From 264219e627498d3a817dbe190a2699fc91b217db Mon Sep 17 00:00:00 2001 From: Wei Wei Date: Wed, 11 Aug 2021 11:59:01 +0800 Subject: [PATCH] [Storage] Fix 2 sas issue --- src/Storage/Storage.Management/ChangeLog.md | 6 ++++++ .../Blob/Cmdlet/NewAzureStorageBlobSasToken.cs | 6 +----- .../Blob/Cmdlet/NewAzureStorageContainerSasToken.cs | 6 +----- .../Common/Cmdlet/NewAzureStorageAccountSasToken.cs | 6 +----- src/Storage/Storage/Common/StorageExtensions.cs | 12 ++++++++++++ src/Storage/Storage/Common/Util.cs | 2 +- 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/src/Storage/Storage.Management/ChangeLog.md b/src/Storage/Storage.Management/ChangeLog.md index 10e2ab5eec04..1ecd7810a8d5 100644 --- a/src/Storage/Storage.Management/ChangeLog.md +++ b/src/Storage/Storage.Management/ChangeLog.md @@ -18,6 +18,12 @@ - Additional information about change #1 --> ## Upcoming Release +* Generate blob sas token with new API version + - `New-AzStorageBlobSASToken` + - `New-AzStorageContainerSASToken` + - `New-AzStorageAccountSASToken` +* Fixed blob copy failure with OAuth credentail when client and server has time difference [#15644] + - `Copy-AzStorageBlob` * Fixed remove datalakegen2 item fail with readonly SAS token - `Remove-AzDataLakeGen2Item` * Revised destination existing check in move datalakegen2 item diff --git a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs index 5258126dfdf7..db1359c4287c 100644 --- a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs +++ b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageBlobSasToken.cs @@ -134,11 +134,7 @@ public string Policy protected override bool UseTrack2Sdk() { - if (SasTokenHelper.IsTrack2Permission(this.Permission)) - { - return true; - } - return base.UseTrack2Sdk(); + return true; } /// diff --git a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs index 5090005b9bd1..56d1a364e341 100644 --- a/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs +++ b/src/Storage/Storage/Blob/Cmdlet/NewAzureStorageContainerSasToken.cs @@ -91,11 +91,7 @@ public string Policy public override int? ConcurrentTaskCount { get; set; } protected override bool UseTrack2Sdk() { - if (SasTokenHelper.IsTrack2Permission(this.Permission)) - { - return true; - } - return base.UseTrack2Sdk(); + return true; } /// diff --git a/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs b/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs index e1a0d9dd4174..cb48ee10c29f 100644 --- a/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs +++ b/src/Storage/Storage/Common/Cmdlet/NewAzureStorageAccountSasToken.cs @@ -58,11 +58,7 @@ public class NewAzureStorageAccountSasTokenCommand : StorageCloudBlobCmdletBase protected override bool UseTrack2Sdk() { - if (SasTokenHelper.IsTrack2Permission(this.Permission)) - { - return true; - } - return base.UseTrack2Sdk(); + return true; } /// diff --git a/src/Storage/Storage/Common/StorageExtensions.cs b/src/Storage/Storage/Common/StorageExtensions.cs index df7fad7cb766..b29081facc36 100644 --- a/src/Storage/Storage/Common/StorageExtensions.cs +++ b/src/Storage/Storage/Common/StorageExtensions.cs @@ -26,6 +26,10 @@ internal static class StorageExtensions { private const int CopySASLifeTimeInMinutes = 7 * 24 * 60; + // The Oauth delegate SAS expire time must be in 7 days. + // As client and server has time difference, to make it more stable, the time will be 1 hour less than 7 days. + private const int CopySASLifeTimeInMinutesOauth = 7 * 24 * 60 - 60; + internal static Uri GenerateUriWithCredentials( this CloudFile file) { @@ -208,6 +212,10 @@ private static string GetBlobSasToken(CloudBlob blob) // SAS life time is at least 10 minutes. TimeSpan sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutes); + if (blob.ServiceClient.Credentials.IsToken) + { + sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutesOauth); + } SharedAccessBlobPolicy policy = new SharedAccessBlobPolicy() { @@ -253,6 +261,10 @@ private static string GetBlobSasToken(BlobBaseClient blob, AzureStorageContext c // SAS life time is at least 10 minutes. TimeSpan sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutes); + if (context.StorageAccount.Credentials.IsToken) + { + sasLifeTime = TimeSpan.FromMinutes(CopySASLifeTimeInMinutesOauth); + } BlobSasBuilder sasBuilder = new BlobSasBuilder { diff --git a/src/Storage/Storage/Common/Util.cs b/src/Storage/Storage/Common/Util.cs index 1b2bf2b85b5a..f8b02266db32 100644 --- a/src/Storage/Storage/Common/Util.cs +++ b/src/Storage/Storage/Common/Util.cs @@ -295,7 +295,7 @@ public static string GetVersionIdFromBlobUri(Uri BlobUri) { if (block.StartsWith(snapshotQueryParameter)) { - return DateTimeOffset.Parse(block.Replace(snapshotQueryParameter, "")).ToUniversalTime(); + return DateTimeOffset.Parse(System.Web.HttpUtility.UrlDecode(block.Replace(snapshotQueryParameter, ""))).ToUniversalTime(); } } return null;