azure-storage-common2 2.0.8 → 2.0.9
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/azure/core/auth/authorizer.rb +36 -0
- data/lib/azure/core/auth/shared_key.rb +125 -0
- data/lib/azure/core/auth/shared_key_lite.rb +48 -0
- data/lib/azure/core/auth/signer.rb +51 -0
- data/lib/azure/core/default.rb +23 -0
- data/lib/azure/core/error.rb +21 -0
- data/lib/azure/core/filtered_service.rb +45 -0
- data/lib/azure/core/http/debug_filter.rb +36 -0
- data/lib/azure/core/http/http_error.rb +135 -0
- data/lib/azure/core/http/http_filter.rb +53 -0
- data/lib/azure/core/http/http_request.rb +195 -0
- data/lib/azure/core/http/http_response.rb +102 -0
- data/lib/azure/core/http/retry_policy.rb +84 -0
- data/lib/azure/core/http/signer_filter.rb +33 -0
- data/lib/azure/core/service.rb +46 -0
- data/lib/azure/core/signed_service.rb +45 -0
- data/lib/azure/core/utility.rb +244 -0
- data/lib/azure/core/version.rb +33 -0
- data/lib/azure/storage/common/autoload.rb +62 -0
- data/lib/azure/storage/common/client.rb +162 -0
- data/lib/azure/storage/common/client_options.rb +363 -0
- data/lib/azure/storage/common/client_options_error.rb +41 -0
- data/lib/azure/storage/common/configurable.rb +212 -0
- data/lib/azure/storage/common/core/auth/anonymous_signer.rb +43 -0
- data/lib/azure/storage/common/core/auth/shared_access_signature.rb +30 -0
- data/lib/azure/storage/common/core/auth/shared_access_signature_generator.rb +399 -0
- data/lib/azure/storage/common/core/auth/shared_access_signature_signer.rb +57 -0
- data/lib/azure/storage/common/core/auth/shared_key.rb +60 -0
- data/lib/azure/storage/common/core/auth/token_signer.rb +43 -0
- data/lib/azure/storage/common/core/autoload.rb +53 -0
- data/lib/azure/storage/common/core/error.rb +43 -0
- data/lib/azure/storage/common/core/filter/exponential_retry_filter.rb +64 -0
- data/lib/azure/storage/common/core/filter/linear_retry_filter.rb +55 -0
- data/lib/azure/storage/common/core/filter/retry_filter.rb +300 -0
- data/lib/azure/storage/common/core/http_client.rb +82 -0
- data/lib/azure/storage/common/core/sr.rb +85 -0
- data/lib/azure/storage/common/core/token_credential.rb +64 -0
- data/lib/azure/storage/common/core/utility.rb +261 -0
- data/lib/azure/storage/common/core.rb +35 -0
- data/lib/azure/storage/common/default.rb +868 -0
- data/lib/azure/storage/common/service/access_policy.rb +37 -0
- data/lib/azure/storage/common/service/cors.rb +38 -0
- data/lib/azure/storage/common/service/cors_rule.rb +48 -0
- data/lib/azure/storage/common/service/enumeration_results.rb +32 -0
- data/lib/azure/storage/common/service/geo_replication.rb +40 -0
- data/lib/azure/storage/common/service/logging.rb +47 -0
- data/lib/azure/storage/common/service/metrics.rb +45 -0
- data/lib/azure/storage/common/service/retention_policy.rb +37 -0
- data/lib/azure/storage/common/service/serialization.rb +335 -0
- data/lib/azure/storage/common/service/signed_identifier.rb +40 -0
- data/lib/azure/storage/common/service/storage_service.rb +322 -0
- data/lib/azure/storage/common/service/storage_service_properties.rb +48 -0
- data/lib/azure/storage/common/service/storage_service_stats.rb +39 -0
- data/lib/azure/storage/common/service/user_delegation_key.rb +50 -0
- data/lib/azure/storage/common/version.rb +49 -0
- metadata +57 -2
@@ -0,0 +1,30 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
|
27
|
+
require "azure/storage/common/core/auth/shared_access_signature_generator"
|
28
|
+
require "azure/storage/common/core/auth/shared_access_signature_signer"
|
29
|
+
|
30
|
+
include Azure::Storage::Common::Core::Auth
|
@@ -0,0 +1,399 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
|
27
|
+
require "azure/storage/common/core"
|
28
|
+
require "azure/storage/common/client_options_error"
|
29
|
+
require "azure/core/auth/signer"
|
30
|
+
require "time"
|
31
|
+
require "uri"
|
32
|
+
|
33
|
+
# @see https://msdn.microsoft.com/library/azure/dn140255.aspx for more information on construction
|
34
|
+
module Azure::Storage::Common::Core
|
35
|
+
module Auth
|
36
|
+
class SharedAccessSignature
|
37
|
+
DEFAULTS = {
|
38
|
+
permissions: "r",
|
39
|
+
version: Azure::Storage::Common::Default::STG_VERSION
|
40
|
+
}
|
41
|
+
|
42
|
+
SERVICE_TYPE_MAPPING = {
|
43
|
+
b: Azure::Storage::Common::ServiceType::BLOB,
|
44
|
+
t: Azure::Storage::Common::ServiceType::TABLE,
|
45
|
+
q: Azure::Storage::Common::ServiceType::QUEUE,
|
46
|
+
f: Azure::Storage::Common::ServiceType::FILE
|
47
|
+
}
|
48
|
+
|
49
|
+
ACCOUNT_KEY_MAPPINGS = {
|
50
|
+
version: :sv,
|
51
|
+
service: :ss,
|
52
|
+
resource: :srt,
|
53
|
+
permissions: :sp,
|
54
|
+
start: :st,
|
55
|
+
expiry: :se,
|
56
|
+
protocol: :spr,
|
57
|
+
ip_range: :sip
|
58
|
+
}
|
59
|
+
|
60
|
+
SERVICE_KEY_MAPPINGS = {
|
61
|
+
version: :sv,
|
62
|
+
permissions: :sp,
|
63
|
+
start: :st,
|
64
|
+
expiry: :se,
|
65
|
+
identifier: :si,
|
66
|
+
protocol: :spr,
|
67
|
+
ip_range: :sip
|
68
|
+
}
|
69
|
+
|
70
|
+
USER_DELEGATION_KEY_MAPPINGS = {
|
71
|
+
signed_oid: :skoid,
|
72
|
+
signed_tid: :sktid,
|
73
|
+
signed_start: :skt,
|
74
|
+
signed_expiry: :ske,
|
75
|
+
signed_service: :sks,
|
76
|
+
signed_version: :skv
|
77
|
+
}
|
78
|
+
|
79
|
+
BLOB_KEY_MAPPINGS = {
|
80
|
+
resource: :sr,
|
81
|
+
timestamp: :snapshot,
|
82
|
+
cache_control: :rscc,
|
83
|
+
content_disposition: :rscd,
|
84
|
+
content_encoding: :rsce,
|
85
|
+
content_language: :rscl,
|
86
|
+
content_type: :rsct
|
87
|
+
}
|
88
|
+
|
89
|
+
TABLE_KEY_MAPPINGS = {
|
90
|
+
table_name: :tn,
|
91
|
+
startpk: :spk,
|
92
|
+
endpk: :epk,
|
93
|
+
startrk: :srk,
|
94
|
+
endrk: :erk
|
95
|
+
}
|
96
|
+
|
97
|
+
FILE_KEY_MAPPINGS = {
|
98
|
+
resource: :sr,
|
99
|
+
cache_control: :rscc,
|
100
|
+
content_disposition: :rscd,
|
101
|
+
content_encoding: :rsce,
|
102
|
+
content_language: :rscl,
|
103
|
+
content_type: :rsct
|
104
|
+
}
|
105
|
+
|
106
|
+
SERVICE_OPTIONAL_QUERY_PARAMS = [:sp, :si, :sip, :spr, :rscc, :rscd, :rsce, :rscl, :rsct, :spk, :srk, :epk, :erk]
|
107
|
+
|
108
|
+
ACCOUNT_OPTIONAL_QUERY_PARAMS = [:st, :sip, :spr]
|
109
|
+
|
110
|
+
attr :account_name
|
111
|
+
|
112
|
+
# Public: Initialize the SharedAccessSignature generator
|
113
|
+
#
|
114
|
+
# @param account_name [String] The account name. Defaults to the one in the global configuration.
|
115
|
+
# @param access_key [String] The access_key encoded in Base64. Defaults to the one in the global configuration.
|
116
|
+
# @param user_delegation_key [Azure::Storage::Common::UserDelegationKey] The user delegation key obtained from
|
117
|
+
# calling get_user_delegation_key after authenticating with an Azure Active Directory entity. If present, the
|
118
|
+
# SAS is signed with the user delegation key instead of the access key.
|
119
|
+
def initialize(account_name = "", access_key = "", user_delegation_key = nil)
|
120
|
+
if access_key.empty? && !user_delegation_key.nil?
|
121
|
+
access_key = user_delegation_key.value
|
122
|
+
end
|
123
|
+
if account_name.empty? || access_key.empty?
|
124
|
+
client = Azure::Storage::Common::Client.create_from_env
|
125
|
+
account_name = client.storage_account_name if account_name.empty?
|
126
|
+
access_key = client.storage_access_key if access_key.empty?
|
127
|
+
end
|
128
|
+
@account_name = account_name
|
129
|
+
@user_delegation_key = user_delegation_key
|
130
|
+
@signer = Azure::Core::Auth::Signer.new(access_key)
|
131
|
+
end
|
132
|
+
|
133
|
+
# Service Shared Access Signature Token for the given path and options
|
134
|
+
# @param path [String] Path of the URI or the table name
|
135
|
+
# @param options [Hash]
|
136
|
+
#
|
137
|
+
# ==== Options
|
138
|
+
#
|
139
|
+
# * +:service+ - String. Required. Service type. 'b' (blob) or 'q' (queue) or 't' (table) or 'f' (file).
|
140
|
+
# * +:resource+ - String. Required. Resource type, 'b' (blob) or 'c' (container) or 'f' (file) or 's' (share).
|
141
|
+
# * +:permissions+ - String. Optional. Combination of 'r', 'a', 'c', w','d','l' in this order for a container.
|
142
|
+
# Combination of 'r', 'a', 'c', 'w', 'd' in this order for a blob.
|
143
|
+
# Combination of 'r', 'c', 'w', 'd', 'l' in this order for a share.
|
144
|
+
# Combination of 'r', 'c', 'w', 'd' in this order for a file.
|
145
|
+
# Combination of 'r', 'a', 'u', 'p' in this order for a queue.
|
146
|
+
# Combination of 'r', 'a', 'u', 'd' in this order for a table.
|
147
|
+
# This option must be omitted if it has been specified in an associated stored access policy.
|
148
|
+
# * +:start+ - String. Optional. UTC Date/Time in ISO8601 format.
|
149
|
+
# * +:expiry+ - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
|
150
|
+
# * +:identifier+ - String. Optional. Identifier for stored access policy.
|
151
|
+
# This option must be omitted if a user delegation key has been provided.
|
152
|
+
# * +:protocol+ - String. Optional. Permitted protocols.
|
153
|
+
# * +:ip_range+ - String. Optional. An IP address or a range of IP addresses from which to accept requests.
|
154
|
+
#
|
155
|
+
# Below options for blob serivce only
|
156
|
+
# * +:snapshot+ - String. Optional. UTC Date/Time in ISO8601 format. The blob snapshot to grant permission.
|
157
|
+
# * +:cache_control+ - String. Optional. Response header override.
|
158
|
+
# * +:content_disposition+ - String. Optional. Response header override.
|
159
|
+
# * +:content_encoding+ - String. Optional. Response header override.
|
160
|
+
# * +:content_language+ - String. Optional. Response header override.
|
161
|
+
# * +:content_type+ - String. Optional. Response header override.
|
162
|
+
#
|
163
|
+
# Below options for table service only
|
164
|
+
# * +:startpk+ - String. Optional but must accompany startrk. The start partition key of a specified partition key range.
|
165
|
+
# * +:endpk+ - String. Optional but must accompany endrk. The end partition key of a specified partition key range.
|
166
|
+
# * +:startrk+ - String. Optional. The start row key of a specified row key range.
|
167
|
+
# * +:endrk+ - String. Optional. The end row key of a specified row key range.
|
168
|
+
def generate_service_sas_token(path, options = {})
|
169
|
+
if options.key?(:service)
|
170
|
+
service_type = SERVICE_TYPE_MAPPING[options[:service].to_sym]
|
171
|
+
options.delete(:service)
|
172
|
+
end
|
173
|
+
|
174
|
+
raise Azure::Storage::Common::InvalidOptionsError, "SAS version cannot be set" if options[:version]
|
175
|
+
|
176
|
+
options = DEFAULTS.merge(options)
|
177
|
+
valid_mappings = SERVICE_KEY_MAPPINGS
|
178
|
+
if service_type == Azure::Storage::Common::ServiceType::BLOB
|
179
|
+
if options[:resource]
|
180
|
+
options.merge!(resource: options[:resource])
|
181
|
+
else
|
182
|
+
options.merge!(resource: "b")
|
183
|
+
end
|
184
|
+
valid_mappings.merge!(BLOB_KEY_MAPPINGS)
|
185
|
+
elsif service_type == Azure::Storage::Common::ServiceType::TABLE
|
186
|
+
options.merge!(table_name: path)
|
187
|
+
valid_mappings.merge!(TABLE_KEY_MAPPINGS)
|
188
|
+
elsif service_type == Azure::Storage::Common::ServiceType::FILE
|
189
|
+
if options[:resource]
|
190
|
+
options.merge!(resource: options[:resource])
|
191
|
+
else
|
192
|
+
options.merge!(resource: "f")
|
193
|
+
end
|
194
|
+
valid_mappings.merge!(FILE_KEY_MAPPINGS)
|
195
|
+
end
|
196
|
+
|
197
|
+
service_key_mappings = SERVICE_KEY_MAPPINGS
|
198
|
+
unless @user_delegation_key.nil?
|
199
|
+
valid_mappings.delete(:identifier)
|
200
|
+
USER_DELEGATION_KEY_MAPPINGS.each { |k, _| options[k] = @user_delegation_key.send(k) }
|
201
|
+
valid_mappings.merge!(USER_DELEGATION_KEY_MAPPINGS)
|
202
|
+
service_key_mappings = service_key_mappings.merge(USER_DELEGATION_KEY_MAPPINGS)
|
203
|
+
end
|
204
|
+
|
205
|
+
invalid_options = options.reject { |k, _| valid_mappings.key?(k) }
|
206
|
+
raise Azure::Storage::Common::InvalidOptionsError, "invalid options #{invalid_options} provided for SAS token generate" if invalid_options.length > 0
|
207
|
+
|
208
|
+
canonicalize_time(options)
|
209
|
+
|
210
|
+
query_hash = Hash[options.map { |k, v| [service_key_mappings[k], v] }]
|
211
|
+
.reject { |k, v| SERVICE_OPTIONAL_QUERY_PARAMS.include?(k) && v.to_s == "" }
|
212
|
+
.merge(sig: @signer.sign(signable_string_for_service(service_type, path, options)))
|
213
|
+
|
214
|
+
URI.encode_www_form(query_hash)
|
215
|
+
end
|
216
|
+
|
217
|
+
# Construct the plaintext to the spec required for signatures
|
218
|
+
# @return [String]
|
219
|
+
def signable_string_for_service(service_type, path, options)
|
220
|
+
# Order is significant
|
221
|
+
# The newlines from empty strings here are required
|
222
|
+
signable_fields =
|
223
|
+
[
|
224
|
+
options[:permissions],
|
225
|
+
options[:start],
|
226
|
+
options[:expiry],
|
227
|
+
canonicalized_resource(service_type, path)
|
228
|
+
]
|
229
|
+
|
230
|
+
if @user_delegation_key.nil?
|
231
|
+
signable_fields.push(options[:identifier])
|
232
|
+
else
|
233
|
+
signable_fields.concat [
|
234
|
+
@user_delegation_key.signed_oid,
|
235
|
+
@user_delegation_key.signed_tid,
|
236
|
+
@user_delegation_key.signed_start,
|
237
|
+
@user_delegation_key.signed_expiry,
|
238
|
+
@user_delegation_key.signed_service,
|
239
|
+
@user_delegation_key.signed_version
|
240
|
+
]
|
241
|
+
end
|
242
|
+
|
243
|
+
signable_fields.concat [
|
244
|
+
options[:ip_range],
|
245
|
+
options[:protocol],
|
246
|
+
Azure::Storage::Common::Default::STG_VERSION
|
247
|
+
]
|
248
|
+
|
249
|
+
signable_fields.concat [
|
250
|
+
options[:resource],
|
251
|
+
options[:timestamp]
|
252
|
+
] if service_type == Azure::Storage::Common::ServiceType::BLOB
|
253
|
+
|
254
|
+
signable_fields.concat [
|
255
|
+
options[:cache_control],
|
256
|
+
options[:content_disposition],
|
257
|
+
options[:content_encoding],
|
258
|
+
options[:content_language],
|
259
|
+
options[:content_type]
|
260
|
+
] if service_type == Azure::Storage::Common::ServiceType::BLOB || service_type == Azure::Storage::Common::ServiceType::FILE
|
261
|
+
|
262
|
+
signable_fields.concat [
|
263
|
+
options[:startpk],
|
264
|
+
options[:startrk],
|
265
|
+
options[:endpk],
|
266
|
+
options[:endrk]
|
267
|
+
] if service_type == Azure::Storage::Common::ServiceType::TABLE
|
268
|
+
|
269
|
+
signable_fields.join "\n"
|
270
|
+
end
|
271
|
+
|
272
|
+
# Account Shared Access Signature Token for the given options
|
273
|
+
# @param account_name [String] storage account name
|
274
|
+
# @param options [Hash]
|
275
|
+
#
|
276
|
+
# ==== Options
|
277
|
+
#
|
278
|
+
# * +:service+ - String. Required. Accessible services. Combination of 'b' (blob), 'q' (queue), 't' (table), 'f' (file).
|
279
|
+
# * +:resource+ - String. Required. Accessible resource types. Combination of 's' (service), 'c' (container-level), 'o'(object-level).
|
280
|
+
# * +:permissions+ - String. Required. Permissions. Combination of 'r' (read), 'w' (write), 'd'(delete), 'l'(list), 'a'(add),
|
281
|
+
# 'c'(create), 'u'(update), 'p'(process). Permissions are only valid if they match
|
282
|
+
# the specified signed resource type; otherwise they are ignored.
|
283
|
+
# * +:start+ - String. Optional. UTC Date/Time in ISO8601 format.
|
284
|
+
# * +:expiry+ - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
|
285
|
+
# * +:protocol+ - String. Optional. Permitted protocols.
|
286
|
+
# * +:ip_range+ - String. Optional. An IP address or a range of IP addresses from which to accept requests.
|
287
|
+
# When specifying a range, note that the range is inclusive.
|
288
|
+
def generate_account_sas_token(options = {})
|
289
|
+
raise Azure::Storage::Common::InvalidOptionsError, "SAS version cannot be set" if options[:version]
|
290
|
+
|
291
|
+
options = DEFAULTS.merge(options)
|
292
|
+
valid_mappings = ACCOUNT_KEY_MAPPINGS
|
293
|
+
|
294
|
+
invalid_options = options.reject { |k, _| valid_mappings.key?(k) }
|
295
|
+
raise Azure::Storage::Common::InvalidOptionsError, "invalid options #{invalid_options} provided for SAS token generate" if invalid_options.length > 0
|
296
|
+
|
297
|
+
canonicalize_time(options)
|
298
|
+
|
299
|
+
query_hash = Hash[options.map { |k, v| [ACCOUNT_KEY_MAPPINGS[k], v] }]
|
300
|
+
.reject { |k, v| ACCOUNT_OPTIONAL_QUERY_PARAMS.include?(k) && v.to_s == "" }
|
301
|
+
.merge(sig: @signer.sign(signable_string_for_account(options)))
|
302
|
+
|
303
|
+
URI.encode_www_form(query_hash)
|
304
|
+
end
|
305
|
+
|
306
|
+
# Construct the plaintext to the spec required for signatures
|
307
|
+
# @return [String]
|
308
|
+
def signable_string_for_account(options)
|
309
|
+
# Order is significant
|
310
|
+
# The newlines from empty strings here are required
|
311
|
+
[
|
312
|
+
@account_name,
|
313
|
+
options[:permissions],
|
314
|
+
options[:service],
|
315
|
+
options[:resource],
|
316
|
+
options[:start],
|
317
|
+
options[:expiry],
|
318
|
+
options[:ip_range],
|
319
|
+
options[:protocol],
|
320
|
+
Azure::Storage::Common::Default::STG_VERSION,
|
321
|
+
""
|
322
|
+
].join("\n")
|
323
|
+
end
|
324
|
+
|
325
|
+
# Return the cononicalized resource representation of the blob resource
|
326
|
+
# @return [String]
|
327
|
+
def canonicalized_resource(service_type, path)
|
328
|
+
"/#{service_type}/#{account_name}#{path.start_with?('/') ? '' : '/'}#{path}"
|
329
|
+
end
|
330
|
+
|
331
|
+
def canonicalize_time(options)
|
332
|
+
options[:start] = Time.parse(options[:start]).utc.iso8601 if options[:start]
|
333
|
+
options[:expiry] = Time.parse(options[:expiry]).utc.iso8601 if options[:expiry]
|
334
|
+
options[:expiry] ||= (Time.now + 60 * 30).utc.iso8601
|
335
|
+
end
|
336
|
+
|
337
|
+
# A customised URI reflecting options for the resource signed with Shared Access Signature
|
338
|
+
# @param uri [URI] uri to resource including query options
|
339
|
+
# @param use_account_sas [Boolean] Whether uses account SAS
|
340
|
+
# @param options [Hash]
|
341
|
+
#
|
342
|
+
# ==== Options
|
343
|
+
#
|
344
|
+
# * +:start+ - String. Optional. UTC Date/Time in ISO8601 format.
|
345
|
+
# * +:expiry+ - String. Optional. UTC Date/Time in ISO8601 format. Default now + 30 minutes.
|
346
|
+
# * +:protocol+ - String. Optional. Permitted protocols.
|
347
|
+
# * +:ip_range+ - String. Optional. An IP address or a range of IP addresses from which to accept requests.
|
348
|
+
# When specifying a range, note that the range is inclusive.
|
349
|
+
#
|
350
|
+
# Below options for account SAS only
|
351
|
+
# * +:service+ - String. Required. Accessible services. Combination of 'b' (blob), 'q' (queue), 't' (table), 'f' (file).
|
352
|
+
# * +:resource+ - String. Required. Accessible resource types. Combination of 's' (service), 'c' (container-level), 'o'(object-level).
|
353
|
+
# * +:permissions+ - String. Required. Permissions. Combination of 'r' (read), 'w' (write), 'd'(delete), 'l'(list), 'a'(add),
|
354
|
+
# 'c'(create), 'u'(update), 'p'(process). Permissions are only valid if they match
|
355
|
+
# the specified signed resource type; otherwise they are ignored.
|
356
|
+
#
|
357
|
+
# Below options for service SAS only
|
358
|
+
# * +:service+ - String. Required. Service type. 'b' (blob) or 'q' (queue) or 't' (table) or 'f' (file).
|
359
|
+
# * +:resource+ - String. Required. Resource type, 'b' (blob) or 'c' (container) or 'f' (file) or 's' (share).
|
360
|
+
# * +:identifier+ - String. Optional. Identifier for stored access policy.
|
361
|
+
# * +:permissions+ - String. Optional. Combination of 'r', 'a', 'c', w','d','l' in this order for a container.
|
362
|
+
# Combination of 'r', 'a', 'c', 'w', 'd' in this order for a blob.
|
363
|
+
# Combination of 'r', 'c', 'w', 'd', 'l' in this order for a share.
|
364
|
+
# Combination of 'r', 'c', 'w', 'd' in this order for a file.
|
365
|
+
# Combination of 'r', 'a', 'u', 'p' in this order for a queue.
|
366
|
+
# Combination of 'r', 'a', 'u', 'd' in this order for a table.
|
367
|
+
#
|
368
|
+
# Below options for Blob service only
|
369
|
+
# * +:cache_control+ - String. Optional. Response header override.
|
370
|
+
# * +:content_disposition+ - String. Optional. Response header override.
|
371
|
+
# * +:content_encoding+ - String. Optional. Response header override.
|
372
|
+
# * +:content_language+ - String. Optional. Response header override.
|
373
|
+
# * +:content_type+ - String. Optional. Response header override.
|
374
|
+
#
|
375
|
+
# Below options for Table service only
|
376
|
+
# * +:table_name+ - String. Required. Table name for SAS.
|
377
|
+
# * +:startpk+ - String. Optional but must accompany startrk. The start partition key of a specified partition key range.
|
378
|
+
# * +:endpk+ - String. Optional but must accompany endrk. The end partition key of a specified partition key range.
|
379
|
+
# * +:startrk+ - String. Optional. The start row key of a specified row key range.
|
380
|
+
# * +:endrk+ - String. Optional. The end row key of a specified row key range.
|
381
|
+
def signed_uri(uri, use_account_sas, options)
|
382
|
+
CGI::parse(uri.query || "").inject({}) { |memo, (k, v)| memo[k.to_sym] = v; memo }
|
383
|
+
|
384
|
+
if options[:service] == (nil) && uri.host != (nil)
|
385
|
+
host_splits = uri.host.split(".")
|
386
|
+
options[:service] = host_splits[1].chr if host_splits.length > 1 && host_splits[0] == @account_name
|
387
|
+
end
|
388
|
+
|
389
|
+
sas_params = if use_account_sas
|
390
|
+
generate_account_sas_token(options)
|
391
|
+
else
|
392
|
+
generate_service_sas_token(uri.path, options)
|
393
|
+
end
|
394
|
+
|
395
|
+
URI.parse(uri.to_s + (uri.query.nil? ? "?" : "&") + sas_params)
|
396
|
+
end
|
397
|
+
end
|
398
|
+
end
|
399
|
+
end
|
@@ -0,0 +1,57 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
|
27
|
+
require "azure/core/auth/signer"
|
28
|
+
|
29
|
+
module Azure::Storage::Common::Core
|
30
|
+
module Auth
|
31
|
+
class SharedAccessSignatureSigner < Azure::Core::Auth::Signer
|
32
|
+
attr :account_name, :sas_token
|
33
|
+
attr_accessor :api_ver
|
34
|
+
|
35
|
+
# Public: Initialize the Signer with a SharedAccessSignature
|
36
|
+
#
|
37
|
+
# @param api_ver [String] The api version of the service.
|
38
|
+
# @param account_name [String] The account name. Defaults to the one in the global configuration.
|
39
|
+
# @param sas_token [String] The sas token to be used for signing
|
40
|
+
def initialize(api_ver, account_name = "", sas_token = "")
|
41
|
+
if account_name.empty? || sas_token.empty?
|
42
|
+
client = Azure::Storage::Common::Client.create_from_env
|
43
|
+
account_name = client.storage_account_name if account_name.empty?
|
44
|
+
sas_token = client.storage_sas_token if sas_token.empty?
|
45
|
+
end
|
46
|
+
@api_ver = api_ver
|
47
|
+
@account_name = account_name
|
48
|
+
@sas_token = sas_token
|
49
|
+
end
|
50
|
+
|
51
|
+
def sign_request(req)
|
52
|
+
req.uri = URI.parse(req.uri.to_s + (req.uri.query.nil? ? "?" : "&") + sas_token.sub(/^\?/, "") + "&api-version=" + @api_ver)
|
53
|
+
req
|
54
|
+
end
|
55
|
+
end
|
56
|
+
end
|
57
|
+
end
|
@@ -0,0 +1,60 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
require "cgi"
|
27
|
+
require "azure/core/auth/signer"
|
28
|
+
require "azure/core/auth/shared_key"
|
29
|
+
|
30
|
+
module Azure::Storage::Common::Core
|
31
|
+
module Auth
|
32
|
+
class SharedKey < Azure::Core::Auth::SharedKey
|
33
|
+
# Generate the string to sign.
|
34
|
+
#
|
35
|
+
# @param method [Symbol] HTTP request method.
|
36
|
+
# @param uri [URI] URI of the request we're signing.
|
37
|
+
# @param headers [Hash] HTTP request headers.
|
38
|
+
#
|
39
|
+
# @return [String]
|
40
|
+
def signable_string(method, uri, headers)
|
41
|
+
[
|
42
|
+
method.to_s.upcase,
|
43
|
+
headers.fetch("Content-Encoding", ""),
|
44
|
+
headers.fetch("Content-Language", ""),
|
45
|
+
headers.fetch("Content-Length", "").sub(/^0+/, ""), # from 2015-02-21, if Content-Length == 0, it won't be signed
|
46
|
+
headers.fetch("Content-MD5", ""),
|
47
|
+
headers.fetch("Content-Type", ""),
|
48
|
+
headers.fetch("Date", ""),
|
49
|
+
headers.fetch("If-Modified-Since", ""),
|
50
|
+
headers.fetch("If-Match", ""),
|
51
|
+
headers.fetch("If-None-Match", ""),
|
52
|
+
headers.fetch("If-Unmodified-Since", ""),
|
53
|
+
headers.fetch("Range", ""),
|
54
|
+
canonicalized_headers(headers),
|
55
|
+
canonicalized_resource(uri)
|
56
|
+
].join("\n")
|
57
|
+
end
|
58
|
+
end
|
59
|
+
end
|
60
|
+
end
|
@@ -0,0 +1,43 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
|
27
|
+
module Azure::Storage::Common::Core
|
28
|
+
module Auth
|
29
|
+
class TokenSigner < Azure::Core::Auth::Signer
|
30
|
+
# Public: Initialize the Token Signer
|
31
|
+
def initialize(token_credential)
|
32
|
+
@credential = token_credential
|
33
|
+
# Use mock key to initialize super class
|
34
|
+
super(Base64.strict_encode64("accesstoken"))
|
35
|
+
end
|
36
|
+
|
37
|
+
def sign_request(req)
|
38
|
+
req.headers['Authorization'] = "Bearer #{@credential.token}"
|
39
|
+
req
|
40
|
+
end
|
41
|
+
end
|
42
|
+
end
|
43
|
+
end
|
@@ -0,0 +1,53 @@
|
|
1
|
+
# frozen_string_literal: true
|
2
|
+
|
3
|
+
#-------------------------------------------------------------------------
|
4
|
+
# # Copyright (c) Microsoft and contributors. All rights reserved.
|
5
|
+
#
|
6
|
+
# The MIT License(MIT)
|
7
|
+
|
8
|
+
# Permission is hereby granted, free of charge, to any person obtaining a copy
|
9
|
+
# of this software and associated documentation files(the "Software"), to deal
|
10
|
+
# in the Software without restriction, including without limitation the rights
|
11
|
+
# to use, copy, modify, merge, publish, distribute, sublicense, and / or sell
|
12
|
+
# copies of the Software, and to permit persons to whom the Software is
|
13
|
+
# furnished to do so, subject to the following conditions :
|
14
|
+
|
15
|
+
# The above copyright notice and this permission notice shall be included in
|
16
|
+
# all copies or substantial portions of the Software.
|
17
|
+
|
18
|
+
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
|
19
|
+
# IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
|
20
|
+
# FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.IN NO EVENT SHALL THE
|
21
|
+
# AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
|
22
|
+
# LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
|
23
|
+
# OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
|
24
|
+
# THE SOFTWARE.
|
25
|
+
#--------------------------------------------------------------------------
|
26
|
+
|
27
|
+
module Azure
|
28
|
+
module Storage
|
29
|
+
module Common
|
30
|
+
module Core
|
31
|
+
autoload :HttpClient, "azure/storage/common/core/http_client"
|
32
|
+
autoload :Utility, "azure/storage/common/core/utility"
|
33
|
+
autoload :Logger, "azure/storage/common/core/utility"
|
34
|
+
autoload :Error, "azure/storage/common/core/error"
|
35
|
+
autoload :TokenCredential, "azure/storage/common/core/token_credential.rb"
|
36
|
+
|
37
|
+
module Auth
|
38
|
+
autoload :SharedKey, "azure/storage/common/core/auth/shared_key.rb"
|
39
|
+
autoload :SharedAccessSignature, "azure/storage/common/core/auth/shared_access_signature_generator.rb"
|
40
|
+
autoload :SharedAccessSignatureSigner, "azure/storage/common/core/auth/shared_access_signature_signer.rb"
|
41
|
+
autoload :AnonymousSigner, "azure/storage/common/core/auth/anonymous_signer.rb"
|
42
|
+
autoload :TokenSigner, "azure/storage/common/core/auth/token_signer.rb"
|
43
|
+
end
|
44
|
+
|
45
|
+
module Filter
|
46
|
+
autoload :RetryPolicyFilter, "azure/storage/common/core/filter/retry_filter"
|
47
|
+
autoload :LinearRetryPolicyFilter, "azure/storage/common/core/filter/linear_retry_filter"
|
48
|
+
autoload :ExponentialRetryPolicyFilter, "azure/storage/common/core/filter/exponential_retry_filter"
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
52
|
+
end
|
53
|
+
end
|