Add credential rolling (Azure#7061)

* Add credential rolling
* Add CommonTestBase and verify child Clients see rolled credentials

sdk/storage/Azure.Storage.Common/src/StorageSharedKeyCredential.cs

@@ -19,10 +19,22 @@ public sealed class StorageSharedKeyCredential
         /// </summary>
         public string AccountName { get; }
 
+#pragma warning disable CA1044 // Properties should not be write only
+        /// <summary>
+        /// Updates the Storage Account's access key.  This is a write-only
+        /// property only intended to be used when you've regenerated your
+        /// Storage Account's access keys and want to update long lived clients.
+        /// </summary>
+        public string AccountKey
+        {
+            set => this.AccountKeyValue = Convert.FromBase64String(value);
+        }
+#pragma warning restore CA1044 // Properties should not be write only
+
         /// <summary>
         /// Gets the value of a Storage Account access key.
         /// </summary>
-        internal byte[] AccountKeyValue { get; }
+        internal byte[] AccountKeyValue { get; private set; }
 
         /// <summary>
         /// Initializes a new instance of the
@@ -35,7 +47,7 @@ public StorageSharedKeyCredential(
             string accountKey)
         {
             this.AccountName = accountName;
-            this.AccountKeyValue = Convert.FromBase64String(accountKey);
+            this.AccountKey = accountKey;
         }
 
         /// <summary>

sdk/storage/Azure.Storage.Common/tests/CommonTestBase.cs

@@ -0,0 +1,44 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See License.txt in the project root for
+// license information.
+
+using System;
+using Azure.Core.Pipeline;
+using Azure.Core.Testing;
+using Azure.Storage.Blobs;
+using Azure.Storage.Test;
+using Azure.Storage.Test.Shared;
+
+namespace Azure.Storage.Common.Test
+{
+    /// <summary>
+    /// Base class for Common tests
+    /// </summary>
+    public class CommonTestBase : StorageTestBase
+    {
+        public CommonTestBase(bool async, RecordedTestMode? mode = null)
+            : base(async, mode /* RecordedTestMode.Record to re-record */)
+        {
+        }
+
+        public string GetNewContainerName() => $"test-container-{this.Recording.Random.NewGuid()}";
+
+        /// <summary>
+        /// Get BlobClientOptions instrumented for recording.
+        /// </summary>
+        protected BlobClientOptions GetBlobOptions() =>
+            this.Recording.InstrumentClientOptions(
+                new BlobClientOptions
+                {
+                    ResponseClassifier = new TestResponseClassifier(),
+                    Diagnostics = { IsLoggingEnabled = true },
+                    Retry =
+                    {
+                        Mode = RetryMode.Exponential,
+                        MaxRetries = Constants.MaxReliabilityRetries,
+                        Delay = TimeSpan.FromSeconds(this.Mode == RecordedTestMode.Playback ? 0.01 : 0.5),
+                        MaxDelay = TimeSpan.FromSeconds(this.Mode == RecordedTestMode.Playback ? 0.1 : 10)
+                    }
+                });
+    }
+}

sdk/storage/Azure.Storage.Common/tests/SessionRecords/StorageSharedKeyCredentialsTests/RollCredentials.json

@@ -0,0 +1,113 @@
+{
+  "Entries": [
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61fac5-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "6a58e366f22d7f446d86e6b8e0058e61",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 200,
+      "ResponseHeaders": {
+        "Content-Length": "0",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": [
+          "Windows-Azure-Blob\u002f1.0",
+          "Microsoft-HTTPAPI\u002f2.0"
+        ],
+        "x-ms-account-kind": "StorageV2",
+        "x-ms-request-id": "fc446bf8-f01e-0035-56e1-47211a000000",
+        "x-ms-sku-name": "Standard_RAGRS",
+        "x-ms-version": "2018-11-09"
+      },
+      "ResponseBody": []
+    },
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61fac6-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "5690644456fa8161179e7ef625bfc7de",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 403,
+      "ResponseHeaders": {
+        "Content-Length": "775",
+        "Content-Type": "application\u002fxml",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": "Microsoft-HTTPAPI\u002f2.0",
+        "x-ms-error-code": "AuthenticationFailed",
+        "x-ms-request-id": "fc446c2f-f01e-0035-02e1-47211a000000"
+      },
+      "ResponseBody": [
+        "\ufeff\u003c?xml version=\u00221.0\u0022 encoding=\u0022utf-8\u0022?\u003e\u003cError\u003e\u003cCode\u003eAuthenticationFailed\u003c\u002fCode\u003e\u003cMessage\u003eServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\n",
+        "RequestId:fc446c2f-f01e-0035-02e1-47211a000000\n",
+        "Time:2019-07-31T20:51:15.9719772Z\u003c\u002fMessage\u003e\u003cAuthenticationErrorDetail\u003eThe MAC signature found in the HTTP request \u0027x078sUhGR\u002byQl10f9tSsDuofKcepnOq2wep6\u002bM1PJ0A=\u0027 is not the same as any computed signature. Server used following string to sign: \u0027GET\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "x-ms-client-request-id:5690644456fa8161179e7ef625bfc7de\n",
+        "x-ms-date:Wed, 31 Jul 2019 20:51:15 GMT\n",
+        "x-ms-return-client-request-id:true\n",
+        "x-ms-version:2018-11-09\n",
+        "\u002fstorageteglazatesting\u002f\n",
+        "comp:properties\n",
+        "restype:account\u0027.\u003c\u002fAuthenticationErrorDetail\u003e\u003c\u002fError\u003e"
+      ]
+    },
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61fac7-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "e05a141baee2a0ac0f28e5101dc5c98a",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:16 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 200,
+      "ResponseHeaders": {
+        "Content-Length": "0",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": [
+          "Windows-Azure-Blob\u002f1.0",
+          "Microsoft-HTTPAPI\u002f2.0"
+        ],
+        "x-ms-account-kind": "StorageV2",
+        "x-ms-request-id": "fc446c45-f01e-0035-15e1-47211a000000",
+        "x-ms-sku-name": "Standard_RAGRS",
+        "x-ms-version": "2018-11-09"
+      },
+      "ResponseBody": []
+    }
+  ],
+  "Variables": {
+    "RandomSeed": "1924837533",
+    "Storage_TestConfigDefault": "ProductionTenant\nstorageteglazatesting\nU2FuaXRpemVk\nhttp:\u002f\u002fstorageteglazatesting.blob.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.file.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.queue.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.table.core.windows.net\n\n\n\n\nhttp:\u002f\u002fstorageteglazatesting-secondary.blob.core.windows.net\n\nhttp:\u002f\u002fstorageteglazatesting-secondary.queue.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting-secondary.table.core.windows.net\n\nSanitized\n\n\nCloud\nBlobEndpoint=http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f;QueueEndpoint=http:\u002f\u002fstorageteglazatesting.queue.core.windows.net\u002f;TableEndpoint=http:\u002f\u002fstorageteglazatesting.table.core.windows.net\u002f;FileEndpoint=http:\u002f\u002fstorageteglazatesting.file.core.windows.net\u002f;BlobSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.blob.core.windows.net\u002f;QueueSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.queue.core.windows.net\u002f;TableSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.table.core.windows.net\u002f;AccountName=storageteglazatesting;AccountKey=Sanitized"
+  }
+}

sdk/storage/Azure.Storage.Common/tests/SessionRecords/StorageSharedKeyCredentialsTests/RollCredentialsAsync.json

@@ -0,0 +1,113 @@
+{
+  "Entries": [
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61fac8-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "6d85380dfe88aeb8fb3811da15097a72",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:16 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 200,
+      "ResponseHeaders": {
+        "Content-Length": "0",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": [
+          "Windows-Azure-Blob\u002f1.0",
+          "Microsoft-HTTPAPI\u002f2.0"
+        ],
+        "x-ms-account-kind": "StorageV2",
+        "x-ms-request-id": "fc446ca0-f01e-0035-6de1-47211a000000",
+        "x-ms-sku-name": "Standard_RAGRS",
+        "x-ms-version": "2018-11-09"
+      },
+      "ResponseBody": []
+    },
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61fac9-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "926faa93950accb1fac2f5f0de24fb48",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:16 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 403,
+      "ResponseHeaders": {
+        "Content-Length": "775",
+        "Content-Type": "application\u002fxml",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": "Microsoft-HTTPAPI\u002f2.0",
+        "x-ms-error-code": "AuthenticationFailed",
+        "x-ms-request-id": "fc446ca8-f01e-0035-75e1-47211a000000"
+      },
+      "ResponseBody": [
+        "\ufeff\u003c?xml version=\u00221.0\u0022 encoding=\u0022utf-8\u0022?\u003e\u003cError\u003e\u003cCode\u003eAuthenticationFailed\u003c\u002fCode\u003e\u003cMessage\u003eServer failed to authenticate the request. Make sure the value of Authorization header is formed correctly including the signature.\n",
+        "RequestId:fc446ca8-f01e-0035-75e1-47211a000000\n",
+        "Time:2019-07-31T20:51:16.1691652Z\u003c\u002fMessage\u003e\u003cAuthenticationErrorDetail\u003eThe MAC signature found in the HTTP request \u0027ccnTXjwA9gTA4smrQ\u002fxMj0KgbFpoKyjuLKYd0lVW\u002bf4=\u0027 is not the same as any computed signature. Server used following string to sign: \u0027GET\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "\n\n",
+        "x-ms-client-request-id:926faa93950accb1fac2f5f0de24fb48\n",
+        "x-ms-date:Wed, 31 Jul 2019 20:51:16 GMT\n",
+        "x-ms-return-client-request-id:true\n",
+        "x-ms-version:2018-11-09\n",
+        "\u002fstorageteglazatesting\u002f\n",
+        "comp:properties\n",
+        "restype:account\u0027.\u003c\u002fAuthenticationErrorDetail\u003e\u003c\u002fError\u003e"
+      ]
+    },
+    {
+      "RequestUri": "http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f?restype=account\u0026comp=properties",
+      "RequestMethod": "GET",
+      "RequestHeaders": {
+        "Authorization": "Sanitized",
+        "Request-Id": "|4e61faca-400c42c596f3aa8d.",
+        "User-Agent": [
+          "azsdk-net-Storage.Blobs\u002f12.0.0-dev.20190731.1\u002b218a8a5d1fe63f021e7a47163ab7533fed54ada0",
+          "(.NET Core 4.6.27414.06; Microsoft Windows 10.0.18362 )"
+        ],
+        "x-ms-client-request-id": "24f4023daf6e460abb0cbbb68d25271b",
+        "x-ms-date": "Wed, 31 Jul 2019 20:51:16 GMT",
+        "x-ms-return-client-request-id": "true",
+        "x-ms-version": "2018-11-09"
+      },
+      "RequestBody": null,
+      "StatusCode": 200,
+      "ResponseHeaders": {
+        "Content-Length": "0",
+        "Date": "Wed, 31 Jul 2019 20:51:15 GMT",
+        "Server": [
+          "Windows-Azure-Blob\u002f1.0",
+          "Microsoft-HTTPAPI\u002f2.0"
+        ],
+        "x-ms-account-kind": "StorageV2",
+        "x-ms-request-id": "fc446caa-f01e-0035-77e1-47211a000000",
+        "x-ms-sku-name": "Standard_RAGRS",
+        "x-ms-version": "2018-11-09"
+      },
+      "ResponseBody": []
+    }
+  ],
+  "Variables": {
+    "RandomSeed": "166752048",
+    "Storage_TestConfigDefault": "ProductionTenant\nstorageteglazatesting\nU2FuaXRpemVk\nhttp:\u002f\u002fstorageteglazatesting.blob.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.file.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.queue.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting.table.core.windows.net\n\n\n\n\nhttp:\u002f\u002fstorageteglazatesting-secondary.blob.core.windows.net\n\nhttp:\u002f\u002fstorageteglazatesting-secondary.queue.core.windows.net\nhttp:\u002f\u002fstorageteglazatesting-secondary.table.core.windows.net\n\nSanitized\n\n\nCloud\nBlobEndpoint=http:\u002f\u002fstorageteglazatesting.blob.core.windows.net\u002f;QueueEndpoint=http:\u002f\u002fstorageteglazatesting.queue.core.windows.net\u002f;TableEndpoint=http:\u002f\u002fstorageteglazatesting.table.core.windows.net\u002f;FileEndpoint=http:\u002f\u002fstorageteglazatesting.file.core.windows.net\u002f;BlobSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.blob.core.windows.net\u002f;QueueSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.queue.core.windows.net\u002f;TableSecondaryEndpoint=http:\u002f\u002fstorageteglazatesting-secondary.table.core.windows.net\u002f;AccountName=storageteglazatesting;AccountKey=Sanitized"
+  }
+}