From e5336f9c645f9a323c958e4155714b7030c908c3 Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 16:05:27 -0500 Subject: [PATCH 01/12] finish upload for put block --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../storage/blob/SasAsyncClientTests.java | 32 +++++++++++++++++++ .../azure/storage/blob/SasClientTests.java | 28 ++++++++++++++++ 3 files changed, 61 insertions(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index d98b4bc847a7..06a80624826d 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_4ab10936db" + "Tag": "java/storage/azure-storage-blob_c21aadb9a6" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 5bbb4c809db4..0840b8c4aba9 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -583,6 +583,37 @@ public void containerSasFilterBlobsFail() { StepVerifier.create(client.setTags(tags)).verifyError(BlobStorageException.class); } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void createPermissionUpload() { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(cc.getBlobContainerName()); + + String oauthBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); + + String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); + + BlockBlobAsyncClient blockClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(oauthBlobName) + .sasToken(sasWithPermissions)).buildBlockBlobAsyncClient(); + + return blockClient.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).then(); + }); + + StepVerifier.create(response).verifyComplete(); + + } + // RBAC replication lag @Test public void blobUserDelegationSaoid() { @@ -1484,4 +1515,5 @@ public void blobSasUserDelegationDelegatedTenantIdFail() { e -> assertExceptionStatusCodeAndMessage(e, 403, BlobErrorCode.AUTHENTICATION_FAILED)); }); } + } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 843fa2c8a125..813e7a51582d 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -17,6 +17,7 @@ import com.azure.storage.blob.sas.BlobSasPermission; import com.azure.storage.blob.sas.BlobServiceSasSignatureValues; import com.azure.storage.blob.specialized.AppendBlobClient; +import com.azure.storage.blob.specialized.BlockBlobAsyncClient; import com.azure.storage.blob.specialized.BlockBlobClient; import com.azure.storage.blob.specialized.SpecializedBlobClientBuilder; import com.azure.storage.common.implementation.AccountSasImplUtil; @@ -1296,6 +1297,33 @@ public void blobSasImplUtilCanonicalizedResource(String containerName, String bl assertEquals(expectedResource, queryParams.getResource()); } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void createPermissionUpload() { + BlobServiceClient oauthService = getOAuthServiceClient(); + String oauthContainerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(oauthContainerName); + + String oauthBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); + + String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient blockClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(oauthBlobName) + .sasToken(sasWithPermissions)).buildBlockBlobClient(); + + assertDoesNotThrow(() -> blockClient.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize())); + } + private static Stream blobSasImplUtilCanonicalizedResourceSupplier() { return Stream.of( Arguments.of("c", "b", "id", OffsetDateTime.now(), "bs", From 4dbb460c482f082872b7eafdfaa477fc4cb57c9e Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 19:13:00 -0500 Subject: [PATCH 02/12] add test for transfer with create permission --- .../azure/storage/blob/SasClientTests.java | 42 +++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 813e7a51582d..4d2e9ff57f60 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -42,10 +42,13 @@ import org.junit.jupiter.params.provider.ValueSource; import java.io.ByteArrayOutputStream; +import java.nio.charset.StandardCharsets; import java.time.OffsetDateTime; import java.time.ZoneOffset; import java.util.ArrayList; +import java.util.Base64; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.stream.Stream; @@ -1324,6 +1327,45 @@ public void createPermissionUpload() { assertDoesNotThrow(() -> blockClient.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize())); } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void transferBlobWithCreatePermission() { + BlobServiceClient oauthService = getOAuthServiceClient(); + String containerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); + + String sourceBlobName = generateBlobName(); + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + // Upload source blob via OAuth client + BlockBlobClient sourceBlob = oauthContainer.getBlobClient(sourceBlobName).getBlockBlobClient(); + sourceBlob.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); + + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobClient(); + + // Read permission for source blob + BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); + BlobServiceSasSignatureValues readValues + = new BlobServiceSasSignatureValues(expiryTime, readPermission).setPreauthorizedAgentObjectId(saoid); + String readSas = oauthContainer.generateUserDelegationSas(readValues, key); + String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; + + assertDoesNotThrow(() -> destinationClient.copyFromUrl(sourceUrl)); + } + private static Stream blobSasImplUtilCanonicalizedResourceSupplier() { return Stream.of( Arguments.of("c", "b", "id", OffsetDateTime.now(), "bs", From 3a35b2ccb5b5d2f4f234aa8a20663e80da420e5d Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 19:20:14 -0500 Subject: [PATCH 03/12] add recording for transferBlobWithCreatePermission --- sdk/storage/azure-storage-blob/assets.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index 06a80624826d..252d9c11bfed 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_c21aadb9a6" + "Tag": "java/storage/azure-storage-blob_8e17f88016" } From 5da66de7fee5801bf4380270861182a9280cf68c Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 19:32:00 -0500 Subject: [PATCH 04/12] create commitBlockLIst sync with recording --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../azure/storage/blob/SasClientTests.java | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index 252d9c11bfed..48db88893158 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_8e17f88016" + "Tag": "java/storage/azure-storage-blob_afa540467e" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 4d2e9ff57f60..40248e3c8072 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -1366,6 +1366,38 @@ public void transferBlobWithCreatePermission() { assertDoesNotThrow(() -> destinationClient.copyFromUrl(sourceUrl)); } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void commitBlockListWithCreatePermission() { + BlobServiceClient oauthService = getOAuthServiceClient(); + String containerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); + String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); + List blockIds = new ArrayList(); + blockIds.add(blockId); + + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobClient(); + + destinationClient.stageBlock(blockId, DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); + + assertDoesNotThrow(() -> destinationClient.commitBlockList(blockIds, false)); + } + private static Stream blobSasImplUtilCanonicalizedResourceSupplier() { return Stream.of( Arguments.of("c", "b", "id", OffsetDateTime.now(), "bs", From 77f64897ada1e9dbacbd871eda572db75d5823d7 Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 20:15:02 -0500 Subject: [PATCH 05/12] create transfer async with recording --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../storage/blob/SasAsyncClientTests.java | 49 +++++++++++++++++++ 2 files changed, 50 insertions(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index 48db88893158..ee4b2246947c 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_afa540467e" + "Tag": "java/storage/azure-storage-blob_8942d332d5" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 0840b8c4aba9..758f669696ee 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -22,6 +22,7 @@ import com.azure.storage.blob.sas.BlobServiceSasSignatureValues; import com.azure.storage.blob.specialized.AppendBlobAsyncClient; import com.azure.storage.blob.specialized.BlockBlobAsyncClient; +import com.azure.storage.blob.specialized.BlockBlobClient; import com.azure.storage.blob.specialized.SpecializedBlobClientBuilder; import com.azure.storage.common.implementation.AccountSasImplUtil; import com.azure.storage.common.implementation.Constants; @@ -50,10 +51,13 @@ import reactor.util.function.Tuples; import java.nio.ByteBuffer; +import java.nio.charset.StandardCharsets; import java.time.OffsetDateTime; import java.time.ZoneOffset; import java.util.ArrayList; +import java.util.Base64; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.stream.Stream; @@ -614,6 +618,51 @@ public void createPermissionUpload() { } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void transferBlobWithCreatePermission() { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + String containerName = ccAsync.getBlobContainerName(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); + + String sourceBlobName = generateBlobName(); + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + // Upload source blob via OAuth client + BlockBlobAsyncClient sourceBlob = oauthContainer.getBlobAsyncClient(sourceBlobName).getBlockBlobAsyncClient(); + sourceBlob.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).block(); + + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobAsyncClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); + + // Read permission for source blob + BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); + BlobServiceSasSignatureValues readValues + = new BlobServiceSasSignatureValues(expiryTime, readPermission).setPreauthorizedAgentObjectId(saoid); + String readSas = oauthContainer.generateUserDelegationSas(readValues, key); + String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; + + return destinationClient.copyFromUrl(sourceUrl).then(); + }); + + StepVerifier.create(response).verifyComplete(); + } + + // RBAC replication lag @Test public void blobUserDelegationSaoid() { From 7a7491c94e4b9fd360e49f00ae3fa4c1552d40b5 Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 4 Mar 2026 20:54:21 -0500 Subject: [PATCH 06/12] finish commitblocklist with permission and recording --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../storage/blob/SasAsyncClientTests.java | 40 ++++++++++++++++++- 2 files changed, 40 insertions(+), 2 deletions(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index ee4b2246947c..b43d2d75931c 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_8942d332d5" + "Tag": "java/storage/azure-storage-blob_8b827141a3" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 758f669696ee..dc648e59e676 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -22,7 +22,6 @@ import com.azure.storage.blob.sas.BlobServiceSasSignatureValues; import com.azure.storage.blob.specialized.AppendBlobAsyncClient; import com.azure.storage.blob.specialized.BlockBlobAsyncClient; -import com.azure.storage.blob.specialized.BlockBlobClient; import com.azure.storage.blob.specialized.SpecializedBlobClientBuilder; import com.azure.storage.common.implementation.AccountSasImplUtil; import com.azure.storage.common.implementation.Constants; @@ -662,6 +661,45 @@ public void transferBlobWithCreatePermission() { StepVerifier.create(response).verifyComplete(); } + @Test + @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") + public void commitBlockListWithCreatePermission() { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + String containerName = ccAsync.getBlobContainerName(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); + String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); + List blockIds = new ArrayList<>(); + blockIds.add(blockId); + + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobAsyncClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); + + Flux data = DATA.getDefaultFlux(); + + return destinationClient.stageBlock(blockId, data, DATA.getDefaultDataSize()) + .then(destinationClient.commitBlockList(blockIds, false)) + .then(); + }); + + StepVerifier.create(response).verifyComplete(); + + } // RBAC replication lag @Test From 5cb32d915aea2b3d83d066c2aba56d34d07fd496 Mon Sep 17 00:00:00 2001 From: browndav-msft Date: Mon, 16 Mar 2026 14:53:09 -0400 Subject: [PATCH 07/12] wrap user-delegation SAS tests in liveTestScenarioWithRetry(...) Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .../storage/blob/SasAsyncClientTests.java | 163 +++++++++--------- .../azure/storage/blob/SasClientTests.java | 153 ++++++++-------- 2 files changed, 164 insertions(+), 152 deletions(-) diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index dc648e59e676..7da3be4396d2 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -589,116 +589,121 @@ public void containerSasFilterBlobsFail() { @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void createPermissionUpload() { - BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); - BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(cc.getBlobContainerName()); - - String oauthBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + liveTestScenarioWithRetry(() -> { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(cc.getBlobContainerName()); - Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + String oauthBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); - BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues - = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); - String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); + BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); - BlockBlobAsyncClient blockClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(oauthBlobName) - .sasToken(sasWithPermissions)).buildBlockBlobAsyncClient(); + String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); - return blockClient.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).then(); - }); + BlockBlobAsyncClient blockClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(oauthBlobName) + .sasToken(sasWithPermissions)).buildBlockBlobAsyncClient(); - StepVerifier.create(response).verifyComplete(); + return blockClient.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).then(); + }); + StepVerifier.create(response).verifyComplete(); + }); } @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void transferBlobWithCreatePermission() { - BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); - String containerName = ccAsync.getBlobContainerName(); - BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); + liveTestScenarioWithRetry(() -> { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + String containerName = ccAsync.getBlobContainerName(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); - String sourceBlobName = generateBlobName(); - String destinationBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + String sourceBlobName = generateBlobName(); + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); - // Upload source blob via OAuth client - BlockBlobAsyncClient sourceBlob = oauthContainer.getBlobAsyncClient(sourceBlobName).getBlockBlobAsyncClient(); - sourceBlob.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).block(); + // Upload source blob via OAuth client + BlockBlobAsyncClient sourceBlob + = oauthContainer.getBlobAsyncClient(sourceBlobName).getBlockBlobAsyncClient(); + sourceBlob.upload(DATA.getDefaultFlux(), DATA.getDefaultDataSize()).block(); - Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); - // Create-only permission for destination blob - BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues - = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobAsyncClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); + + // Read permission for source blob + BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); + BlobServiceSasSignatureValues readValues = new BlobServiceSasSignatureValues(expiryTime, readPermission) .setPreauthorizedAgentObjectId(saoid); - String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobAsyncClient destinationClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(destinationBlobName) - .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); - - // Read permission for source blob - BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); - BlobServiceSasSignatureValues readValues - = new BlobServiceSasSignatureValues(expiryTime, readPermission).setPreauthorizedAgentObjectId(saoid); - String readSas = oauthContainer.generateUserDelegationSas(readValues, key); - String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; - - return destinationClient.copyFromUrl(sourceUrl).then(); - }); + String readSas = oauthContainer.generateUserDelegationSas(readValues, key); + String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; + + return destinationClient.copyFromUrl(sourceUrl).then(); + }); - StepVerifier.create(response).verifyComplete(); + StepVerifier.create(response).verifyComplete(); + }); } @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void commitBlockListWithCreatePermission() { - BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); - String containerName = ccAsync.getBlobContainerName(); - BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); - String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); - List blockIds = new ArrayList<>(); - blockIds.add(blockId); - - String destinationBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + liveTestScenarioWithRetry(() -> { + BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); + String containerName = ccAsync.getBlobContainerName(); + BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(containerName); + String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); + List blockIds = new ArrayList<>(); + blockIds.add(blockId); - Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { - // Create-only permission for destination blob - BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues - = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) - .setPreauthorizedAgentObjectId(saoid); - String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobAsyncClient destinationClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(destinationBlobName) - .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); - Flux data = DATA.getDefaultFlux(); + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobAsyncClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobAsyncClient(); - return destinationClient.stageBlock(blockId, data, DATA.getDefaultDataSize()) - .then(destinationClient.commitBlockList(blockIds, false)) - .then(); - }); + Flux data = DATA.getDefaultFlux(); - StepVerifier.create(response).verifyComplete(); + return destinationClient.stageBlock(blockId, data, DATA.getDefaultDataSize()) + .then(destinationClient.commitBlockList(blockIds, false)) + .then(); + }); + StepVerifier.create(response).verifyComplete(); + }); } // RBAC replication lag diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 40248e3c8072..414f2ff97a97 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -17,7 +17,6 @@ import com.azure.storage.blob.sas.BlobSasPermission; import com.azure.storage.blob.sas.BlobServiceSasSignatureValues; import com.azure.storage.blob.specialized.AppendBlobClient; -import com.azure.storage.blob.specialized.BlockBlobAsyncClient; import com.azure.storage.blob.specialized.BlockBlobClient; import com.azure.storage.blob.specialized.SpecializedBlobClientBuilder; import com.azure.storage.common.implementation.AccountSasImplUtil; @@ -1303,99 +1302,107 @@ public void blobSasImplUtilCanonicalizedResource(String containerName, String bl @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void createPermissionUpload() { - BlobServiceClient oauthService = getOAuthServiceClient(); - String oauthContainerName = cc.getBlobContainerName(); - BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(oauthContainerName); + liveTestScenarioWithRetry(rbacRetry -> { + BlobServiceClient oauthService = getOAuthServiceClient(); + String oauthContainerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(oauthContainerName); - String oauthBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + String oauthBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); - UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); - BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues - = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); + BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, permissions).setPreauthorizedAgentObjectId(saoid); - String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobClient blockClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(oauthBlobName) - .sasToken(sasWithPermissions)).buildBlockBlobClient(); + String sasWithPermissions = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient blockClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(oauthBlobName) + .sasToken(sasWithPermissions)).buildBlockBlobClient(); - assertDoesNotThrow(() -> blockClient.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize())); + assertDoesNotThrow(() -> blockClient.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize())); + }); } @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void transferBlobWithCreatePermission() { - BlobServiceClient oauthService = getOAuthServiceClient(); - String containerName = cc.getBlobContainerName(); - BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); + liveTestScenarioWithRetry(rbacRetry -> { + BlobServiceClient oauthService = getOAuthServiceClient(); + String containerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); - String sourceBlobName = generateBlobName(); - String destinationBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + String sourceBlobName = generateBlobName(); + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + + // Upload source blob via OAuth client + BlockBlobClient sourceBlob = oauthContainer.getBlobClient(sourceBlobName).getBlockBlobClient(); + sourceBlob.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); - // Upload source blob via OAuth client - BlockBlobClient sourceBlob = oauthContainer.getBlobClient(sourceBlobName).getBlockBlobClient(); - sourceBlob.upload(DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); - - UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); - - // Create-only permission for destination blob - BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) - .setPreauthorizedAgentObjectId(saoid); - String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobClient destinationClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(destinationBlobName) - .sasToken(createPermissionsOnly)).buildBlockBlobClient(); - - // Read permission for source blob - BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); - BlobServiceSasSignatureValues readValues - = new BlobServiceSasSignatureValues(expiryTime, readPermission).setPreauthorizedAgentObjectId(saoid); - String readSas = oauthContainer.generateUserDelegationSas(readValues, key); - String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; - - assertDoesNotThrow(() -> destinationClient.copyFromUrl(sourceUrl)); + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); + + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobClient(); + + // Read permission for source blob + BlobSasPermission readPermission = new BlobSasPermission().setReadPermission(true); + BlobServiceSasSignatureValues readValues + = new BlobServiceSasSignatureValues(expiryTime, readPermission).setPreauthorizedAgentObjectId(saoid); + String readSas = oauthContainer.generateUserDelegationSas(readValues, key); + String sourceUrl = sourceBlob.getBlobUrl() + "?" + readSas; + + assertDoesNotThrow(() -> destinationClient.copyFromUrl(sourceUrl)); + }); } @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void commitBlockListWithCreatePermission() { - BlobServiceClient oauthService = getOAuthServiceClient(); - String containerName = cc.getBlobContainerName(); - BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); - String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); - List blockIds = new ArrayList(); - blockIds.add(blockId); - - String destinationBlobName = generateBlobName(); - OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); + liveTestScenarioWithRetry(() -> { + BlobServiceClient oauthService = getOAuthServiceClient(); + String containerName = cc.getBlobContainerName(); + BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); + String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); + List blockIds = new ArrayList(); + blockIds.add(blockId); - UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); - key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + String destinationBlobName = generateBlobName(); + OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); - // Create-only permission for destination blob - BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) - .setPreauthorizedAgentObjectId(saoid); - String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobClient destinationClient - = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) - .blobName(destinationBlobName) - .sasToken(createPermissionsOnly)).buildBlockBlobClient(); + UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); + key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + String saoid = testResourceNamer.randomUuid(); - destinationClient.stageBlock(blockId, DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); + // Create-only permission for destination blob + BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); + BlobServiceSasSignatureValues sasValues = + new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + .setPreauthorizedAgentObjectId(saoid); + String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); + BlockBlobClient destinationClient = + instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + .blobName(destinationBlobName) + .sasToken(createPermissionsOnly)).buildBlockBlobClient(); - assertDoesNotThrow(() -> destinationClient.commitBlockList(blockIds, false)); + destinationClient.stageBlock(blockId, DATA.getDefaultInputStream(), DATA.getDefaultDataSize()); + + assertDoesNotThrow(() -> destinationClient.commitBlockList(blockIds, false)); + }); } private static Stream blobSasImplUtilCanonicalizedResourceSupplier() { From cd55c16209496fbaffa202358fbc0ac42bf42a8f Mon Sep 17 00:00:00 2001 From: browndav Date: Wed, 11 Mar 2026 14:27:36 -0400 Subject: [PATCH 08/12] add sanitizer for skoid --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../src/test/java/com/azure/storage/blob/BlobTestBase.java | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index b43d2d75931c..4e6389937b91 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_8b827141a3" + "Tag": "java/storage/azure-storage-blob_0748d55c04" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java index b32ff69531f2..b1948f4df003 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobTestBase.java @@ -194,7 +194,8 @@ public void beforeTest() { new TestProxySanitizer("x-ms-copy-source-authorization", ".+", "REDACTED", TestProxySanitizerType.HEADER), new TestProxySanitizer("x-ms-rename-source", "((?<=http://|https://)([^/?]+)|sig=(.*))", "REDACTED", - TestProxySanitizerType.HEADER))); + TestProxySanitizerType.HEADER), + new TestProxySanitizer("skoid=([^&]+)", "REDACTED", TestProxySanitizerType.URL))); } // Ignore changes to the order of query parameters and wholly ignore the 'sv' (service version) query parameter From 6830a82fcb658305ff90aaaf1f9f689dac5679f7 Mon Sep 17 00:00:00 2001 From: browndav-msft Date: Mon, 16 Mar 2026 16:07:19 -0400 Subject: [PATCH 09/12] accept sanitization recommendation from copilot Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com> --- .../java/com/azure/storage/blob/SasAsyncClientTests.java | 4 +++- .../test/java/com/azure/storage/blob/SasClientTests.java | 7 +++++-- 2 files changed, 8 insertions(+), 3 deletions(-) diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 7da3be4396d2..7425d228a4fc 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -598,6 +598,7 @@ public void createPermissionUpload() { Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); @@ -638,7 +639,7 @@ public void transferBlobWithCreatePermission() { Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.randomUuid(); + String saoid = testResourceNamer.recordValueFromConfig(getOidFromToken(getAuthToken())); // Create-only permission for destination blob BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); @@ -682,6 +683,7 @@ public void commitBlockListWithCreatePermission() { Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); // Create-only permission for destination blob diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 414f2ff97a97..6203c771cbdf 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -1302,7 +1302,7 @@ public void blobSasImplUtilCanonicalizedResource(String containerName, String bl @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void createPermissionUpload() { - liveTestScenarioWithRetry(rbacRetry -> { + liveTestScenarioWithRetry(() -> { BlobServiceClient oauthService = getOAuthServiceClient(); String oauthContainerName = cc.getBlobContainerName(); BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(oauthContainerName); @@ -1312,6 +1312,7 @@ public void createPermissionUpload() { UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); BlobSasPermission permissions = new BlobSasPermission().setCreatePermission(true); @@ -1346,6 +1347,7 @@ public void transferBlobWithCreatePermission() { UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); // Create-only permission for destination blob @@ -1378,7 +1380,7 @@ public void commitBlockListWithCreatePermission() { String containerName = cc.getBlobContainerName(); BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); String blockId = Base64.getEncoder().encodeToString("blockid".getBytes(StandardCharsets.UTF_8)); - List blockIds = new ArrayList(); + List blockIds = new ArrayList<>(); blockIds.add(blockId); String destinationBlobName = generateBlobName(); @@ -1386,6 +1388,7 @@ public void commitBlockListWithCreatePermission() { UserDelegationKey key = oauthService.getUserDelegationKey(null, expiryTime); key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); // Create-only permission for destination blob From d73cdf6cd604dcf31f40e63c2be086da99327816 Mon Sep 17 00:00:00 2001 From: browndav Date: Mon, 16 Mar 2026 16:09:16 -0400 Subject: [PATCH 10/12] remove unncessary arg from lambda --- .../src/test/java/com/azure/storage/blob/SasClientTests.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index 6203c771cbdf..d9a66695c3ad 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -1332,7 +1332,7 @@ public void createPermissionUpload() { @Test @RequiredServiceVersion(clazz = BlobServiceVersion.class, min = "2026-04-06") public void transferBlobWithCreatePermission() { - liveTestScenarioWithRetry(rbacRetry -> { + liveTestScenarioWithRetry(() -> { BlobServiceClient oauthService = getOAuthServiceClient(); String containerName = cc.getBlobContainerName(); BlobContainerClient oauthContainer = oauthService.getBlobContainerClient(containerName); From 7347ef65abc35fdfc6cc441715cf032bcebdc6e1 Mon Sep 17 00:00:00 2001 From: browndav Date: Mon, 16 Mar 2026 16:31:25 -0400 Subject: [PATCH 11/12] made sanitization recommendations from copilot, rerecorded tests --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../java/com/azure/storage/blob/SasAsyncClientTests.java | 5 +++-- .../test/java/com/azure/storage/blob/SasClientTests.java | 8 ++++---- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index 4e6389937b91..807e162b285f 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_0748d55c04" + "Tag": "java/storage/azure-storage-blob_15213db357" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 7425d228a4fc..6762d5d97c5f 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -591,7 +591,8 @@ public void containerSasFilterBlobsFail() { public void createPermissionUpload() { liveTestScenarioWithRetry(() -> { BlobServiceAsyncClient oauthService = getOAuthServiceAsyncClient(); - BlobContainerAsyncClient oauthContainer = oauthService.getBlobContainerAsyncClient(cc.getBlobContainerName()); + BlobContainerAsyncClient oauthContainer + = oauthService.getBlobContainerAsyncClient(cc.getBlobContainerName()); String oauthBlobName = generateBlobName(); OffsetDateTime expiryTime = testResourceNamer.now().plusDays(1); @@ -639,7 +640,7 @@ public void transferBlobWithCreatePermission() { Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); - String saoid = testResourceNamer.recordValueFromConfig(getOidFromToken(getAuthToken())); + String saoid = testResourceNamer.randomUuid(); // Create-only permission for destination blob BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java index d9a66695c3ad..47b3259e9539 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java @@ -1393,12 +1393,12 @@ public void commitBlockListWithCreatePermission() { // Create-only permission for destination blob BlobSasPermission destinationPermissions = new BlobSasPermission().setCreatePermission(true); - BlobServiceSasSignatureValues sasValues = - new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) + BlobServiceSasSignatureValues sasValues + = new BlobServiceSasSignatureValues(expiryTime, destinationPermissions) .setPreauthorizedAgentObjectId(saoid); String createPermissionsOnly = oauthContainer.generateUserDelegationSas(sasValues, key); - BlockBlobClient destinationClient = - instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) + BlockBlobClient destinationClient + = instrument(new SpecializedBlobClientBuilder().endpoint(oauthContainer.getBlobContainerUrl()) .blobName(destinationBlobName) .sasToken(createPermissionsOnly)).buildBlockBlobClient(); From daa1ff47ad5146a32bbdf02e24b2db7c9c94fb26 Mon Sep 17 00:00:00 2001 From: browndav Date: Mon, 16 Mar 2026 18:33:16 -0400 Subject: [PATCH 12/12] add key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())), rerecord tests --- sdk/storage/azure-storage-blob/assets.json | 2 +- .../test/java/com/azure/storage/blob/SasAsyncClientTests.java | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/sdk/storage/azure-storage-blob/assets.json b/sdk/storage/azure-storage-blob/assets.json index 807e162b285f..733ea20a9969 100644 --- a/sdk/storage/azure-storage-blob/assets.json +++ b/sdk/storage/azure-storage-blob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "java", "TagPrefix": "java/storage/azure-storage-blob", - "Tag": "java/storage/azure-storage-blob_15213db357" + "Tag": "java/storage/azure-storage-blob_69330cd83d" } diff --git a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java index 6762d5d97c5f..cdc576d7fb8b 100644 --- a/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java +++ b/sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java @@ -640,6 +640,7 @@ public void transferBlobWithCreatePermission() { Mono response = oauthService.getUserDelegationKey(null, expiryTime).flatMap(key -> { key.setSignedTenantId(testResourceNamer.recordValueFromConfig(key.getSignedTenantId())); + key.setSignedObjectId(testResourceNamer.recordValueFromConfig(key.getSignedObjectId())); String saoid = testResourceNamer.randomUuid(); // Create-only permission for destination blob