeItemUriWithoutSas(fileClient), "Create File: "))
                 {
                     // Use SDK to upload directly when use SAS credential, and need set permission, since set permission after upload will fail with SAS
-                    if (Channel.StorageContext.StorageAccount.Credentials.IsSAS
-                        && (!string.IsNullOrEmpty(this.Permission) || !string.IsNullOrEmpty(this.Umask)))
+                    if (Channel.StorageContext.StorageAccount != null && Channel.StorageContext.StorageAccount.Credentials != null &&
+                        Channel.StorageContext.StorageAccount.Credentials.IsSAS && (!string.IsNullOrEmpty(this.Permission) || !string.IsNullOrEmpty(this.Umask)))
                     {
                         Func<long, Task> taskGenerator = (taskId) => UploadDataLakeFile(taskId, fileClient, ResolvedFileName);
                         RunTask(taskGenerator);

src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2SasToken.cs

@@ -117,7 +117,8 @@ public override void ExecuteCmdlet()
 
             // When the input context is Oauth bases, can't generate normal SAS, but UserDelegationSas
             bool generateUserDelegationSas = false;
-            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount.Credentials.IsToken)
+            if (Channel != null && Channel.StorageContext != null && Channel.StorageContext.StorageAccount != null && 
+                Channel.StorageContext.StorageAccount.Credentials != null &&  Channel.StorageContext.StorageAccount.Credentials.IsToken)
             {
                 if (ShouldProcess(this.Path, "Generate User Delegation SAS, since input Storage Context is OAuth based."))
                 {

src/Storage/Storage/File/Cmdlet/GetAzureStorageFileContent.cs

@@ -225,7 +225,8 @@ public override void ExecuteCmdlet()
                         Resources.PrepareDownloadingFile);
 
                     // If not Oauth, use DMlib
-                    if (!(this.Channel != null && this.Channel.StorageContext != null && this.Channel.StorageContext.StorageAccount != null && this.Channel.StorageContext.StorageAccount.Credentials.IsToken))
+                    if (!(this.Channel != null && this.Channel.StorageContext != null && this.Channel.StorageContext.StorageAccount != null && 
+                    this.Channel.StorageContext.StorageAccount.Credentials != null && this.Channel.StorageContext.StorageAccount.Credentials.IsToken))
                     {
                         await DataMovementTransferHelper.DoTransfer(() =>
                         {

src/Storage/Storage/Model/Contract/StorageBlobManagement.cs

@@ -166,11 +166,13 @@ public BlobServiceClient GetBlobServiceClient(BlobClientOptions options = null)
         {
             if (blobServiceClient == null)
             {
-                if (this.StorageContext.StorageAccount.Credentials.IsToken) //Oauth
+                if (this.StorageContext != null && this.StorageContext.StorageAccount != null && 
+                    this.StorageContext.StorageAccount.Credentials != null && this.StorageContext.StorageAccount.Credentials.IsToken) //Oauth
                 {
                     blobServiceClient = new BlobServiceClient(this.StorageContext.StorageAccount.BlobEndpoint, this.StorageContext.Track2OauthToken, options);
                 }
-                else if (this.StorageContext.StorageAccount.Credentials.IsSharedKey) //Shared Key
+                else if (this.StorageContext != null && this.StorageContext.StorageAccount != null &&
+                     this.StorageContext.StorageAccount.Credentials != null &&  this.StorageContext.StorageAccount.Credentials.IsSharedKey) //Shared Key
                 {
                     blobServiceClient = new BlobServiceClient(this.StorageContext.StorageAccount.BlobEndpoint,
                         new StorageSharedKeyCredential(this.StorageContext.StorageAccountName, this.StorageContext.StorageAccount.Credentials.ExportBase64EncodedKey()), options);