Merge pull request #424 from Azure/dev

HPF PR: vmss <- Azure:dev

Author: huangpf

CONTRIBUTING.md

@@ -1,5 +1,5 @@
 # Contribute Code or Provide Feedback
 
-If you would like to become an active contributor to this project please follow the instructions provided in [Microsoft Azure Projects Contribution Guidelines](http://windowsazure.github.com/guidelines.html).
+If you would like to become an active contributor to this project please follow the instructions provided in [Microsoft Azure Projects Contribution Guidelines](http://azure.github.io/guidelines/).
 
 If you encounter any bugs with Microsoft Azure PowerShell please file an issue in the [Issues](https://github.com/Azure/azure-powershell/issues) section of the project.

ChangeLog.md

@@ -12,6 +12,16 @@
   * Set-AzureLogicAppAccessKey
   * Set-AzureLogicApp
   * Stop-AzureLogicAppRun
+ * Azure Storage
+  * Added cmdlet to generate SAS token against storage account
+    - New-AzureStorageAccountSASToken
+  * Added IPAddressOrRange/Protocol support in cmdlets to generate SAS token against blob, container, file, share, table, queue
+    - New-AzureStorageBlobSASToken
+    - New-AzureStorageContainerSASToken
+    - New-AzureStorageFileSASToken
+    - New-AzureStorageShareSASToken
+    - New-AzureStorageQueueSASToken
+    - New-AzureStorageTableSASToken
 
 ## 2016.02.04 version 1.2.1
 * Fix installer issue - remove PSGallery modules on install

src/Common/Commands.Common.Authentication/Commands.Common.Authentication.csproj

@@ -11,7 +11,7 @@
     <AssemblyName>Commands.Common.Authentication</AssemblyName>
     <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
     <FileAlignment>512</FileAlignment>
-    <SolutionDir Condition="$(SolutionDir) == '' Or $(SolutionDir) == '*Undefined*'">..\..\</SolutionDir>
+    <TargetFrameworkProfile />
     <RestorePackages>true</RestorePackages>
     <CodeAnalysisAdditionalOptions>/assemblyCompareMode:StrongNameIgnoringVersion</CodeAnalysisAdditionalOptions>
     <NuGetPackageImportStamp>06e19c11</NuGetPackageImportStamp>
@@ -51,7 +51,8 @@
   </PropertyGroup>
   <ItemGroup>
     <Reference Include="Hyak.Common, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
-      <HintPath>..\..\packages\Hyak.Common.1.0.3\lib\net45\Hyak.Common.dll</HintPath>
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\packages\Hyak.Common.1.0.3\lib\portable-net403+win+wpa81\Hyak.Common.dll</HintPath>
       <Private>True</Private>
     </Reference>
     <Reference Include="Microsoft.Azure.Common, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
@@ -178,5 +179,4 @@
     <None Include="packages.config" />
   </ItemGroup>
   <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
-  <Import Project="..\..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets" Condition="Exists('..\..\packages\Microsoft.Bcl.Build.1.0.14\tools\Microsoft.Bcl.Build.targets')" />
 </Project>

src/Common/Commands.Common.Authentication/Models/XmlProfileSerializer.cs

@@ -38,6 +38,16 @@ public bool Deserialize(string contents, AzureSMProfile profile)
             DeserializeErrors = new List<string>();
 
             DataContractSerializer serializer = new DataContractSerializer(typeof(ProfileData));
+
+            // For backward compatibility since namespace of ProfileData has been changed
+            // we need to replace previous namespace with the current one
+            if (!string.IsNullOrWhiteSpace(contents))
+            {
+                contents = contents.Replace(
+                    "http://schemas.datacontract.org/2004/07/Microsoft.Azure.Common.Authentication",
+                    "http://schemas.datacontract.org/2004/07/Microsoft.Azure.Commands.Common.Authentication");
+            }
+
             using (MemoryStream s = new MemoryStream(Encoding.UTF8.GetBytes(contents ?? "")))
             {
                 data = (ProfileData)serializer.ReadObject(s);

src/Common/Storage/Commands.Storage.Test/Service/MockStorageBlobManagement.cs

@@ -685,6 +685,16 @@ public Task<string> StartCopyAsync(CloudBlob blob, Uri source, AccessCondition s
             throw new NotImplementedException();
         }
 
+        /// <summary>
+        /// Get the SAS token for an account.
+        /// </summary>
+        /// <param name="sharedAccessAccountPolicy">Shared access policy to generate the SAS token.</param>
+        /// <returns>Account SAS token.</returns>
+        public string GetStorageAccountSASToken(SharedAccessAccountPolicy sharedAccessAccountPolicy)
+        {
+            throw new NotImplementedException();
+        }
+
         /// <summary>
         /// The storage context
         /// </summary>

src/Common/Storage/Commands.Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs

@@ -20,6 +20,7 @@ namespace Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet
     using Microsoft.WindowsAzure.Commands.Storage.Common;
     using Microsoft.WindowsAzure.Commands.Storage.Model.Contract;
     using Microsoft.WindowsAzure.Storage.Blob;
+    using Microsoft.WindowsAzure.Storage;
 
     [Cmdlet(VerbsCommon.New, StorageNouns.BlobSas, DefaultParameterSetName = BlobNamePipelineParmeterSetWithPermission), OutputType(typeof(String))]
     public class NewAzureStorageBlobSasTokenCommand : StorageCloudBlobCmdletBase
@@ -80,6 +81,12 @@ public string Policy
             ParameterSetName = BlobPipelineParameterSetWithPermision)]
         public string Permission { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Protocol can be used in the request with this SAS token.")]
+        public SharedAccessProtocol Protocol { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "IP, or IP range ACL (access control list) that the request would be accepted from by Azure Storage.")]
+        public string IPAddressOrRange { get; set; }
+
         [Parameter(HelpMessage = "Start Time")]
         public DateTime? StartTime { get; set; }
 
@@ -133,7 +140,7 @@ public override void ExecuteCmdlet()
             SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
             bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, blob.Container.Name, accessPolicy, accessPolicyIdentifier);
             SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
-            string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier);
+            string sasToken = GetBlobSharedAccessSignature(blob, accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
 
             if (FullUri)
             {
@@ -154,10 +161,10 @@ public override void ExecuteCmdlet()
         /// <param name="accessPolicy">SharedAccessBlobPolicy object</param>
         /// <param name="policyIdentifier">The existing policy identifier.</param>
         /// <returns></returns>
-        private string GetBlobSharedAccessSignature(CloudBlob blob, SharedAccessBlobPolicy accessPolicy, string policyIdentifier)
+        private string GetBlobSharedAccessSignature(CloudBlob blob, SharedAccessBlobPolicy accessPolicy, string policyIdentifier, SharedAccessProtocol protocol, IPAddressOrRange iPAddressOrRange)
         {
             CloudBlobContainer container = blob.Container;
-            return blob.GetSharedAccessSignature(accessPolicy, policyIdentifier);
+            return blob.GetSharedAccessSignature(accessPolicy, null, policyIdentifier, protocol, iPAddressOrRange);
         }
 
         /// <summary>

src/Common/Storage/Commands.Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs

@@ -20,6 +20,7 @@ namespace Microsoft.WindowsAzure.Commands.Storage.Blob.Cmdlet
     using Microsoft.WindowsAzure.Commands.Storage.Common;
     using Microsoft.WindowsAzure.Commands.Storage.Model.Contract;
     using Microsoft.WindowsAzure.Storage.Blob;
+    using Microsoft.WindowsAzure.Storage;
 
     [Cmdlet(VerbsCommon.New, StorageNouns.ContainerSas), OutputType(typeof(String))]
     public class NewAzureStorageContainerSasTokenCommand : StorageCloudBlobCmdletBase
@@ -51,9 +52,15 @@ public string Policy
         private string accessPolicyIdentifier;
 
         [Parameter(HelpMessage = "Permissions for a container. Permissions can be any not-empty subset of \"rwdl\".",
-            ParameterSetName = SasPermissionParameterSet)]
+        ParameterSetName = SasPermissionParameterSet)]
         public string Permission { get; set; }
 
+        [Parameter(Mandatory = false, HelpMessage = "Protocol can be used in the request with this SAS token.")]
+        public SharedAccessProtocol Protocol { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "IP, or IP range ACL (access control list) that the request would be accepted from by Azure Storage.")]
+        public string IPAddressOrRange { get; set; }
+
         [Parameter(HelpMessage = "Start Time")]
         public DateTime? StartTime { get; set; }
 
@@ -98,7 +105,7 @@ public override void ExecuteCmdlet()
             SharedAccessBlobPolicy accessPolicy = new SharedAccessBlobPolicy();
             bool shouldSetExpiryTime = SasTokenHelper.ValidateContainerAccessPolicy(Channel, container.Name, accessPolicy, accessPolicyIdentifier);
             SetupAccessPolicy(accessPolicy, shouldSetExpiryTime);
-            string sasToken = container.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier);
+            string sasToken = container.GetSharedAccessSignature(accessPolicy, accessPolicyIdentifier, Protocol, Util.SetupIPAddressOrRangeForSAS(IPAddressOrRange));
 
             if (FullUri)
             {

src/Common/Storage/Commands.Storage/Blob/Cmdlet/StartAzureStorageBlobCopy.cs

@@ -489,6 +489,10 @@ private async Task StartCopyFromBlob(long taskId, IStorageBlobManagement destCha
                     // Opened workitem 1487579 to track this.
                     throw new InvalidOperationException(Resources.DestinationBlobTypeNotMatch);
                 }
+                else
+                {
+                    throw;
+                }
             }
         }
 

src/Common/Storage/Commands.Storage/Commands.Storage.csproj

@@ -173,6 +173,7 @@
     <Compile Include="Common\BlobToFileSystemNameResolver.cs" />
     <Compile Include="Blob\Cmdlet\StartAzureStorageBlobCopy.cs" />
     <Compile Include="Blob\Cmdlet\StopAzureStorageBlobCopy.cs" />
+    <Compile Include="Common\Cmdlet\NewAzureStorageAccountSasToken.cs" />
     <Compile Include="Common\Cmdlet\SetAzureStorageCORSRule.cs" />
     <Compile Include="Common\Cmdlet\GetAzureStorageCORSRule.cs" />
     <Compile Include="Common\Cmdlet\GetAzureStorageServiceLogging.cs" />

src/Common/Storage/Commands.Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs

@@ -0,0 +1,143 @@
+// ----------------------------------------------------------------------------------
+//
+// Copyright Microsoft Corporation
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+// http://www.apache.org/licenses/LICENSE-2.0
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+// ----------------------------------------------------------------------------------
+
+namespace Microsoft.WindowsAzure.Commands.Storage.Common.Cmdlet
+{
+    using System;
+    using System.Management.Automation;
+    using System.Security.Permissions;
+    using Microsoft.WindowsAzure.Commands.Storage.Model.Contract;
+    using Microsoft.WindowsAzure.Storage;
+
+    [Cmdlet(VerbsCommon.New, StorageNouns.AccountSas), OutputType(typeof(String))]
+    public class NewAzureStorageAccountSasTokenCommand : StorageCloudBlobCmdletBase
+    {
+        [Parameter(Mandatory = true, HelpMessage = "Service type that this SAS token applies to.")]
+        public SharedAccessAccountServices Service { get; set; }
+
+        [Parameter(Mandatory = true, HelpMessage = "Resource type that this SAS token applies to.")]
+        public SharedAccessAccountResourceTypes ResourceType { get; set; }
+
+        [Parameter(Mandatory = true, HelpMessage = "Permissions.")]
+        public string Permission { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Protocol can be used in the request with this SAS token.")]
+        public SharedAccessProtocol Protocol { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "IP, or IP range ACL (access control list) that the request would be accepted from by Azure Storage.")]
+        public string IPAddressOrRange { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Start Time")]
+        public DateTime? StartTime { get; set; }
+
+        [Parameter(Mandatory = false, HelpMessage = "Expiry Time")]
+        public DateTime? ExpiryTime { get; set; }
+
+        // Overwrite the useless parameter
+        public override int? ServerTimeoutPerRequest { get; set; }
+        public override int? ClientTimeoutPerRequest { get; set; }
+        public override int? ConcurrentTaskCount { get; set; }
+
+        /// <summary>
+        /// Initializes a new instance of the NewAzureStorageAccountSasTokenCommand class.
+        /// </summary>
+        public NewAzureStorageAccountSasTokenCommand()
+            : this(null)
+        {
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the NewAzureStorageAccountSasTokenCommand class.
+        /// </summary>
+        /// <param name="channel">IStorageBlobManagement channel</param>
+        public NewAzureStorageAccountSasTokenCommand(IStorageBlobManagement channel)
+        {
+            Channel = channel;
+            EnableMultiThread = false;
+        }
+
+        /// <summary>
+        /// Execute command
+        /// </summary>
+        [PermissionSet(SecurityAction.Demand, Name = "FullTrust")]
+        public override void ExecuteCmdlet()
+        {
+            var sharedAccessPolicy = new SharedAccessAccountPolicy()
+            {
+                Permissions = SetupAccessPolicyPermission(this.Permission),
+                Services = Service,
+                ResourceTypes = ResourceType,
+                Protocols = Protocol,
+                IPAddressOrRange = Util.SetupIPAddressOrRangeForSAS(this.IPAddressOrRange)
+            };
+
+            DateTimeOffset? accessStartTime;
+            DateTimeOffset? accessEndTime;
+            SasTokenHelper.SetupAccessPolicyLifeTime(StartTime, ExpiryTime,
+                out accessStartTime, out accessEndTime, true);
+            sharedAccessPolicy.SharedAccessStartTime = accessStartTime;
+            sharedAccessPolicy.SharedAccessExpiryTime = accessEndTime;
+
+            this.WriteObject(Channel.GetStorageAccountSASToken(sharedAccessPolicy));
+        }
+
+        /// <summary>
+        /// Set up access policy permission
+        /// </summary>
+        /// <param name="policy">SharedAccessBlobPolicy object</param>
+        /// <param name="permission">Permisson</param>
+        internal SharedAccessAccountPermissions SetupAccessPolicyPermission(string permission)
+        {
+            if (string.IsNullOrEmpty(permission)) return SharedAccessAccountPermissions.None;
+
+            SharedAccessAccountPermissions accountPermission = SharedAccessAccountPermissions.None;
+            permission = permission.ToLower();
+            foreach (char op in permission)
+            {
+                switch (op)
+                {
+                    case StorageNouns.Permission.Read:
+                    case StorageNouns.Permission.Query:
+                        accountPermission |= SharedAccessAccountPermissions.Read;
+                        break;
+                    case StorageNouns.Permission.Process:
+                        accountPermission |= SharedAccessAccountPermissions.ProcessMessages;
+                        break;
+                    case StorageNouns.Permission.Write:
+                        accountPermission |= SharedAccessAccountPermissions.Write;
+                        break;
+                    case StorageNouns.Permission.Add:
+                        accountPermission |= SharedAccessAccountPermissions.Add;
+                        break;
+                    case StorageNouns.Permission.Create:
+                        accountPermission |= SharedAccessAccountPermissions.Create;
+                        break;
+                    case StorageNouns.Permission.Update:
+                        accountPermission |= SharedAccessAccountPermissions.Update;
+                        break;
+                    case StorageNouns.Permission.Delete:
+                        accountPermission |= SharedAccessAccountPermissions.Delete;
+                        break;
+                    case StorageNouns.Permission.List:
+                        accountPermission |= SharedAccessAccountPermissions.List;
+                        break;
+                    default:
+                        throw new ArgumentException(string.Format(Resources.InvalidAccessPermission, op));
+                }
+            }
+
+            return accountPermission;
+        }
+    }
+}

src/Common/Storage/Commands.Storage/Common/StorageNouns.cs

@@ -104,6 +104,11 @@ public static class StorageNouns
         /// </summary>
         public const string StorageCORSRule = "AzureStorageCORSRule";
 
+        /// <summary>
+        /// Azure storage account sas
+        /// </summary>
+        public const string AccountSas = "AzureStorageAccountSASToken";
+
         /// <summary>
         /// Azure storage container sas
         /// </summary>
@@ -214,6 +219,11 @@ public static class Permission
             /// Query permission
             /// </summary>
             public const char Query = 'q';
+
+            /// <summary>
+            /// Create permission.
+            /// </summary>
+            public const char Create = 'c';
         }
     }
 }

src/Common/Storage/Commands.Storage/Common/Util.cs

@@ -161,5 +161,21 @@ public static CloudBlob GetBlobReference(Uri blobUri, StorageCredentials storage
                         blobUri));
             }
         }
+
+        public static IPAddressOrRange SetupIPAddressOrRangeForSAS(string inputIPACL)
+        {
+            if (string.IsNullOrEmpty(inputIPACL)) return null;
+
+            int separator = inputIPACL.IndexOf('-');
+
+            if (-1 == separator)
+            {
+                return new IPAddressOrRange(inputIPACL);
+            }
+            else
+            {
+                return new IPAddressOrRange(inputIPACL.Substring(0, separator), inputIPACL.Substring(separator + 1));
+            }
+        }
     }
 }