Fix Get-AzureStorageContainer with Account SAS failure

src/Storage/ChangeLog.md

@@ -18,7 +18,9 @@
         - Additional information about change #1
 -->
 ## Current Release
-
+* Fix Get Blob Container cmdlet execute fail with Accout SAS credential issue
+	- Get-AzureStorageContainer
+
 ## Version 4.1.0
 * Add cmdlets to get and set Storage service properties
 	- Get-AzureStorageServiceProperty

src/Storage/Commands.Storage/Blob/Cmdlet/GetAzureStorageContainer.cs

@@ -206,6 +206,17 @@ internal void PackCloudBlobContainerWithAcl(IEnumerable<Tuple<CloudBlobContainer
                 return;
             }
 
+            // Only write warning for SAS when use cmdlet alias Get-AzureStorageContainerAcl, since the cmdlets alias specified get container ACL
+            if (this.MyInvocation.Line.ToLower().Contains("get-azurestoragecontaineracl"))
+            {
+                // Write warning when user SAS credential since get container ACL will fail
+                AzureStorageContext storageContext = this.GetCmdletStorageContext();
+                if (storageContext != null && storageContext.StorageAccount != null && storageContext.StorageAccount.Credentials != null && storageContext.StorageAccount.Credentials.IsSAS)
+                {
+                    WriteWarning("Get container permission will fail with SAS token credentials, it needs storage Account key credentials.");
+                }
+            }
+
             IStorageBlobManagement localChannel = Channel;
             foreach (Tuple<CloudBlobContainer, BlobContinuationToken> containerInfo in containerList)
             {
@@ -231,13 +242,10 @@ internal async Task GetContainerPermission(long taskId, IStorageBlobManagement l
                 permissions = await localChannel.GetContainerPermissionsAsync(container, accessCondition,
                     requestOptions, OperationContext, CmdletCancellationToken).ConfigureAwait(false);
             }
-            catch (StorageException e)
+            catch (StorageException e) when (e.IsNotFoundException() || e.IsForbiddenException())
             {
-                if (!e.IsNotFoundException())
-                {
-                    throw;
-                }
-                //404 Not found means we don't have permission to query the Permission of the specified container.
+                // 404 Not found, or 403 Forbidden means we don't have permission to query the Permission of the specified container.
+                // Just skip return container permission in this case.
             }
             WriteCloudContainerObject(taskId, localChannel, container, permissions, continuationToken);
         }

src/Storage/Commands.Storage/Common/StorageExceptionUtil.cs

@@ -32,6 +32,16 @@ public static bool IsNotFoundException(this StorageException e)
             return e.RequestInformation != null && e.RequestInformation.HttpStatusCode == 404;
         }
 
+        /// <summary>
+        /// Whether the storage exception is Fordidden exception or not.
+        /// </summary>
+        /// <param name="e">StorageException from storage client</param>
+        /// <returns>Whether the storageexception is caused by Fordidden</returns>
+        public static bool IsForbiddenException(this StorageException e)
+        {
+            return e.RequestInformation != null && e.RequestInformation.HttpStatusCode == 403;
+        }
+
         /// <summary>
         /// Whether the storage exception is 409 conflict exception
         /// </summary>

src/Storage/Commands.Storage/Microsoft.WindowsAzure.Commands.Storage.format.ps1xml

@@ -326,6 +326,7 @@
           <TableColumnHeader>
             <Label>Name</Label>
             <Alignment>Left</Alignment>
+            <Width>20</Width>
           </TableColumnHeader>
           <TableColumnHeader>
             <Label>PublicAccess</Label>