Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support user delegated sas urls #1481

Merged
merged 3 commits into from
Dec 1, 2023

Conversation

demoray
Copy link
Contributor

@demoray demoray commented Dec 1, 2023

This PR adds support for user-delegated-key SAS URLs.

This includes changing the azure storage API version to 2022-11-02, which aligns with the Python SDK's current usage for their supported implementation of user-delegated-keys.

Probably of most use is how this new API is used, which is included in the example sdk/storage_blobs/examples/user_delegation_keys.rs.

This PR is broken up into 3 commits:

  1. The implementation of the signing
  2. The updates required to successfully run the mock transaction recording with the changes from unifying hmac support
  3. Updating the recordings.

An issue that this PR highlights is that the mock transaction recording isn't order stable, which results in larger changes than we would otherwise expect.

@demoray demoray linked an issue Dec 1, 2023 that may be closed by this pull request
@demoray
Copy link
Contributor Author

demoray commented Dec 1, 2023

Of note, this implementation does not include support for the optional fields at this time. That will be handled in a follow-up PR, as we have a number of other optional signing fields that are not supported already, and this could use some refactoring to support them appropriately.

@demoray demoray linked an issue Dec 1, 2023 that may be closed by this pull request
@@ -190,7 +191,7 @@ impl AccountSharedAccessSignature {
self.version,
);

hmac_sha256(&string_to_sign, &self.key).unwrap()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good to see a Result used.

@demoray demoray merged commit 3bf1e2e into Azure:main Dec 1, 2023
19 checks passed
@demoray demoray deleted the support-user-delegated-sas-urls branch December 1, 2023 16:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Azure storage: support user delegation SAS Unable to sign blobs (SAS) when using TokenCredential
2 participants