azure-storage-common 1.0.0

data/common/lib/azure/storage/common/client_options_error.rb

@@ -0,0 +1,41 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+require "azure/storage/common/core"
+
+module Azure::Storage::Common
+  class InvalidConnectionStringError < Core::StorageError
+    def initialize(message = Azure::Storage::Common::Core::SR::INVALID_CONNECTION_STRING)
+      super(message)
+    end
+  end
+
+  class InvalidOptionsError < Core::StorageError
+    def initialize(message = Azure::Storage::Common::Core::SR::INVALID_CLIENT_OPTIONS)
+      super(message)
+    end
+  end
+end

data/common/lib/azure/storage/common/configurable.rb

@@ -0,0 +1,212 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+module Azure::Storage::Common
+  # The Azure::Storage::Common::Configurable module provides basic configuration for Azure storage activities.
+  module Configurable
+    # @!attribute [w] storage_access_key
+    #   @return [String] Azure Storage access key.
+    # @!attribute storage_account_name
+    #   @return [String] Azure Storage account name.
+    # @!attribute storage_connection_string
+    #   @return [String] Azure Storage connection string.
+    # @!attribute storage_blob_host
+    #   @return [String] Set the host for the Blob service. Only set this if you want
+    #     something custom (like, for example, to point this to a LocalStorage
+    #     emulator). This should be the complete host, including http:// at the
+    #     start. When using the emulator, make sure to include your account name at
+    #     the end.
+    # @!attribute storage_table_host
+    #   @return [String] Set the host for the Table service. Only set this if you want
+    #     something custom (like, for example, to point this to a LocalStorage
+    #     emulator). This should be the complete host, including http:// at the
+    #     start. When using the emulator, make sure to include your account name at
+    #     the end.
+    # @!attribute storage_queue_host
+    #   @return [String] Set the host for the Queue service. Only set this if you want
+    #     something custom (like, for example, to point this to a LocalStorage
+    #     emulator). This should be the complete host, including http:// at the
+    #     start. When using the emulator, make sure to include your account name at
+    #     the end.
+
+    attr_accessor :storage_access_key,
+                  :storage_account_name,
+                  :storage_connection_string,
+                  :storage_sas_token
+
+    attr_writer :storage_table_host,
+                :storage_blob_host,
+                :storage_queue_host,
+                :storage_file_host,
+                :storage_table_host_secondary,
+                :storage_blob_host_secondary,
+                :storage_queue_host_secondary,
+                :storage_file_host_secondary
+
+    attr_reader :signer
+
+    class << self
+      # List of configurable keys for {Azure::Client}
+      # @return [Array] of option keys
+      def keys
+        @keys ||= [
+          :storage_access_key,
+          :storage_account_name,
+          :storage_connection_string,
+          :storage_sas_token,
+          :storage_table_host,
+          :storage_blob_host,
+          :storage_queue_host,
+          :storage_file_host,
+          :signer
+        ]
+      end
+    end
+
+    # Set configuration options using a block
+    def configure
+      yield self
+    end
+
+    def config
+      self
+    end
+
+    # Reset configuration options to default values
+    def reset_config!(options = {})
+      Azure::Storage::Common::Configurable.keys.each do |key|
+        value =
+          if self == Azure::Storage::Common
+            Azure::Storage::Common::Default.options[key]
+          else
+            self.send(key)
+          end
+        instance_variable_set(:"@#{key}", options.fetch(key, value))
+
+        # Set the secondary endpoint if the primary one is given
+        if key.to_s.include? "host"
+          instance_variable_set(:"@#{key}_secondary", secondary_endpoint(options.fetch(key, value)))
+        end
+      end
+      self.send(:reset_agents!) if self.respond_to?(:reset_agents!)
+      setup_signer_for_service(options[:api_version])
+      self
+    end
+
+    alias setup reset_config!
+
+    # Storage queue host
+    # @return [String]
+    def storage_queue_host(isSecondary = false)
+      if isSecondary
+        @storage_queue_host_secondary || default_host(:queue, true)
+      else
+        @storage_queue_host || default_host(:queue, false)
+      end
+    end
+
+    # Storage blob host
+    # @return [String]
+    def storage_blob_host(isSecondary = false)
+      if isSecondary
+        @storage_blob_host_secondary || default_host(:blob, true)
+      else
+        @storage_blob_host || default_host(:blob, false)
+      end
+    end
+
+    # Storage table host
+    # @return [String]
+    def storage_table_host(isSecondary = false)
+      if isSecondary
+        @storage_table_host_secondary || default_host(:table, true)
+      else
+        @storage_table_host || default_host(:table, false)
+      end
+    end
+
+    # Storage file host
+    # @return [String]
+    def storage_file_host(isSecondary = false)
+      if isSecondary
+        @storage_file_host_secondary || default_host(:file, true)
+      else
+        @storage_file_host || default_host(:file, false)
+      end
+    end
+
+    private
+
+      def default_host(service, isSecondary = false)
+        "https://#{storage_account_name}#{isSecondary ? "-secondary" : ""}.#{service}.core.windows.net" if storage_account_name
+      end
+
+      def setup_options
+        opts = {}
+        Azure::Storage::Common::Configurable.keys.map do |key|
+          opts[key] = self.send(key) if self.send(key)
+        end
+        opts
+      end
+
+      def account_name_from_endpoint(endpoint)
+        return nil if endpoint.nil?
+        uri = URI::parse endpoint
+        fields = uri.host.split "."
+        fields[0]
+      end
+
+      def secondary_endpoint(primary_endpoint)
+        return nil if primary_endpoint.nil?
+        account_name = account_name_from_endpoint primary_endpoint
+        primary_endpoint.sub account_name, account_name + "-secondary"
+      end
+
+      def determine_account_name
+        if instance_variable_get(:@storage_account_name).nil?
+          hosts = [@storage_blob_host, @storage_table_host, @storage_queue_host, @storage_file_host]
+          account_name = nil;
+          hosts.each do |host|
+            parsed = account_name_from_endpoint host
+            if account_name.nil?
+              account_name = parsed
+            elsif !account_name.nil? && !parsed.nil? && (account_name <=> parsed) != (0)
+              raise InvalidOptionsError, "Ambiguous account name in service hosts."
+            end
+          end
+          raise InvalidOptionsError, "Cannot identify account name." if account_name.nil?
+          @storage_account_name = account_name
+        end
+      end
+
+      def setup_signer_for_service(api_ver)
+        if @storage_sas_token
+          determine_account_name
+          @signer = Azure::Storage::Common::Core::Auth::SharedAccessSignatureSigner.new api_ver, @storage_account_name, @storage_sas_token
+        end
+      end
+  end
+end

data/common/lib/azure/storage/common/core.rb

@@ -0,0 +1,35 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+module Azure
+  module Storage
+  end
+end
+
+require "azure/storage/common/core/error"
+require "azure/storage/common/default"
+require "azure/storage/common/core/sr"
+require "azure/storage/common/core/utility"

data/common/lib/azure/storage/common/core/auth/anonymous_signer.rb

@@ -0,0 +1,43 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+require "base64"
+
+module Azure::Storage::Common::Core
+  module Auth
+    class AnonymousSigner < Azure::Core::Auth::Signer
+      # Public: Initialize the Anonymous Signer
+      def initialize()
+        # Use mock key to initialize super class
+        super(Base64.strict_encode64("accesskey"))
+      end
+
+      def sign_request(req)
+        # Do nothing.
+      end
+    end
+  end
+end

data/common/lib/azure/storage/common/core/auth/shared_access_signature.rb

@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+require "azure/storage/common/core/auth/shared_access_signature_generator"
+require "azure/storage/common/core/auth/shared_access_signature_signer"
+
+include Azure::Storage::Common::Core::Auth

data/common/lib/azure/storage/common/core/auth/shared_access_signature_generator.rb

@@ -0,0 +1,352 @@
+# frozen_string_literal: true
+
+#-------------------------------------------------------------------------
+# # Copyright (c) Microsoft and contributors. All rights reserved.
+#
+# The MIT License(MIT)
+
+# Permission is hereby granted, free of charge, to any person obtaining a copy
+# of this software and associated documentation files(the "Software"), to deal
+# in the Software without restriction, including without limitation the rights
+# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
+# copies of the Software, and to permit persons to whom the Software is
+# furnished to do so, subject to the following conditions :
+
+# The above copyright notice and this permission notice shall be included in
+# all copies or substantial portions of the Software.
+
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
+# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+# THE SOFTWARE.
+#--------------------------------------------------------------------------
+
+require "azure/storage/common/core"
+require "azure/storage/common/client_options_error"
+require "azure/core/auth/signer"
+require "time"
+require "uri"
+
+# @see https://msdn.microsoft.com/library/azure/dn140255.aspx for more information on construction
+module Azure::Storage::Common::Core
+  module Auth
+    class SharedAccessSignature
+      DEFAULTS = {
+        permissions: "r",
+        version: Azure::Storage::Common::Default::STG_VERSION
+      }
+
+      SERVICE_TYPE_MAPPING = {
+        b: Azure::Storage::Common::ServiceType::BLOB,
+        t: Azure::Storage::Common::ServiceType::TABLE,
+        q: Azure::Storage::Common::ServiceType::QUEUE,
+        f: Azure::Storage::Common::ServiceType::FILE
+      }
+
+      ACCOUNT_KEY_MAPPINGS = {
+        version:              :sv,
+        service:              :ss,
+        resource:             :srt,
+        permissions:          :sp,
+        start:                :st,
+        expiry:               :se,
+        protocol:             :spr,
+        ip_range:             :sip
+      }
+
+      SERVICE_KEY_MAPPINGS = {
+        version:              :sv,
+        permissions:          :sp,
+        start:                :st,
+        expiry:               :se,
+        identifier:           :si,
+        protocol:             :spr,
+        ip_range:             :sip
+      }
+
+      BLOB_KEY_MAPPINGS = {
+        resource:             :sr,
+        cache_control:        :rscc,
+        content_disposition:  :rscd,
+        content_encoding:     :rsce,
+        content_language:     :rscl,
+        content_type:         :rsct
+      }
+
+      TABLE_KEY_MAPPINGS = {
+        table_name:           :tn,
+        startpk:              :spk,
+        endpk:                :epk,
+        startrk:              :srk,
+        endrk:                :erk
+      }
+
+      FILE_KEY_MAPPINGS = {
+        resource:             :sr,
+        cache_control:        :rscc,
+        content_disposition:  :rscd,
+        content_encoding:     :rsce,
+        content_language:     :rscl,
+        content_type:         :rsct
+      }
+
+      SERVICE_OPTIONAL_QUERY_PARAMS = [:sp, :si, :sip, :spr, :rscc, :rscd, :rsce, :rscl, :rsct, :spk, :srk, :epk, :erk]
+
+      ACCOUNT_OPTIONAL_QUERY_PARAMS = [:st, :sip, :spr]
+
+      attr :account_name
+
+      # Public: Initialize the SharedAccessSignature generator
+      #
+      # @param account_name [String] The account name. Defaults to the one in the global configuration.
+      # @param access_key [String]   The access_key encoded in Base64. Defaults to the one in the global configuration.
+      def initialize(account_name = "", access_key = "")
+        if account_name.empty? || access_key.empty?
+          client = Azure::Storage::Common::Client.create_from_env
+          account_name = client.storage_account_name if account_name.empty?
+          access_key = client.storage_access_key if access_key.empty?
+        end
+        @account_name = account_name
+        @signer = Azure::Core::Auth::Signer.new(access_key)
+      end
+
+      # Service Shared Access Signature Token for the given path and options
+      # @param path     [String] Path of the URI or the table name
+      # @param options  [Hash]
+      #
+      # ==== Options
+      #
+      # * +:service+             - String. Required. Service type. 'b' (blob) or 'q' (queue) or 't' (table) or 'f' (file).
+      # * +:resource+            - String. Required. Resource type, 'b' (blob) or 'c' (container) or 'f' (file) or 's' (share).
+      # * +:permissions+         - String. Optional. Combination of 'r', 'a', 'c', w','d','l' in this order for a container.
+      #                                              Combination of 'r', 'a', 'c', 'w', 'd' in this order for a blob.
+      #                                              Combination of 'r', 'c', 'w', 'd', 'l' in this order for a share.
+      #                                              Combination of 'r', 'c', 'w', 'd' in this order for a file.
+      #                                              Combination of 'r', 'a', 'u', 'p' in this order for a queue.
+      #                                              Combination of 'r', 'a', 'u', 'd' in this order for a table.
+      #                                              This option must be omitted if it has been specified in an associated stored access policy.
+      # * +:start+               - String. Optional. UTC Date/Time in ISO8601 format.
+      # * +:expiry+              - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
+      # * +:identifier+          - String. Optional. Identifier for stored access policy.
+      # * +:protocol+            - String. Optional. Permitted protocols.
+      # * +:ip_range+            - String. Optional. An IP address or a range of IP addresses from which to accept requests.
+      #
+      # Below options for blob serivce only
+      # * +:cache_control+       - String. Optional. Response header override.
+      # * +:content_disposition+ - String. Optional. Response header override.
+      # * +:content_encoding+    - String. Optional. Response header override.
+      # * +:content_language+    - String. Optional. Response header override.
+      # * +:content_type+        - String. Optional. Response header override.
+      #
+      # Below options for table service only
+      # * +:startpk+             - String. Optional but must accompany startrk. The start partition key of a specified partition key range.
+      # * +:endpk+               - String. Optional but must accompany endrk. The end partition key of a specified partition key range.
+      # * +:startrk+             - String. Optional. The start row key of a specified row key range.
+      # * +:endrk+               - String. Optional. The end row key of a specified row key range.
+      def generate_service_sas_token(path, options = {})
+        if options.key?(:service)
+          service_type = SERVICE_TYPE_MAPPING[options[:service].to_sym]
+          options.delete(:service)
+        end
+
+        raise Azure::Storage::Common::InvalidOptionsError, "SAS version cannot be set" if options[:version]
+
+        options = DEFAULTS.merge(options)
+        valid_mappings = SERVICE_KEY_MAPPINGS
+        if service_type == Azure::Storage::Common::ServiceType::BLOB
+          if options[:resource]
+            options.merge!(resource: options[:resource])
+          else
+            options.merge!(resource: "b")
+          end
+          valid_mappings.merge!(BLOB_KEY_MAPPINGS)
+        elsif service_type == Azure::Storage::Common::ServiceType::TABLE
+          options.merge!(table_name: path)
+          valid_mappings.merge!(TABLE_KEY_MAPPINGS)
+        elsif service_type == Azure::Storage::Common::ServiceType::FILE
+          if options[:resource]
+            options.merge!(resource: options[:resource])
+          else
+            options.merge!(resource: "f")
+          end
+          valid_mappings.merge!(FILE_KEY_MAPPINGS)
+        end
+
+        invalid_options = options.reject { |k, _| valid_mappings.key?(k) }
+        raise Azure::Storage::Common::InvalidOptionsError, "invalid options #{invalid_options} provided for SAS token generate" if invalid_options.length > 0
+
+        canonicalize_time(options)
+
+        query_hash = Hash[options.map { |k, v| [SERVICE_KEY_MAPPINGS[k], v] }]
+        .reject { |k, v| SERVICE_OPTIONAL_QUERY_PARAMS.include?(k) && v.to_s == "" }
+        .merge(sig: @signer.sign(signable_string_for_service(service_type, path, options)))
+
+        URI.encode_www_form(query_hash)
+      end
+
+      # Construct the plaintext to the spec required for signatures
+      # @return [String]
+      def signable_string_for_service(service_type, path, options)
+        # Order is significant
+        # The newlines from empty strings here are required
+        signable_fields =
+        [
+          options[:permissions],
+          options[:start],
+          options[:expiry],
+          canonicalized_resource(service_type, path),
+          options[:identifier],
+          options[:ip_range],
+          options[:protocol],
+          Azure::Storage::Common::Default::STG_VERSION
+        ]
+
+        signable_fields.concat [
+          options[:cache_control],
+          options[:content_disposition],
+          options[:content_encoding],
+          options[:content_language],
+          options[:content_type]
+        ] if service_type == Azure::Storage::Common::ServiceType::BLOB || service_type == Azure::Storage::Common::ServiceType::FILE
+
+        signable_fields.concat [
+          options[:startpk],
+          options[:startrk],
+          options[:endpk],
+          options[:endrk]
+        ] if service_type == Azure::Storage::Common::ServiceType::TABLE
+
+        signable_fields.join "\n"
+      end
+
+      # Account Shared Access Signature Token for the given options
+      # @param account_name     [String] storage account name
+      # @param options          [Hash]
+      #
+      # ==== Options
+      #
+      # * +:service+             - String. Required. Accessible services. Combination of 'b' (blob), 'q' (queue), 't' (table), 'f' (file).
+      # * +:resource+            - String. Required. Accessible resource types. Combination of 's' (service), 'c' (container-level), 'o'(object-level).
+      # * +:permissions+         - String. Required. Permissions. Combination of 'r' (read), 'w' (write), 'd'(delete), 'l'(list), 'a'(add),
+      #                                              'c'(create), 'u'(update), 'p'(process). Permissions are only valid if they match
+      #                                              the specified signed resource type; otherwise they are ignored.
+      # * +:start+               - String. Optional. UTC Date/Time in ISO8601 format.
+      # * +:expiry+              - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
+      # * +:protocol+            - String. Optional. Permitted protocols.
+      # * +:ip_range+            - String. Optional. An IP address or a range of IP addresses from which to accept requests.
+      #                                    When specifying a range, note that the range is inclusive.
+      def generate_account_sas_token(options = {})
+        raise Azure::Storage::Common::InvalidOptionsError, "SAS version cannot be set" if options[:version]
+
+        options = DEFAULTS.merge(options)
+        valid_mappings = ACCOUNT_KEY_MAPPINGS
+
+        invalid_options = options.reject { |k, _| valid_mappings.key?(k) }
+        raise Azure::Storage::Common::InvalidOptionsError, "invalid options #{invalid_options} provided for SAS token generate" if invalid_options.length > 0
+
+        canonicalize_time(options)
+
+        query_hash = Hash[options.map { |k, v| [ACCOUNT_KEY_MAPPINGS[k], v] }]
+        .reject { |k, v| ACCOUNT_OPTIONAL_QUERY_PARAMS.include?(k) && v.to_s == "" }
+        .merge(sig: @signer.sign(signable_string_for_account(options)))
+
+        URI.encode_www_form(query_hash)
+      end
+
+      # Construct the plaintext to the spec required for signatures
+      # @return [String]
+      def signable_string_for_account(options)
+        # Order is significant
+        # The newlines from empty strings here are required
+        [
+          @account_name,
+          options[:permissions],
+          options[:service],
+          options[:resource],
+          options[:start],
+          options[:expiry],
+          options[:ip_range],
+          options[:protocol],
+          Azure::Storage::Common::Default::STG_VERSION,
+          ""
+        ].join("\n")
+      end
+
+      # Return the cononicalized resource representation of the blob resource
+      # @return [String]
+      def canonicalized_resource(service_type, path)
+        "/#{service_type}/#{account_name}#{path.start_with?('/') ? '' : '/'}#{path}"
+      end
+
+      def canonicalize_time(options)
+        options[:start] = Time.parse(options[:start]).utc.iso8601 if options[:start]
+        options[:expiry] = Time.parse(options[:expiry]).utc.iso8601 if options[:expiry]
+        options[:expiry] ||= (Time.now + 60 * 30).utc.iso8601
+      end
+
+      # A customised URI reflecting options for the resource signed with Shared Access Signature
+      # @param uri                [URI] uri to resource including query options
+      # @param use_account_sas    [Boolean] Whether uses account SAS
+      # @param options            [Hash]
+      #
+      # ==== Options
+      #
+      # * +:start+                - String. Optional. UTC Date/Time in ISO8601 format.
+      # * +:expiry+               - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
+      # * +:protocol+             - String. Optional. Permitted protocols.
+      # * +:ip_range+             - String. Optional. An IP address or a range of IP addresses from which to accept requests.
+      #                                     When specifying a range, note that the range is inclusive.
+      #
+      # Below options for account SAS only
+      # * +:service+              - String. Required. Accessible services. Combination of 'b' (blob), 'q' (queue), 't' (table), 'f' (file).
+      # * +:resource+             - String. Required. Accessible resource types. Combination of 's' (service), 'c' (container-level), 'o'(object-level).
+      # * +:permissions+          - String. Required. Permissions. Combination of 'r' (read), 'w' (write), 'd'(delete), 'l'(list), 'a'(add),
+      #                                               'c'(create), 'u'(update), 'p'(process). Permissions are only valid if they match
+      #                                               the specified signed resource type; otherwise they are ignored.
+      #
+      # Below options for service SAS only
+      # * +:service+              - String. Required. Service type. 'b' (blob) or 'q' (queue) or 't' (table) or 'f' (file).
+      # * +:resource+             - String. Required. Resource type, 'b' (blob) or 'c' (container) or 'f' (file) or 's' (share).
+      # * +:identifier+           - String. Optional. Identifier for stored access policy.
+      # * +:permissions+          - String. Optional. Combination of 'r', 'a', 'c', w','d','l' in this order for a container.
+      #                                               Combination of 'r', 'a', 'c', 'w', 'd' in this order for a blob.
+      #                                               Combination of 'r', 'c', 'w', 'd', 'l' in this order for a share.
+      #                                               Combination of 'r', 'c', 'w', 'd' in this order for a file.
+      #                                               Combination of 'r', 'a', 'u', 'p' in this order for a queue.
+      #                                               Combination of 'r', 'a', 'u', 'd' in this order for a table.
+      #
+      # Below options for Blob service only
+      # * +:cache_control+        - String. Optional. Response header override.
+      # * +:content_disposition+  - String. Optional. Response header override.
+      # * +:content_encoding+     - String. Optional. Response header override.
+      # * +:content_language+     - String. Optional. Response header override.
+      # * +:content_type+         - String. Optional. Response header override.
+      #
+      # Below options for Table service only
+      # * +:table_name+           - String. Required. Table name for SAS.
+      # * +:startpk+              - String. Optional but must accompany startrk. The start partition key of a specified partition key range.
+      # * +:endpk+                - String. Optional but must accompany endrk. The end partition key of a specified partition key range.
+      # * +:startrk+              - String. Optional. The start row key of a specified row key range.
+      # * +:endrk+                - String. Optional. The end row key of a specified row key range.
+      def signed_uri(uri, use_account_sas, options)
+        CGI::parse(uri.query || "").inject({}) { |memo, (k, v)| memo[k.to_sym] = v; memo }
+
+        if options[:service] == (nil) && uri.host != (nil)
+          host_splits = uri.host.split(".")
+          options[:service] = host_splits[1].chr if host_splits.length > 1 && host_splits[0] == @account_name
+        end
+
+        sas_params = if use_account_sas
+          generate_account_sas_token(options)
+                     else
+                       generate_service_sas_token(uri.path, options)
+                     end
+
+        URI.parse(uri.to_s + (uri.query.nil? ? "?" : "&") + sas_params)
+      end
+    end
+  end
+end