From 43bd0252f6d7795fe581e00117528df62729b75f Mon Sep 17 00:00:00 2001 From: Wei Wei Date: Fri, 21 Oct 2022 09:40:38 +0000 Subject: [PATCH] [Storage] Support dfs sas encryptionscope (#19814) * Upgrade to new storage dataplane SDK * [Storage] Support dfs sas encryptionscope * Update DependencyAnalyzer.cs (#21) Co-authored-by: Dingmeng Xue --- .../Storage.Management.Test.csproj | 8 +++--- src/Storage/Storage.Management/ChangeLog.md | 2 ++ .../help/New-AzDataLakeGen2SasToken.md | 25 +++++++++++++++---- .../Cmdlet/NewAzDataLakeGen2Item.cs | 16 +++++++++--- .../Cmdlet/NewAzDataLakeGen2SasToken.cs | 8 ++++++ src/Storage/Storage/Storage.csproj | 8 +++--- .../DependencyAnalyzer/DependencyAnalyzer.cs | 1 + 7 files changed, 51 insertions(+), 17 deletions(-) diff --git a/src/Storage/Storage.Management.Test/Storage.Management.Test.csproj b/src/Storage/Storage.Management.Test/Storage.Management.Test.csproj index eebf80c8a9da..0dfbecdf7239 100644 --- a/src/Storage/Storage.Management.Test/Storage.Management.Test.csproj +++ b/src/Storage/Storage.Management.Test/Storage.Management.Test.csproj @@ -11,10 +11,10 @@ - - - - + + + + diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md index 02d2e7b57807..95aaad1e37af 100644 --- a/src/Storage/Storage.Management/ChangeLog.md +++ b/src/Storage/Storage.Management/ChangeLog.md @@ -18,6 +18,8 @@ - Additional information about change #1 --> ## Upcoming Release +* Supported generate DataLakeGen2 Sas token with Encryption scope + - `New-AzDataLakeGen2SasToken` * Supported blob type conversions in sync blob copy - `Copy-AzStorageBlob` * Supported create/upgrade storage account with Keyvault from another tenant and access Keyvault with FederatedClientId diff --git a/src/Storage/Storage.Management/help/New-AzDataLakeGen2SasToken.md b/src/Storage/Storage.Management/help/New-AzDataLakeGen2SasToken.md index 15d3be3a4281..6f39a7df201a 100644 --- a/src/Storage/Storage.Management/help/New-AzDataLakeGen2SasToken.md +++ b/src/Storage/Storage.Management/help/New-AzDataLakeGen2SasToken.md @@ -16,7 +16,7 @@ Generates a SAS token for Azure DatalakeGen2 item. ``` New-AzDataLakeGen2SasToken [-FileSystem] [-Path ] [-Permission ] [-Protocol ] [-IPAddressOrRange ] [-StartTime ] - [-ExpiryTime ] [-FullUri] [-Context ] + [-ExpiryTime ] [-EncryptionScope ] [-FullUri] [-Context ] [-DefaultProfile ] [] ``` @@ -24,7 +24,7 @@ New-AzDataLakeGen2SasToken [-FileSystem] [-Path ] [-Permission ``` New-AzDataLakeGen2SasToken -InputObject [-Permission ] [-Protocol ] [-IPAddressOrRange ] [-StartTime ] - [-ExpiryTime ] [-FullUri] [-Context ] + [-ExpiryTime ] [-EncryptionScope ] [-FullUri] [-Context ] [-DefaultProfile ] [] ``` @@ -40,12 +40,12 @@ New-AzDataLakeGen2SasToken -FileSystem "filesystem1" -Path "dir1/dir2" -Permissi This example generates a DatalakeGen2 SAS token with full permission. -### Example 2: Generate a SAS token with specific StartTime, ExpireTime, Protocal, IPAddressOrRange, by pipeline a datalakegen2 item +### Example 2: Generate a SAS token with specific StartTime, ExpireTime, Protocal, IPAddressOrRange, Encryption Scope, by pipeline a datalakegen2 item ``` -Get-AzDataLakeGen2Item -FileSystem test -Path "testdir/dir2" | New-AzDataLakeGen2SasToken -Permission rw -Protocol Https -IPAddressOrRange 10.0.0.0-12.10.0.0 -StartTime (Get-Date) -ExpiryTime (Get-Date).AddDays(6) +Get-AzDataLakeGen2Item -FileSystem test -Path "testdir/dir2" | New-AzDataLakeGen2SasToken -Permission rw -Protocol Https -IPAddressOrRange 10.0.0.0-12.10.0.0 -StartTime (Get-Date) -ExpiryTime (Get-Date).AddDays(6) -EncryptionScope scopename ``` -This example generates a DatalakeGen2 SAS token by pipeline a datalake gen2 item, and with specific StartTime, ExpireTime, Protocal, IPAddressOrRange. +This example generates a DatalakeGen2 SAS token by pipeline a datalake gen2 item, and with specific StartTime, ExpireTime, Protocal, IPAddressOrRange, Encryption Scope. ## PARAMETERS @@ -79,6 +79,21 @@ Accept pipeline input: False Accept wildcard characters: False ``` +### -EncryptionScope +Encryption scope to use when sending requests authorized with this SAS URI. + +```yaml +Type: System.String +Parameter Sets: (All) +Aliases: + +Required: False +Position: Named +Default value: None +Accept pipeline input: False +Accept wildcard characters: False +``` + ### -ExpiryTime Expiry Time diff --git a/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs b/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs index 8d128177c623..433694f14e64 100644 --- a/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs +++ b/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2Item.cs @@ -191,10 +191,18 @@ public override void ExecuteCmdlet() PathHttpHeaders pathHttpHeaders = SetDatalakegen2ItemProperties(dirClient, BlobProperties, setToServer: false); IDictionary metadata = SetDatalakegen2ItemMetaData(dirClient, BlobMetadata, setToServer: false); - dirClient.Create(pathHttpHeaders, - metadata, - this.Permission, - this.Umask != null ? DataLakeModels.PathPermissions.ParseSymbolicPermissions(this.Umask).ToOctalPermissions() : null); + DataLakePathCreateOptions createOptions = new DataLakePathCreateOptions() + { + HttpHeaders = pathHttpHeaders, + Metadata = metadata, + AccessOptions = new DataLakeAccessOptions() + { + Permissions = this.Permission, + Umask = this.Umask != null ? DataLakeModels.PathPermissions.ParseSymbolicPermissions(this.Umask).ToOctalPermissions() : null + } + }; + + dirClient.Create(createOptions, this.CmdletCancellationToken); WriteDataLakeGen2Item(localChannel, dirClient); } diff --git a/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2SasToken.cs b/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2SasToken.cs index a7395a031b49..eb0c08bc91aa 100644 --- a/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2SasToken.cs +++ b/src/Storage/Storage/DatalakeGen2/Cmdlet/NewAzDataLakeGen2SasToken.cs @@ -77,6 +77,10 @@ public class NewDataLakeGen2SasTokenCommand : StorageCloudBlobCmdletBase [ValidateNotNull] public DateTimeOffset? ExpiryTime { get; set; } + [Parameter(Mandatory = false, HelpMessage = "Encryption scope to use when sending requests authorized with this SAS URI.")] + [ValidateNotNullOrEmpty] + public string EncryptionScope { get; set; } + [Parameter(Mandatory = false, HelpMessage = "Display full uri with sas token")] public SwitchParameter FullUri { get; set; } @@ -170,6 +174,10 @@ public override void ExecuteCmdlet() { sasBuilder.Protocol = this.Protocol.Value; } + if (this.EncryptionScope != null) + { + sasBuilder.EncryptionScope = this.EncryptionScope; + } DataLakeFileSystemClient fileSystem = GetFileSystemClientByName(localChannel, this.FileSystem); diff --git a/src/Storage/Storage/Storage.csproj b/src/Storage/Storage/Storage.csproj index 791f91d9d390..0ca0120999c9 100644 --- a/src/Storage/Storage/Storage.csproj +++ b/src/Storage/Storage/Storage.csproj @@ -13,10 +13,10 @@ - - - - + + + + diff --git a/tools/StaticAnalysis/DependencyAnalyzer/DependencyAnalyzer.cs b/tools/StaticAnalysis/DependencyAnalyzer/DependencyAnalyzer.cs index 59efab005ef1..9f746d503bbb 100644 --- a/tools/StaticAnalysis/DependencyAnalyzer/DependencyAnalyzer.cs +++ b/tools/StaticAnalysis/DependencyAnalyzer/DependencyAnalyzer.cs @@ -119,6 +119,7 @@ public class DependencyAnalyzer : IStaticAnalyzer "System.Resources.ResourceManager", "System.Resources.Writer", "System.Runtime", + "System.Runtime.CompilerServices.Unsafe", "System.Runtime.CompilerServices.VisualC", "System.Runtime.Extensions", "System.Runtime.Handles",