2015-06-11 22:30:18 +00:00
// Package storage provides clients for Microsoft Azure Storage Services.
2015-02-05 00:37:43 +00:00
package storage
2020-04-01 15:47:41 +00:00
// Copyright (c) Microsoft Corporation. All rights reserved.
// Licensed under the MIT License. See License.txt in the project root for license information.
2018-05-21 19:05:11 +00:00
2015-02-05 00:37:43 +00:00
import (
2018-05-21 19:05:11 +00:00
"bufio"
2015-02-05 00:37:43 +00:00
"encoding/base64"
2016-10-28 22:46:05 +00:00
"encoding/json"
2015-02-05 00:37:43 +00:00
"encoding/xml"
2016-02-08 22:29:21 +00:00
"errors"
2015-02-05 00:37:43 +00:00
"fmt"
"io"
"io/ioutil"
2018-05-21 19:05:11 +00:00
"mime"
"mime/multipart"
2015-02-05 00:37:43 +00:00
"net/http"
"net/url"
2018-05-21 19:05:11 +00:00
"regexp"
2017-04-14 01:05:38 +00:00
"runtime"
2016-02-08 22:29:21 +00:00
"strconv"
2015-02-05 00:37:43 +00:00
"strings"
2018-05-21 19:05:11 +00:00
"time"
2017-04-14 01:05:38 +00:00
2018-05-21 19:05:11 +00:00
"github.com/Azure/azure-sdk-for-go/version"
"github.com/Azure/go-autorest/autorest"
2017-04-14 01:05:38 +00:00
"github.com/Azure/go-autorest/autorest/azure"
2015-02-05 00:37:43 +00:00
)
const (
2017-04-14 01:05:38 +00:00
// DefaultBaseURL is the domain name used for storage requests in the
// public cloud when a default client is created.
2015-06-11 22:30:18 +00:00
DefaultBaseURL = "core.windows.net"
2017-04-14 01:05:38 +00:00
// DefaultAPIVersion is the Azure Storage API version string used when a
2015-06-11 22:30:18 +00:00
// basic client is created.
2020-04-01 15:47:41 +00:00
DefaultAPIVersion = "2018-03-28"
2015-06-11 22:30:18 +00:00
2018-05-21 19:05:11 +00:00
defaultUseHTTPS = true
defaultRetryAttempts = 5
defaultRetryDuration = time . Second * 5
2015-02-05 00:37:43 +00:00
2016-10-28 22:46:05 +00:00
// StorageEmulatorAccountName is the fixed storage account used by Azure Storage Emulator
StorageEmulatorAccountName = "devstoreaccount1"
// StorageEmulatorAccountKey is the the fixed storage account used by Azure Storage Emulator
StorageEmulatorAccountKey = "Eby8vdM02xNOcqFlqUwJPLlmEtlCDXJ1OUzFT50uSRZ6IFsuFq2UVErCz4I6tq/K1SZFPTOtr/KBHBeksoGMGw=="
2015-02-05 00:37:43 +00:00
blobServiceName = "blob"
tableServiceName = "table"
queueServiceName = "queue"
2016-02-08 22:29:21 +00:00
fileServiceName = "file"
2016-10-28 22:46:05 +00:00
storageEmulatorBlob = "127.0.0.1:10000"
storageEmulatorTable = "127.0.0.1:10002"
storageEmulatorQueue = "127.0.0.1:10001"
2017-04-14 01:05:38 +00:00
userAgentHeader = "User-Agent"
2018-05-21 19:05:11 +00:00
userDefinedMetadataHeaderPrefix = "x-ms-meta-"
connectionStringAccountName = "accountname"
connectionStringAccountKey = "accountkey"
connectionStringEndpointSuffix = "endpointsuffix"
connectionStringEndpointProtocol = "defaultendpointsprotocol"
connectionStringBlobEndpoint = "blobendpoint"
connectionStringFileEndpoint = "fileendpoint"
connectionStringQueueEndpoint = "queueendpoint"
connectionStringTableEndpoint = "tableendpoint"
connectionStringSAS = "sharedaccesssignature"
)
var (
validStorageAccount = regexp . MustCompile ( "^[0-9a-z]{3,24}$" )
2020-04-01 15:47:41 +00:00
validCosmosAccount = regexp . MustCompile ( "^[0-9a-z-]{3,44}$" )
2018-05-21 19:05:11 +00:00
defaultValidStatusCodes = [ ] int {
http . StatusRequestTimeout , // 408
http . StatusInternalServerError , // 500
http . StatusBadGateway , // 502
http . StatusServiceUnavailable , // 503
http . StatusGatewayTimeout , // 504
}
2015-02-05 00:37:43 +00:00
)
2018-05-21 19:05:11 +00:00
// Sender sends a request
type Sender interface {
Send ( * Client , * http . Request ) ( * http . Response , error )
}
// DefaultSender is the default sender for the client. It implements
// an automatic retry strategy.
type DefaultSender struct {
RetryAttempts int
RetryDuration time . Duration
ValidStatusCodes [ ] int
attempts int // used for testing
}
// Send is the default retry strategy in the client
func ( ds * DefaultSender ) Send ( c * Client , req * http . Request ) ( resp * http . Response , err error ) {
rr := autorest . NewRetriableRequest ( req )
for attempts := 0 ; attempts < ds . RetryAttempts ; attempts ++ {
err = rr . Prepare ( )
if err != nil {
return resp , err
}
resp , err = c . HTTPClient . Do ( rr . Request ( ) )
2020-04-01 15:47:41 +00:00
if err == nil && ! autorest . ResponseHasStatusCode ( resp , ds . ValidStatusCodes ... ) {
2018-05-21 19:05:11 +00:00
return resp , err
}
drainRespBody ( resp )
autorest . DelayForBackoff ( ds . RetryDuration , attempts , req . Cancel )
ds . attempts = attempts
}
ds . attempts ++
return resp , err
}
2015-06-11 22:30:18 +00:00
// Client is the object that needs to be constructed to perform
// operations on the storage account.
type Client struct {
2016-10-28 22:46:05 +00:00
// HTTPClient is the http.Client used to initiate API
2018-05-21 19:05:11 +00:00
// requests. http.DefaultClient is used when creating a
// client.
2016-10-28 22:46:05 +00:00
HTTPClient * http . Client
2018-05-21 19:05:11 +00:00
// Sender is an interface that sends the request. Clients are
// created with a DefaultSender. The DefaultSender has an
// automatic retry strategy built in. The Sender can be customized.
Sender Sender
2020-04-01 15:47:41 +00:00
accountName string
accountKey [ ] byte
useHTTPS bool
UseSharedKeyLite bool
baseURL string
apiVersion string
userAgent string
sasClient bool
accountSASToken url . Values
additionalHeaders map [ string ] string
2015-02-05 00:37:43 +00:00
}
2016-10-28 22:46:05 +00:00
type odataResponse struct {
2018-05-21 19:05:11 +00:00
resp * http . Response
odata odataErrorWrapper
2016-10-28 22:46:05 +00:00
}
2015-06-11 22:30:18 +00:00
// AzureStorageServiceError contains fields of the error response from
2015-02-05 00:37:43 +00:00
// Azure Storage Service REST API. See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
// Some fields might be specific to certain calls.
2015-06-11 22:30:18 +00:00
type AzureStorageServiceError struct {
2015-02-05 00:37:43 +00:00
Code string ` xml:"Code" `
Message string ` xml:"Message" `
AuthenticationErrorDetail string ` xml:"AuthenticationErrorDetail" `
QueryParameterName string ` xml:"QueryParameterName" `
QueryParameterValue string ` xml:"QueryParameterValue" `
Reason string ` xml:"Reason" `
2018-05-21 19:05:11 +00:00
Lang string
2015-02-05 00:37:43 +00:00
StatusCode int
2015-06-11 22:30:18 +00:00
RequestID string
2018-05-21 19:05:11 +00:00
Date string
APIVersion string
2015-06-11 22:30:18 +00:00
}
2020-04-01 15:47:41 +00:00
// AzureTablesServiceError contains fields of the error response from
// Azure Table Storage Service REST API in Atom format.
// See https://msdn.microsoft.com/en-us/library/azure/dd179382.aspx
type AzureTablesServiceError struct {
Code string ` xml:"code" `
Message string ` xml:"message" `
StatusCode int
RequestID string
Date string
APIVersion string
}
func ( e AzureTablesServiceError ) Error ( ) string {
return fmt . Sprintf ( "storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s" ,
e . StatusCode , e . Code , e . Message , e . Date , e . RequestID , e . APIVersion )
}
2018-05-21 19:05:11 +00:00
type odataErrorMessage struct {
2016-10-28 22:46:05 +00:00
Lang string ` json:"lang" `
Value string ` json:"value" `
}
2018-05-21 19:05:11 +00:00
type odataError struct {
Code string ` json:"code" `
Message odataErrorMessage ` json:"message" `
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
type odataErrorWrapper struct {
Err odataError ` json:"odata.error" `
2016-10-28 22:46:05 +00:00
}
2015-06-11 22:30:18 +00:00
// UnexpectedStatusCodeError is returned when a storage service responds with neither an error
// nor with an HTTP status code indicating success.
type UnexpectedStatusCodeError struct {
allowed [ ] int
got int
2018-05-21 19:05:11 +00:00
inner error
2015-06-11 22:30:18 +00:00
}
func ( e UnexpectedStatusCodeError ) Error ( ) string {
s := func ( i int ) string { return fmt . Sprintf ( "%d %s" , i , http . StatusText ( i ) ) }
got := s ( e . got )
expected := [ ] string { }
for _ , v := range e . allowed {
expected = append ( expected , s ( v ) )
}
2018-05-21 19:05:11 +00:00
return fmt . Sprintf ( "storage: status code from service response is %s; was expecting %s. Inner error: %+v" , got , strings . Join ( expected , " or " ) , e . inner )
2015-02-05 00:37:43 +00:00
}
2016-02-08 22:29:21 +00:00
// Got is the actual status code returned by Azure.
func ( e UnexpectedStatusCodeError ) Got ( ) int {
return e . got
}
2018-05-21 19:05:11 +00:00
// Inner returns any inner error info.
func ( e UnexpectedStatusCodeError ) Inner ( ) error {
return e . inner
}
// NewClientFromConnectionString creates a Client from the connection string.
func NewClientFromConnectionString ( input string ) ( Client , error ) {
// build a map of connection string key/value pairs
parts := map [ string ] string { }
for _ , pair := range strings . Split ( input , ";" ) {
if pair == "" {
continue
}
equalDex := strings . IndexByte ( pair , '=' )
if equalDex <= 0 {
return Client { } , fmt . Errorf ( "Invalid connection segment %q" , pair )
}
value := strings . TrimSpace ( pair [ equalDex + 1 : ] )
key := strings . TrimSpace ( strings . ToLower ( pair [ : equalDex ] ) )
parts [ key ] = value
}
// TODO: validate parameter sets?
if parts [ connectionStringAccountName ] == StorageEmulatorAccountName {
return NewEmulatorClient ( )
}
if parts [ connectionStringSAS ] != "" {
endpoint := ""
if parts [ connectionStringBlobEndpoint ] != "" {
endpoint = parts [ connectionStringBlobEndpoint ]
} else if parts [ connectionStringFileEndpoint ] != "" {
endpoint = parts [ connectionStringFileEndpoint ]
} else if parts [ connectionStringQueueEndpoint ] != "" {
endpoint = parts [ connectionStringQueueEndpoint ]
} else {
endpoint = parts [ connectionStringTableEndpoint ]
}
return NewAccountSASClientFromEndpointToken ( endpoint , parts [ connectionStringSAS ] )
}
useHTTPS := defaultUseHTTPS
if parts [ connectionStringEndpointProtocol ] != "" {
useHTTPS = parts [ connectionStringEndpointProtocol ] == "https"
}
return NewClient ( parts [ connectionStringAccountName ] , parts [ connectionStringAccountKey ] ,
parts [ connectionStringEndpointSuffix ] , DefaultAPIVersion , useHTTPS )
}
2015-06-11 22:30:18 +00:00
// NewBasicClient constructs a Client with given storage service name and
// key.
func NewBasicClient ( accountName , accountKey string ) ( Client , error ) {
2016-10-28 22:46:05 +00:00
if accountName == StorageEmulatorAccountName {
return NewEmulatorClient ( )
}
2015-06-11 22:30:18 +00:00
return NewClient ( accountName , accountKey , DefaultBaseURL , DefaultAPIVersion , defaultUseHTTPS )
2017-04-14 01:05:38 +00:00
}
2016-12-13 05:12:39 +00:00
2017-04-14 01:05:38 +00:00
// NewBasicClientOnSovereignCloud constructs a Client with given storage service name and
// key in the referenced cloud.
func NewBasicClientOnSovereignCloud ( accountName , accountKey string , env azure . Environment ) ( Client , error ) {
if accountName == StorageEmulatorAccountName {
return NewEmulatorClient ( )
}
return NewClient ( accountName , accountKey , env . StorageEndpointSuffix , DefaultAPIVersion , defaultUseHTTPS )
2015-02-05 00:37:43 +00:00
}
2016-10-28 22:46:05 +00:00
//NewEmulatorClient contructs a Client intended to only work with Azure
//Storage Emulator
func NewEmulatorClient ( ) ( Client , error ) {
return NewClient ( StorageEmulatorAccountName , StorageEmulatorAccountKey , DefaultBaseURL , DefaultAPIVersion , false )
}
2015-06-11 22:30:18 +00:00
// NewClient constructs a Client. This should be used if the caller wants
// to specify whether to use HTTPS, a specific REST API version or a custom
// storage endpoint than Azure Public Cloud.
2018-05-21 19:05:11 +00:00
func NewClient ( accountName , accountKey , serviceBaseURL , apiVersion string , useHTTPS bool ) ( Client , error ) {
2015-06-11 22:30:18 +00:00
var c Client
2018-05-21 19:05:11 +00:00
if ! IsValidStorageAccount ( accountName ) {
return c , fmt . Errorf ( "azure: account name is not valid: it must be between 3 and 24 characters, and only may contain numbers and lowercase letters: %v" , accountName )
2015-02-05 00:37:43 +00:00
} else if accountKey == "" {
2015-03-24 04:57:24 +00:00
return c , fmt . Errorf ( "azure: account key required" )
2018-05-21 19:05:11 +00:00
} else if serviceBaseURL == "" {
2015-03-24 04:57:24 +00:00
return c , fmt . Errorf ( "azure: base storage service url required" )
2015-02-05 00:37:43 +00:00
}
key , err := base64 . StdEncoding . DecodeString ( accountKey )
if err != nil {
2016-10-28 22:46:05 +00:00
return c , fmt . Errorf ( "azure: malformed storage account key: %v" , err )
2015-02-05 00:37:43 +00:00
}
2020-04-01 15:47:41 +00:00
return newClient ( accountName , key , serviceBaseURL , apiVersion , useHTTPS )
}
// NewCosmosClient constructs a Client for Azure CosmosDB. This should be used if the caller wants
// to specify whether to use HTTPS, a specific REST API version or a custom
// cosmos endpoint than Azure Public Cloud.
func NewCosmosClient ( accountName , accountKey , serviceBaseURL , apiVersion string , useHTTPS bool ) ( Client , error ) {
var c Client
if ! IsValidCosmosAccount ( accountName ) {
return c , fmt . Errorf ( "azure: account name is not valid: The name can contain only lowercase letters, numbers and the '-' character, and must be between 3 and 44 characters: %v" , accountName )
} else if accountKey == "" {
return c , fmt . Errorf ( "azure: account key required" )
} else if serviceBaseURL == "" {
return c , fmt . Errorf ( "azure: base storage service url required" )
}
key , err := base64 . StdEncoding . DecodeString ( accountKey )
if err != nil {
return c , fmt . Errorf ( "azure: malformed cosmos account key: %v" , err )
}
return newClient ( accountName , key , serviceBaseURL , apiVersion , useHTTPS )
}
// newClient constructs a Client with given parameters.
func newClient ( accountName string , accountKey [ ] byte , serviceBaseURL , apiVersion string , useHTTPS bool ) ( Client , error ) {
c := Client {
2018-05-21 19:05:11 +00:00
HTTPClient : http . DefaultClient ,
2017-04-14 01:05:38 +00:00
accountName : accountName ,
2020-04-01 15:47:41 +00:00
accountKey : accountKey ,
2017-04-14 01:05:38 +00:00
useHTTPS : useHTTPS ,
2018-05-21 19:05:11 +00:00
baseURL : serviceBaseURL ,
2017-04-14 01:05:38 +00:00
apiVersion : apiVersion ,
2018-05-21 19:05:11 +00:00
sasClient : false ,
2017-04-14 01:05:38 +00:00
UseSharedKeyLite : false ,
2018-05-21 19:05:11 +00:00
Sender : & DefaultSender {
RetryAttempts : defaultRetryAttempts ,
ValidStatusCodes : defaultValidStatusCodes ,
RetryDuration : defaultRetryDuration ,
} ,
2017-04-14 01:05:38 +00:00
}
c . userAgent = c . getDefaultUserAgent ( )
return c , nil
}
2018-05-21 19:05:11 +00:00
// IsValidStorageAccount checks if the storage account name is valid.
// See https://docs.microsoft.com/en-us/azure/storage/storage-create-storage-account
func IsValidStorageAccount ( account string ) bool {
return validStorageAccount . MatchString ( account )
}
2020-04-01 15:47:41 +00:00
// IsValidCosmosAccount checks if the Cosmos account name is valid.
// See https://docs.microsoft.com/en-us/azure/cosmos-db/how-to-manage-database-account
func IsValidCosmosAccount ( account string ) bool {
return validCosmosAccount . MatchString ( account )
}
2018-05-21 19:05:11 +00:00
// NewAccountSASClient contructs a client that uses accountSAS authorization
// for its operations.
func NewAccountSASClient ( account string , token url . Values , env azure . Environment ) Client {
2020-04-01 15:47:41 +00:00
return newSASClient ( account , env . StorageEndpointSuffix , token )
2018-05-21 19:05:11 +00:00
}
// NewAccountSASClientFromEndpointToken constructs a client that uses accountSAS authorization
// for its operations using the specified endpoint and SAS token.
func NewAccountSASClientFromEndpointToken ( endpoint string , sasToken string ) ( Client , error ) {
u , err := url . Parse ( endpoint )
if err != nil {
return Client { } , err
}
2020-04-01 15:47:41 +00:00
_ , err = url . ParseQuery ( sasToken )
2018-05-21 19:05:11 +00:00
if err != nil {
return Client { } , err
}
2020-04-01 15:47:41 +00:00
u . RawQuery = sasToken
return newSASClientFromURL ( u )
}
func newSASClient ( accountName , baseURL string , sasToken url . Values ) Client {
c := Client {
HTTPClient : http . DefaultClient ,
apiVersion : DefaultAPIVersion ,
sasClient : true ,
Sender : & DefaultSender {
RetryAttempts : defaultRetryAttempts ,
ValidStatusCodes : defaultValidStatusCodes ,
RetryDuration : defaultRetryDuration ,
} ,
accountName : accountName ,
baseURL : baseURL ,
accountSASToken : sasToken ,
useHTTPS : defaultUseHTTPS ,
}
c . userAgent = c . getDefaultUserAgent ( )
// Get API version and protocol from token
c . apiVersion = sasToken . Get ( "sv" )
if spr := sasToken . Get ( "spr" ) ; spr != "" {
c . useHTTPS = spr == "https"
}
return c
}
2018-05-21 19:05:11 +00:00
2020-04-01 15:47:41 +00:00
func newSASClientFromURL ( u * url . URL ) ( Client , error ) {
2018-05-21 19:05:11 +00:00
// the host name will look something like this
// - foo.blob.core.windows.net
// "foo" is the account name
// "core.windows.net" is the baseURL
// find the first dot to get account name
i1 := strings . IndexByte ( u . Host , '.' )
if i1 < 0 {
return Client { } , fmt . Errorf ( "failed to find '.' in %s" , u . Host )
}
// now find the second dot to get the base URL
i2 := strings . IndexByte ( u . Host [ i1 + 1 : ] , '.' )
if i2 < 0 {
return Client { } , fmt . Errorf ( "failed to find '.' in %s" , u . Host [ i1 + 1 : ] )
}
2020-04-01 15:47:41 +00:00
sasToken := u . Query ( )
c := newSASClient ( u . Host [ : i1 ] , u . Host [ i1 + i2 + 2 : ] , sasToken )
if spr := sasToken . Get ( "spr" ) ; spr == "" {
// infer from URL if not in the query params set
c . useHTTPS = u . Scheme == "https"
2018-05-21 19:05:11 +00:00
}
2020-04-01 15:47:41 +00:00
return c , nil
2018-05-21 19:05:11 +00:00
}
func ( c Client ) isServiceSASClient ( ) bool {
return c . sasClient && c . accountSASToken == nil
}
func ( c Client ) isAccountSASClient ( ) bool {
return c . sasClient && c . accountSASToken != nil
}
2017-04-14 01:05:38 +00:00
func ( c Client ) getDefaultUserAgent ( ) string {
2018-05-21 19:05:11 +00:00
return fmt . Sprintf ( "Go/%s (%s-%s) azure-storage-go/%s api-version/%s" ,
2017-04-14 01:05:38 +00:00
runtime . Version ( ) ,
runtime . GOARCH ,
runtime . GOOS ,
2018-05-21 19:05:11 +00:00
version . Number ,
2017-04-14 01:05:38 +00:00
c . apiVersion ,
)
}
// AddToUserAgent adds an extension to the current user agent
func ( c * Client ) AddToUserAgent ( extension string ) error {
if extension != "" {
c . userAgent = fmt . Sprintf ( "%s %s" , c . userAgent , extension )
return nil
}
return fmt . Errorf ( "Extension was empty, User Agent stayed as %s" , c . userAgent )
}
2020-04-01 15:47:41 +00:00
// AddAdditionalHeaders adds additional standard headers
func ( c * Client ) AddAdditionalHeaders ( headers map [ string ] string ) {
if headers != nil {
c . additionalHeaders = map [ string ] string { }
for k , v := range headers {
c . additionalHeaders [ k ] = v
}
}
}
2017-04-14 01:05:38 +00:00
// protectUserAgent is used in funcs that include extraheaders as a parameter.
// It prevents the User-Agent header to be overwritten, instead if it happens to
// be present, it gets added to the current User-Agent. Use it before getStandardHeaders
func ( c * Client ) protectUserAgent ( extraheaders map [ string ] string ) map [ string ] string {
if v , ok := extraheaders [ userAgentHeader ] ; ok {
c . AddToUserAgent ( v )
delete ( extraheaders , userAgentHeader )
}
return extraheaders
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
func ( c Client ) getBaseURL ( service string ) * url . URL {
2015-02-05 00:37:43 +00:00
scheme := "http"
2015-06-11 22:30:18 +00:00
if c . useHTTPS {
2015-02-05 00:37:43 +00:00
scheme = "https"
}
2016-10-28 22:46:05 +00:00
host := ""
if c . accountName == StorageEmulatorAccountName {
switch service {
case blobServiceName :
host = storageEmulatorBlob
case tableServiceName :
host = storageEmulatorTable
case queueServiceName :
host = storageEmulatorQueue
}
} else {
host = fmt . Sprintf ( "%s.%s.%s" , c . accountName , service , c . baseURL )
}
2015-02-05 00:37:43 +00:00
2018-05-21 19:05:11 +00:00
return & url . URL {
2015-02-05 00:37:43 +00:00
Scheme : scheme ,
2018-05-21 19:05:11 +00:00
Host : host ,
}
2015-02-05 00:37:43 +00:00
}
2015-06-11 22:30:18 +00:00
func ( c Client ) getEndpoint ( service , path string , params url . Values ) string {
2018-05-21 19:05:11 +00:00
u := c . getBaseURL ( service )
2015-02-05 00:37:43 +00:00
2016-10-28 22:46:05 +00:00
// API doesn't accept path segments not starting with '/'
if ! strings . HasPrefix ( path , "/" ) {
path = fmt . Sprintf ( "/%v" , path )
}
if c . accountName == StorageEmulatorAccountName {
path = fmt . Sprintf ( "/%v%v" , StorageEmulatorAccountName , path )
2015-02-05 00:37:43 +00:00
}
u . Path = path
u . RawQuery = params . Encode ( )
return u . String ( )
}
2018-05-21 19:05:11 +00:00
// AccountSASTokenOptions includes options for constructing
// an account SAS token.
// https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
type AccountSASTokenOptions struct {
APIVersion string
Services Services
ResourceTypes ResourceTypes
Permissions Permissions
Start time . Time
Expiry time . Time
IP string
UseHTTPS bool
}
// Services specify services accessible with an account SAS.
type Services struct {
Blob bool
Queue bool
Table bool
File bool
}
// ResourceTypes specify the resources accesible with an
// account SAS.
type ResourceTypes struct {
Service bool
Container bool
Object bool
}
// Permissions specifies permissions for an accountSAS.
type Permissions struct {
Read bool
Write bool
Delete bool
List bool
Add bool
Create bool
Update bool
Process bool
}
// GetAccountSASToken creates an account SAS token
// See https://docs.microsoft.com/en-us/rest/api/storageservices/constructing-an-account-sas
func ( c Client ) GetAccountSASToken ( options AccountSASTokenOptions ) ( url . Values , error ) {
if options . APIVersion == "" {
options . APIVersion = c . apiVersion
}
if options . APIVersion < "2015-04-05" {
return url . Values { } , fmt . Errorf ( "account SAS does not support API versions prior to 2015-04-05. API version : %s" , options . APIVersion )
}
// build services string
services := ""
if options . Services . Blob {
services += "b"
}
if options . Services . Queue {
services += "q"
}
if options . Services . Table {
services += "t"
}
if options . Services . File {
services += "f"
}
// build resources string
resources := ""
if options . ResourceTypes . Service {
resources += "s"
}
if options . ResourceTypes . Container {
resources += "c"
}
if options . ResourceTypes . Object {
resources += "o"
}
// build permissions string
permissions := ""
if options . Permissions . Read {
permissions += "r"
}
if options . Permissions . Write {
permissions += "w"
}
if options . Permissions . Delete {
permissions += "d"
}
if options . Permissions . List {
permissions += "l"
}
if options . Permissions . Add {
permissions += "a"
}
if options . Permissions . Create {
permissions += "c"
}
if options . Permissions . Update {
permissions += "u"
}
if options . Permissions . Process {
permissions += "p"
}
// build start time, if exists
start := ""
if options . Start != ( time . Time { } ) {
start = options . Start . UTC ( ) . Format ( time . RFC3339 )
}
// build expiry time
expiry := options . Expiry . UTC ( ) . Format ( time . RFC3339 )
protocol := "https,http"
if options . UseHTTPS {
protocol = "https"
}
stringToSign := strings . Join ( [ ] string {
c . accountName ,
permissions ,
services ,
resources ,
start ,
expiry ,
options . IP ,
protocol ,
options . APIVersion ,
"" ,
} , "\n" )
signature := c . computeHmac256 ( stringToSign )
sasParams := url . Values {
"sv" : { options . APIVersion } ,
"ss" : { services } ,
"srt" : { resources } ,
"sp" : { permissions } ,
"se" : { expiry } ,
"spr" : { protocol } ,
"sig" : { signature } ,
}
if start != "" {
sasParams . Add ( "st" , start )
}
if options . IP != "" {
sasParams . Add ( "sip" , options . IP )
}
return sasParams , nil
}
2015-06-11 22:30:18 +00:00
// GetBlobService returns a BlobStorageClient which can operate on the blob
// service of the storage account.
func ( c Client ) GetBlobService ( ) BlobStorageClient {
2017-04-14 01:05:38 +00:00
b := BlobStorageClient {
client : c ,
}
b . client . AddToUserAgent ( blobServiceName )
b . auth = sharedKey
if c . UseSharedKeyLite {
b . auth = sharedKeyLite
}
return b
2015-06-11 22:30:18 +00:00
}
// GetQueueService returns a QueueServiceClient which can operate on the queue
// service of the storage account.
func ( c Client ) GetQueueService ( ) QueueServiceClient {
2017-04-14 01:05:38 +00:00
q := QueueServiceClient {
client : c ,
}
q . client . AddToUserAgent ( queueServiceName )
q . auth = sharedKey
if c . UseSharedKeyLite {
q . auth = sharedKeyLite
}
return q
2015-02-05 00:37:43 +00:00
}
2016-10-28 22:46:05 +00:00
// GetTableService returns a TableServiceClient which can operate on the table
// service of the storage account.
func ( c Client ) GetTableService ( ) TableServiceClient {
2017-04-14 01:05:38 +00:00
t := TableServiceClient {
client : c ,
}
t . client . AddToUserAgent ( tableServiceName )
t . auth = sharedKeyForTable
if c . UseSharedKeyLite {
t . auth = sharedKeyLiteForTable
}
return t
2016-10-28 22:46:05 +00:00
}
2016-02-08 22:29:21 +00:00
// GetFileService returns a FileServiceClient which can operate on the file
// service of the storage account.
func ( c Client ) GetFileService ( ) FileServiceClient {
2017-04-14 01:05:38 +00:00
f := FileServiceClient {
client : c ,
2015-02-05 00:37:43 +00:00
}
2017-04-14 01:05:38 +00:00
f . client . AddToUserAgent ( fileServiceName )
f . auth = sharedKey
if c . UseSharedKeyLite {
f . auth = sharedKeyLite
}
return f
2015-02-05 00:37:43 +00:00
}
2015-06-11 22:30:18 +00:00
func ( c Client ) getStandardHeaders ( ) map [ string ] string {
2020-04-01 15:47:41 +00:00
headers := map [ string ] string { }
for k , v := range c . additionalHeaders {
headers [ k ] = v
2015-02-05 00:37:43 +00:00
}
2020-04-01 15:47:41 +00:00
headers [ userAgentHeader ] = c . userAgent
headers [ "x-ms-version" ] = c . apiVersion
headers [ "x-ms-date" ] = currentTimeRfc1123Formatted ( )
return headers
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
func ( c Client ) exec ( verb , url string , headers map [ string ] string , body io . Reader , auth authentication ) ( * http . Response , error ) {
2017-04-14 01:05:38 +00:00
headers , err := c . addAuthorizationHeader ( verb , url , headers , auth )
2015-02-05 00:37:43 +00:00
if err != nil {
return nil , err
}
req , err := http . NewRequest ( verb , url , body )
2016-02-08 22:29:21 +00:00
if err != nil {
return nil , errors . New ( "azure/storage: error creating request: " + err . Error ( ) )
}
2018-05-21 19:05:11 +00:00
// http.NewRequest() will automatically set req.ContentLength for a handful of types
// otherwise we will handle here.
if req . ContentLength < 1 {
if clstr , ok := headers [ "Content-Length" ] ; ok {
if cl , err := strconv . ParseInt ( clstr , 10 , 64 ) ; err == nil {
req . ContentLength = cl
}
2016-02-08 22:29:21 +00:00
}
}
2018-05-21 19:05:11 +00:00
2015-02-05 00:37:43 +00:00
for k , v := range headers {
2018-05-21 19:05:11 +00:00
req . Header [ k ] = append ( req . Header [ k ] , v ) // Must bypass case munging present in `Add` by using map functions directly. See https://github.com/Azure/azure-sdk-for-go/issues/645
2015-02-05 00:37:43 +00:00
}
2016-10-28 22:46:05 +00:00
2018-05-21 19:05:11 +00:00
if c . isAccountSASClient ( ) {
// append the SAS token to the query params
v := req . URL . Query ( )
v = mergeParams ( v , c . accountSASToken )
req . URL . RawQuery = v . Encode ( )
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
resp , err := c . Sender . Send ( & c , req )
2015-02-05 00:37:43 +00:00
if err != nil {
return nil , err
}
2018-05-21 19:05:11 +00:00
if resp . StatusCode >= 400 && resp . StatusCode <= 505 {
return resp , getErrorFromResponse ( resp )
}
return resp , nil
}
func ( c Client ) execInternalJSONCommon ( verb , url string , headers map [ string ] string , body io . Reader , auth authentication ) ( * odataResponse , * http . Request , * http . Response , error ) {
headers , err := c . addAuthorizationHeader ( verb , url , headers , auth )
if err != nil {
return nil , nil , nil , err
}
req , err := http . NewRequest ( verb , url , body )
for k , v := range headers {
req . Header . Add ( k , v )
}
resp , err := c . Sender . Send ( & c , req )
if err != nil {
return nil , nil , nil , err
}
respToRet := & odataResponse { resp : resp }
2015-02-05 00:37:43 +00:00
statusCode := resp . StatusCode
2016-03-21 19:08:47 +00:00
if statusCode >= 400 && statusCode <= 505 {
2015-02-05 00:37:43 +00:00
var respBody [ ] byte
2017-04-14 01:05:38 +00:00
respBody , err = readAndCloseBody ( resp . Body )
2015-02-05 00:37:43 +00:00
if err != nil {
2018-05-21 19:05:11 +00:00
return nil , nil , nil , err
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
requestID , date , version := getDebugHeaders ( resp . Header )
2015-02-05 00:37:43 +00:00
if len ( respBody ) == 0 {
2016-12-13 05:12:39 +00:00
// no error in response body, might happen in HEAD requests
2018-05-21 19:05:11 +00:00
err = serviceErrFromStatusCode ( resp . StatusCode , resp . Status , requestID , date , version )
return respToRet , req , resp , err
2015-02-05 00:37:43 +00:00
}
2020-04-01 15:47:41 +00:00
// response contains storage service error object, unmarshal
if resp . Header . Get ( "Content-Type" ) == "application/xml" {
storageErr := AzureTablesServiceError {
StatusCode : resp . StatusCode ,
RequestID : requestID ,
Date : date ,
APIVersion : version ,
}
if err := xml . Unmarshal ( respBody , & storageErr ) ; err != nil {
storageErr . Message = fmt . Sprintf ( "Response body could no be unmarshaled: %v. Body: %v." , err , string ( respBody ) )
}
err = storageErr
} else {
err = json . Unmarshal ( respBody , & respToRet . odata )
}
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
return respToRet , req , resp , err
2015-02-05 00:37:43 +00:00
}
2017-04-14 01:05:38 +00:00
func ( c Client ) execInternalJSON ( verb , url string , headers map [ string ] string , body io . Reader , auth authentication ) ( * odataResponse , error ) {
2018-05-21 19:05:11 +00:00
respToRet , _ , _ , err := c . execInternalJSONCommon ( verb , url , headers , body , auth )
return respToRet , err
}
func ( c Client ) execBatchOperationJSON ( verb , url string , headers map [ string ] string , body io . Reader , auth authentication ) ( * odataResponse , error ) {
// execute common query, get back generated request, response etc... for more processing.
respToRet , req , resp , err := c . execInternalJSONCommon ( verb , url , headers , body , auth )
2017-04-14 01:05:38 +00:00
if err != nil {
return nil , err
}
2018-05-21 19:05:11 +00:00
// return the OData in the case of executing batch commands.
// In this case we need to read the outer batch boundary and contents.
// Then we read the changeset information within the batch
var respBody [ ] byte
respBody , err = readAndCloseBody ( resp . Body )
if err != nil {
return nil , err
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
// outer multipart body
_ , batchHeader , err := mime . ParseMediaType ( resp . Header [ "Content-Type" ] [ 0 ] )
if err != nil {
return nil , err
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
// batch details.
batchBoundary := batchHeader [ "boundary" ]
batchPartBuf , changesetBoundary , err := genBatchReader ( batchBoundary , respBody )
2016-10-28 22:46:05 +00:00
if err != nil {
return nil , err
}
2018-05-21 19:05:11 +00:00
// changeset details.
err = genChangesetReader ( req , respToRet , batchPartBuf , changesetBoundary )
if err != nil {
return nil , err
}
2016-10-28 22:46:05 +00:00
2018-05-21 19:05:11 +00:00
return respToRet , nil
}
func genChangesetReader ( req * http . Request , respToRet * odataResponse , batchPartBuf io . Reader , changesetBoundary string ) error {
changesetMultiReader := multipart . NewReader ( batchPartBuf , changesetBoundary )
changesetPart , err := changesetMultiReader . NextPart ( )
if err != nil {
return err
}
changesetPartBufioReader := bufio . NewReader ( changesetPart )
changesetResp , err := http . ReadResponse ( changesetPartBufioReader , req )
if err != nil {
return err
}
if changesetResp . StatusCode != http . StatusNoContent {
changesetBody , err := readAndCloseBody ( changesetResp . Body )
err = json . Unmarshal ( changesetBody , & respToRet . odata )
2016-10-28 22:46:05 +00:00
if err != nil {
2018-05-21 19:05:11 +00:00
return err
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
respToRet . resp = changesetResp
}
2016-10-28 22:46:05 +00:00
2018-05-21 19:05:11 +00:00
return nil
}
func genBatchReader ( batchBoundary string , respBody [ ] byte ) ( io . Reader , string , error ) {
respBodyString := string ( respBody )
respBodyReader := strings . NewReader ( respBodyString )
// reading batchresponse
batchMultiReader := multipart . NewReader ( respBodyReader , batchBoundary )
batchPart , err := batchMultiReader . NextPart ( )
if err != nil {
return nil , "" , err
2016-10-28 22:46:05 +00:00
}
2018-05-21 19:05:11 +00:00
batchPartBufioReader := bufio . NewReader ( batchPart )
2016-10-28 22:46:05 +00:00
2018-05-21 19:05:11 +00:00
_ , changesetHeader , err := mime . ParseMediaType ( batchPart . Header . Get ( "Content-Type" ) )
if err != nil {
return nil , "" , err
}
changesetBoundary := changesetHeader [ "boundary" ]
return batchPartBufioReader , changesetBoundary , nil
2016-10-28 22:46:05 +00:00
}
2017-04-14 01:05:38 +00:00
func readAndCloseBody ( body io . ReadCloser ) ( [ ] byte , error ) {
defer body . Close ( )
out , err := ioutil . ReadAll ( body )
2015-02-05 00:37:43 +00:00
if err == io . EOF {
err = nil
}
return out , err
}
2018-05-21 19:05:11 +00:00
// reads the response body then closes it
func drainRespBody ( resp * http . Response ) {
2020-04-01 15:47:41 +00:00
if resp != nil {
io . Copy ( ioutil . Discard , resp . Body )
resp . Body . Close ( )
}
2018-05-21 19:05:11 +00:00
}
func serviceErrFromXML ( body [ ] byte , storageErr * AzureStorageServiceError ) error {
if err := xml . Unmarshal ( body , storageErr ) ; err != nil {
storageErr . Message = fmt . Sprintf ( "Response body could no be unmarshaled: %v. Body: %v." , err , string ( body ) )
return err
}
return nil
}
func serviceErrFromJSON ( body [ ] byte , storageErr * AzureStorageServiceError ) error {
odataError := odataErrorWrapper { }
if err := json . Unmarshal ( body , & odataError ) ; err != nil {
storageErr . Message = fmt . Sprintf ( "Response body could no be unmarshaled: %v. Body: %v." , err , string ( body ) )
return err
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
storageErr . Code = odataError . Err . Code
storageErr . Message = odataError . Err . Message . Value
storageErr . Lang = odataError . Err . Message . Lang
return nil
2015-02-05 00:37:43 +00:00
}
2018-05-21 19:05:11 +00:00
func serviceErrFromStatusCode ( code int , status string , requestID , date , version string ) AzureStorageServiceError {
2016-12-13 05:12:39 +00:00
return AzureStorageServiceError {
StatusCode : code ,
Code : status ,
RequestID : requestID ,
2018-05-21 19:05:11 +00:00
Date : date ,
APIVersion : version ,
2016-12-13 05:12:39 +00:00
Message : "no response body was available for error status code" ,
}
}
2015-06-11 22:30:18 +00:00
func ( e AzureStorageServiceError ) Error ( ) string {
2018-05-21 19:05:11 +00:00
return fmt . Sprintf ( "storage: service returned error: StatusCode=%d, ErrorCode=%s, ErrorMessage=%s, RequestInitiated=%s, RequestId=%s, API Version=%s, QueryParameterName=%s, QueryParameterValue=%s" ,
e . StatusCode , e . Code , e . Message , e . Date , e . RequestID , e . APIVersion , e . QueryParameterName , e . QueryParameterValue )
2015-06-11 22:30:18 +00:00
}
// checkRespCode returns UnexpectedStatusError if the given response code is not
// one of the allowed status codes; otherwise nil.
2018-05-21 19:05:11 +00:00
func checkRespCode ( resp * http . Response , allowed [ ] int ) error {
2015-06-11 22:30:18 +00:00
for _ , v := range allowed {
2018-05-21 19:05:11 +00:00
if resp . StatusCode == v {
2015-06-11 22:30:18 +00:00
return nil
}
}
2018-05-21 19:05:11 +00:00
err := getErrorFromResponse ( resp )
return UnexpectedStatusCodeError {
allowed : allowed ,
got : resp . StatusCode ,
inner : err ,
}
}
func ( c Client ) addMetadataToHeaders ( h map [ string ] string , metadata map [ string ] string ) map [ string ] string {
metadata = c . protectUserAgent ( metadata )
for k , v := range metadata {
h [ userDefinedMetadataHeaderPrefix + k ] = v
}
return h
}
func getDebugHeaders ( h http . Header ) ( requestID , date , version string ) {
requestID = h . Get ( "x-ms-request-id" )
version = h . Get ( "x-ms-version" )
date = h . Get ( "Date" )
return
}
func getErrorFromResponse ( resp * http . Response ) error {
respBody , err := readAndCloseBody ( resp . Body )
if err != nil {
return err
}
requestID , date , version := getDebugHeaders ( resp . Header )
if len ( respBody ) == 0 {
// no error in response body, might happen in HEAD requests
err = serviceErrFromStatusCode ( resp . StatusCode , resp . Status , requestID , date , version )
} else {
storageErr := AzureStorageServiceError {
StatusCode : resp . StatusCode ,
RequestID : requestID ,
Date : date ,
APIVersion : version ,
}
// response contains storage service error object, unmarshal
if resp . Header . Get ( "Content-Type" ) == "application/xml" {
errIn := serviceErrFromXML ( respBody , & storageErr )
if err != nil { // error unmarshaling the error response
err = errIn
}
} else {
errIn := serviceErrFromJSON ( respBody , & storageErr )
if err != nil { // error unmarshaling the error response
err = errIn
}
}
err = storageErr
}
return err
2015-02-05 00:37:43 +00:00
}