From ba526b506367677dfdd602aca0b5b4299f8a7c5c Mon Sep 17 00:00:00 2001
From: Wei Wei <weiwei@microsoft.com>
Date: Thu, 2 Dec 2021 15:32:00 +0800
Subject: [PATCH] [Storage] Fixed get container access policy fail when
 permission in null [#15644] (#16546)

* Update New-AzStorageAccountSASToken.md (#16533)

The PS cmdlet is for New-AzStorageAccountSASToken however the document mentions New-AzStorageSASToken which seems incorrect.
Kindly review and have it updated accordingly

* [Storage] Fixed get contaienr access policy fail when permission in null [#15644]

* [Storage] Supported Sas token permission i

Co-authored-by: Amrinder-Singh29 <72441450+Amrinder-Singh29@users.noreply.github.com>
---
 src/Storage/Storage.Management/ChangeLog.md                 | 6 ++++++
 .../Storage.Management/help/New-AzStorageAccountSASToken.md | 2 +-
 src/Storage/Storage/Common/AccessPolicyHelper.cs            | 4 ++--
 src/Storage/Storage/Common/SasTokenHelper.cs                | 6 ++++++
 4 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md
index 214d4cb71c02..6928a065a8a0 100644
--- a/src/Storage/Storage.Management/ChangeLog.md
+++ b/src/Storage/Storage.Management/ChangeLog.md
@@ -18,6 +18,12 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* Fixed get container access policy fail when permission is null [#15644]
+    -  `Get-AzStorageContainerStoredAccessPolicy` 
+* Supported create blob service Sas token or account Sas token with permission i
+    -  `New-AzStorageBlobSASToken` 
+    -  `New-AzStorageContainerSASToken` 
+    -  `New-AzStorageAccountSASToken`
 * Fixed creating container SAS token failed from an access policy without expire time, and set SAS token expire time [#16266]
     -  `New-AzStorageContainerSASToken` 
 * Removed parameter -Name from Get-AzRmStorageShare ShareResourceIdParameterSet
diff --git a/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md b/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md
index f6e5cb0784d2..f9442e37a9a0 100644
--- a/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md
+++ b/src/Storage/Storage.Management/help/New-AzStorageAccountSASToken.md
@@ -21,7 +21,7 @@ New-AzStorageAccountSASToken -Service <SharedAccessAccountServices>
 ```
 
 ## DESCRIPTION
-The **New-AzStorageSASToken** cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
+The **New-AzStorageAccountSASToken** cmdlet creates an account-level shared access signature (SAS) token for an Azure Storage account.
 You can use the SAS token to delegate permissions for multiple services, or to delegate permissions for services not available with an object-level SAS token.
 
 ## EXAMPLES
diff --git a/src/Storage/Storage/Common/AccessPolicyHelper.cs b/src/Storage/Storage/Common/AccessPolicyHelper.cs
index 187167064f71..8cdb03c98c7d 100644
--- a/src/Storage/Storage/Common/AccessPolicyHelper.cs
+++ b/src/Storage/Storage/Common/AccessPolicyHelper.cs
@@ -205,7 +205,7 @@ internal static PSObject ConstructPolicyOutputPSObject<T>(T identifier)
                 "Policy",
                 (identifier).GetType().GetProperty("Id").GetValue(identifier),
                 "Permissions",
-                (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy).ToString(),
+                (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy) is null ? null: (accessPolicy).GetType().GetProperty("Permissions").GetValue(accessPolicy).ToString(),
                 "StartTime",
                 (accessPolicy).GetType().GetProperty("PolicyStartsOn").GetValue(accessPolicy),
                 "ExpiryTime",
@@ -217,7 +217,7 @@ internal static PSObject ConstructPolicyOutputPSObject<T>(T identifier)
         /// </summary>
         public static string OrderBlobPermission(string rawPermission)
         {
-            string fullBlobPermission = "racwdxlt";
+            string fullBlobPermission = "racwdxlti";
             string OrderedPermission = "";
             int rawLength = rawPermission.Length;
             foreach (char c in fullBlobPermission)
diff --git a/src/Storage/Storage/Common/SasTokenHelper.cs b/src/Storage/Storage/Common/SasTokenHelper.cs
index 822e8c40fee3..1a4c44b1d36e 100644
--- a/src/Storage/Storage/Common/SasTokenHelper.cs
+++ b/src/Storage/Storage/Common/SasTokenHelper.cs
@@ -453,6 +453,9 @@ public static BlobSasBuilder SetBlobPermission(BlobSasBuilder sasBuilder, string
                     case 'x':
                         permission = permission | BlobContainerSasPermissions.DeleteBlobVersion;
                         break;
+                    case 'i':
+                        permission = permission | BlobContainerSasPermissions.SetImmutabilityPolicy;
+                        break;
                     default:
                         // Can't convert to permission supported by XSCL, so use raw permission string
                         sasBuilder.SetPermissions(rawPermission);
@@ -634,6 +637,9 @@ public static AccountSasBuilder SetAccountPermission(AccountSasBuilder sasBuilde
                     case 'x':
                         permission = permission | AccountSasPermissions.DeleteVersion;
                         break;
+                    case 'i':
+                        permission = permission | AccountSasPermissions.SetImmutabilityPolicy;
+                        break;
                     default:
                         // Can't convert to permission supported by XSCL, so use raw permission string
                         sasBuilder.SetPermissions(rawPermission);