[Storage] Fixed get container access policy fail when permission in n…

…ull [#15644] (#16546) * Update New-AzStorageAccountSASToken.md (#16533) The PS cmdlet is for New-AzStorageAccountSASToken however the document mentions New-AzStorageSASToken which seems incorrect. Kindly review and have it updated accordingly * [Storage] Fixed get contaienr access policy fail when permission in null [#15644] * [Storage] Supported Sas token permission i Co-authored-by: Amrinder-Singh29 <[email protected]>
Azure · Dec 2, 2021 · ba526b5 · ba526b5
1 parent 1648152
commit ba526b5
Show file tree

Hide file tree

Showing 4 changed files with 15 additions and 3 deletions.
diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md
@@ -18,6 +18,12 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed get container access policy fail when permission is null [#15644]
+    -  `Get-AzStorageContainerStoredAccessPolicy` 
+* Supported create blob service Sas token or account Sas token with permission i
+    -  `New-AzStorageBlobSASToken` 
+    -  `New-AzStorageContainerSASToken` 
+    -  `New-AzStorageAccountSASToken`
 * Fixed creating container SAS token failed from an access policy without expire time, and set SAS token expire time [#16266]
     -  `New-AzStorageContainerSASToken` 
 * Removed parameter -Name from Get-AzRmStorageShare ShareResourceIdParameterSet

diff --git a/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md b/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md
@@ -21,7 +21,7 @@ New-AzStorageAccountSASToken -Service <SharedAccessAccountServices>
 ```
 
 ## DESCRIPTION
-The **New-AzStorageSASToken** cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
+The **New-AzStorageAccountSASToken** cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
 You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token.
 
 ## EXAMPLES

diff --git a/src/Storage/Storage/Common/AccessPolicyHelper.cs b/src/Storage/Storage/Common/AccessPolicyHelper.cs
@@ -205,7 +205,7 @@ internal static PSObject ConstructPolicyOutputPSObject<T>(T identifier)
                 "Policy",
                 (identifier).GetType().GetProperty("Id").GetValue(identifier),
                 "Permissions",
-                (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy).ToString(),
+                (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy) is null ? null: (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy).ToString(),
                 "StartTime",
                 (accessPolicy).GetType().GetProperty("PolicyStartsOn").GetValue(accessPolicy),
                 "ExpiryTime",
@@ -217,7 +217,7 @@ internal static PSObject ConstructPolicyOutputPSObject<T>(T identifier)
         /// </summary>
         public static string OrderBlobPermission(string rawPermission)
         {
-            string fullBlobPermission = "racwdxlt";
+            string fullBlobPermission = "racwdxlti";
             string OrderedPermission = "";
             int rawLength = rawPermission.Length;
             foreach (char c in fullBlobPermission)

diff --git a/src/Storage/Storage/Common/SasTokenHelper.cs b/src/Storage/Storage/Common/SasTokenHelper.cs
@@ -453,6 +453,9 @@ public static BlobSasBuilder SetBlobPermission(BlobSasBuilder sasBuilder, string
                     case 'x':
                         permission = permission | BlobContainerSasPermissions.DeleteBlobVersion;
                         break;
+                    case 'i':
+                        permission = permission | BlobContainerSasPermissions.SetImmutabilityPolicy;
+                        break;
                     default:
                         // Can't convert to permission supported by XSCL, so use raw permission string
                         sasBuilder.SetPermissions(rawPermission);
@@ -634,6 +637,9 @@ public static AccountSasBuilder SetAccountPermission(AccountSasBuilder sasBuilde
                     case 'x':
                         permission = permission | AccountSasPermissions.DeleteVersion;
                         break;
+                    case 'i':
+                        permission = permission | AccountSasPermissions.SetImmutabilityPolicy;
+                        break;
                     default:
                         // Can't convert to permission supported by XSCL, so use raw permission string
                         sasBuilder.SetPermissions(rawPermission);