TableSasBuilder pattern changes (Azure#11790)

* initial draft of SasBuilder pattern changes

* minor tweaks

* fix TableInternalClient

* pr  comments

* merge upstream

sdk/tables/Azure.Data.Tables/api/Azure.Data.Tables.netstandard2.0.cs

@@ -9,6 +9,8 @@ protected TableClient() { }
         public virtual System.Threading.Tasks.Task<Azure.Response> DeleteAsync(string partitionKey, string rowKey, string eTag = "*", System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual Azure.Response<System.Collections.ObjectModel.ReadOnlyCollection<Azure.Data.Tables.Models.SignedIdentifier>> GetAccessPolicy(int? timeout = default(int?), string requestId = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual System.Threading.Tasks.Task<Azure.Response<System.Collections.ObjectModel.ReadOnlyCollection<Azure.Data.Tables.Models.SignedIdentifier>>> GetAccessPolicyAsync(int? timeout = default(int?), string requestId = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
+        public virtual Azure.Data.Tables.Sas.TableSasBuilder GetSasBuilder(Azure.Data.Tables.Sas.TableSasPermissions permissions, System.DateTimeOffset expiresOn) { throw null; }
+        public virtual Azure.Data.Tables.Sas.TableSasBuilder GetSasBuilder(string rawPermissions, System.DateTimeOffset expiresOn) { throw null; }
         public virtual Azure.Response<System.Collections.ObjectModel.ReadOnlyDictionary<string, object>> Insert(System.Collections.Generic.IDictionary<string, object> entity, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual System.Threading.Tasks.Task<Azure.Response<System.Collections.ObjectModel.ReadOnlyDictionary<string, object>>> InsertAsync(System.Collections.Generic.IDictionary<string, object> entity, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
         public virtual Azure.Response Merge(System.Collections.Generic.IDictionary<string, object> entity, string eTag = null, System.Threading.CancellationToken cancellationToken = default(System.Threading.CancellationToken)) { throw null; }
@@ -215,7 +217,8 @@ public enum SasProtocol
     }
     public partial class TableSasBuilder
     {
-        public TableSasBuilder(string tableName) { }
+        public TableSasBuilder(string tableName, Azure.Data.Tables.Sas.TableSasPermissions permissions, System.DateTimeOffset expiresOn) { }
+        public TableSasBuilder(string tableName, string rawPermissions, System.DateTimeOffset expiresOn) { }
         public System.DateTimeOffset ExpiresOn { get { throw null; } set { } }
         public string Identifier { get { throw null; } set { } }
         public Azure.Data.Tables.Sas.SasIPRange IPRange { get { throw null; } set { } }
@@ -227,13 +230,13 @@ public TableSasBuilder(string tableName) { }
         public string RowKeyStart { get { throw null; } set { } }
         public System.DateTimeOffset StartsOn { get { throw null; } set { } }
         public string TableName { get { throw null; } }
-        public string Version { get { throw null; } set { } }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public override bool Equals(object obj) { throw null; }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public override int GetHashCode() { throw null; }
         public void SetPermissions(Azure.Data.Tables.Sas.TableSasPermissions permissions) { }
         public void SetPermissions(string rawPermissions) { }
+        public string Sign(Azure.Data.Tables.TableSharedKeyCredential sharedKeyCredential) { throw null; }
         public Azure.Data.Tables.Sas.TableSasQueryParameters ToSasQueryParameters(Azure.Data.Tables.TableSharedKeyCredential sharedKeyCredential) { throw null; }
         [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
         public override string ToString() { throw null; }

sdk/tables/Azure.Data.Tables/src/Sas/TableSasBuilder.cs

@@ -14,19 +14,35 @@ namespace Azure.Data.Tables.Sas
     /// </summary>
     public class TableSasBuilder
     {
-
-        public TableSasBuilder(string tableName)
+        /// <summary>
+        /// Initializes an instance of a <see cref="TableSasBuilder"/>.
+        /// </summary>
+        /// <param name="tableName">The name of the table being made accessible with the shared access signature.</param>
+        /// <param name="permissions">The permissions associated with the shared access signature.</param>
+        /// <param name="expiresOn">The time at which the shared access signature becomes invalid.</param>
+        public TableSasBuilder(string tableName, TableSasPermissions permissions, DateTimeOffset expiresOn)
         {
             Argument.AssertNotNullOrEmpty(tableName, nameof(tableName));
 
             TableName = tableName;
+            ExpiresOn = expiresOn;
+            SetPermissions(permissions);
         }
+
         /// <summary>
-        /// The storage service version to use to authenticate requests made
-        /// with this shared access signature, and the service version to use
-        /// when handling requests made with this shared access signature.
+        /// Initializes an instance of a <see cref="TableSasBuilder"/>.
         /// </summary>
-        public string Version { get; set; }
+        /// <param name="tableName">The name of the table being made accessible with the shared access signature.</param>
+        /// <param name="rawPermissions">The permissions associated with the shared access signature. This string should contain one or more of the following permission characters in this order: "racwdl".</param>
+        /// <param name="expiresOn">The time at which the shared access signature becomes invalid.</param>
+        public TableSasBuilder(string tableName, string rawPermissions, DateTimeOffset expiresOn)
+        {
+            Argument.AssertNotNullOrEmpty(tableName, nameof(tableName));
+
+            TableName = tableName;
+            ExpiresOn = expiresOn;
+            Permissions = rawPermissions;
+        }
 
         /// <summary>
         /// The optional signed protocol field specifies the protocol
@@ -104,7 +120,12 @@ public TableSasBuilder(string tableName)
         /// </summary>
         public string RowKeyEnd { get; set; }
 
-
+        /// <summary>
+        /// The storage service version to use to authenticate requests made
+        /// with this shared access signature, and the service version to use
+        /// when handling requests made with this shared access signature.
+        /// </summary>
+        internal string Version { get; set; }
 
         /// <summary>
         /// Sets the permissions for a table SAS.
@@ -135,8 +156,7 @@ public void SetPermissions(string rawPermissions)
         /// The storage account's <see cref="TableSharedKeyCredential"/>.
         /// </param>
         /// <returns>
-        /// The <see cref="TableSasQueryParameters"/> used for authenticating
-        /// requests.
+        /// An instance of <see cref="TableSasQueryParameters"/>.
         /// </returns>
         public TableSasQueryParameters ToSasQueryParameters(TableSharedKeyCredential sharedKeyCredential)
         {
@@ -180,6 +200,20 @@ public TableSasQueryParameters ToSasQueryParameters(TableSharedKeyCredential sha
             return p;
         }
 
+        /// <summary>
+        /// Use an account's <see cref="TableSharedKeyCredential"/> to sign this
+        /// shared access signature values to produce the proper SAS query
+        /// parameters for authenticating requests.
+        /// </summary>
+        /// <param name="sharedKeyCredential">
+        /// The storage account's <see cref="TableSharedKeyCredential"/>.
+        /// </param>
+        /// <returns>
+        /// A URL encoded query string representing the SAS.
+        /// </returns>
+        public string Sign(TableSharedKeyCredential sharedKeyCredential) =>
+            ToSasQueryParameters(sharedKeyCredential).ToString();
+
         /// <summary>
         /// Computes the canonical name for a table resource for SAS signing.
         /// </summary>

sdk/tables/Azure.Data.Tables/src/TableClient.cs

@@ -7,8 +7,8 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Azure.Core;
-using Azure.Core.Pipeline;
 using Azure.Data.Tables.Models;
+using Azure.Data.Tables.Sas;
 
 namespace Azure.Data.Tables
 {
@@ -36,6 +36,28 @@ internal TableClient(string table, TableInternalClient tableOperations)
         protected TableClient()
         { }
 
+        /// <summary>
+        /// Gets a <see cref="TableSasBuilder"/> instance scoped to the current table.
+        /// </summary>
+        /// <param name="permissions"><see cref="TableSasPermissions"/> containing the allowed permissions.</param>
+        /// <param name="expiresOn">The time at which the shared access signature becomes invalid.</param>
+        /// <returns>An instance of <see cref="TableSasBuilder"/>.</returns>
+        public virtual TableSasBuilder GetSasBuilder(TableSasPermissions permissions, DateTimeOffset expiresOn)
+        {
+            return new TableSasBuilder(_table, permissions, expiresOn) { Version = _tableOperations.version };
+        }
+
+        /// <summary>
+        /// Gets a <see cref="TableSasBuilder"/> instance scoped to the current table.
+        /// </summary>
+        /// <param name="rawPermissions">The permissions associated with the shared access signature. This string should contain one or more of the following permission characters in this order: "racwdl".</param>
+        /// <param name="expiresOn">The time at which the shared access signature becomes invalid.</param>
+        /// <returns>An instance of <see cref="TableSasBuilder"/>.</returns>
+        public virtual TableSasBuilder GetSasBuilder(string rawPermissions, DateTimeOffset expiresOn)
+        {
+            return new TableSasBuilder(_table, rawPermissions, expiresOn) { Version = _tableOperations.version };
+        }
+
         /// <summary>
         /// Creates the table in the storage account.
         /// </summary>

sdk/tables/Azure.Data.Tables/src/TableInternalClient.cs

@@ -7,13 +7,24 @@
 using System.Threading.Tasks;
 using Azure.Core;
 using Azure.Data.Tables.Models;
+using Azure.Core.Pipeline;
 
 namespace Azure.Data.Tables
 {
     // https://github.com/Azure/autorest.csharp/issues/451 .
     [CodeGenClient("TableClient")]
     internal partial class TableInternalClient
     {
+        internal string version { get; }
+
+        internal TableInternalClient(ClientDiagnostics clientDiagnostics, HttpPipeline pipeline, string url, string version = "2019-02-02")
+        {
+            RestClient = new TableInternalRestClient(clientDiagnostics, pipeline, url, version);
+            _clientDiagnostics = clientDiagnostics;
+            _pipeline = pipeline;
+            this.version = version;
+        }
+
         /// <summary> Insert entity in a table. </summary>
         /// <param name="table"> The name of the table. </param>
         /// <param name="timeout"> The The timeout parameter is expressed in seconds. For more information, see &lt;a href=&quot;https://docs.microsoft.com/en-us/rest/api/storageservices/setting-timeouts-for-queue-service-operations&gt;Setting Timeouts for Queue Service Operations.&lt;/a&gt;. </param>

sdk/tables/Azure.Data.Tables/tests/TableClientLiveTests.cs

@@ -29,21 +29,19 @@ public TableClientLiveTests(bool isAsync) : base(isAsync /* To record tests, add
         [Test]
         public void ValidateSasCredentials()
         {
-            // Build a shared access signature with only Read permissions.
-
-            TableSasBuilder sas = new TableSasBuilder(tableName)
-            {
-                ExpiresOn = new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc)
-            };
-            sas.SetPermissions(TableSasPermissions.Read);
-
             // Create a SharedKeyCredential that we can use to sign the SAS token
+
             var credential = new TableSharedKeyCredential(TestEnvironment.AccountName, TestEnvironment.PrimaryStorageAccountKey);
 
+            // Build a shared access signature with only Read permissions.
+
+            TableSasBuilder sas = client.GetSasBuilder(TableSasPermissions.Read, new DateTime(2040, 1, 1, 1, 1, 0, DateTimeKind.Utc));
+            string token = sas.Sign(credential);
+
             // Build a SAS URI
             UriBuilder sasUri = new UriBuilder(TestEnvironment.StorageUri)
             {
-                Query = sas.ToSasQueryParameters(credential).ToString()
+                Query = token
             };
 
             // Create the TableServiceClient using the SAS URI.