use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.
the class ObjectStorageProvisioner method provision.
@Override
public CompletableFuture<ProvisionResponse> provision(ObjectStorageResourceDefinition resourceDefinition) {
String containerName = resourceDefinition.getContainerName();
String accountName = resourceDefinition.getAccountName();
monitor.info("Azure Storage Container request submitted: " + containerName);
OffsetDateTime expiryTime = OffsetDateTime.now().plusHours(1);
return with(retryPolicy).getAsync(() -> blobStoreApi.exists(accountName, containerName)).thenCompose(exists -> {
if (exists) {
return reusingExistingContainer(containerName);
} else {
return createContainer(containerName, accountName);
}
}).thenCompose(empty -> createContainerSasToken(containerName, accountName, expiryTime)).thenApply(writeOnlySas -> {
var resource = ObjectContainerProvisionedResource.Builder.newInstance().id(containerName).accountName(accountName).containerName(containerName).resourceDefinitionId(resourceDefinition.getId()).transferProcessId(resourceDefinition.getTransferProcessId()).build();
var secretToken = new AzureSasToken("?" + writeOnlySas, expiryTime.toInstant().toEpochMilli());
return ProvisionResponse.Builder.newInstance().resource(resource).secretToken(secretToken).build();
});
}
use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.
the class BlobStoreWriter method write.
@Override
public Result<Void> write(DataAddress destination, String name, InputStream data, String secretToken) {
var accountName = destination.getProperty("account");
var container = destination.getProperty("container");
AzureSasToken sasToken = null;
try {
sasToken = typeManager.readValue(secretToken, AzureSasToken.class);
} catch (Exception e) {
var message = "Cannot interpret temporary secret as valid AzureSasToken!";
monitor.severe(message);
return Result.failure(message);
}
Objects.requireNonNull(accountName, "accountName");
if (secretToken == null) {
throw new IllegalArgumentException("BlobStoreWriter secretToken cannot be null!");
} else {
var endpoint = "https://" + accountName + ".blob.core.windows.net";
var sas = sasToken.getSas();
if (sas.startsWith("?")) {
sas = sas.substring(1);
}
uploadBlob(name, data, container, endpoint, sas);
uploadBlob(name + ".complete", new ByteArrayInputStream(new byte[0]), container, endpoint, sas);
return Result.success();
}
}
use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.
the class ObjectStorageProvisioner method provision.
@Override
public CompletableFuture<StatusResult<ProvisionResponse>> provision(ObjectStorageResourceDefinition resourceDefinition, Policy policy) {
String containerName = resourceDefinition.getContainerName();
String accountName = resourceDefinition.getAccountName();
monitor.info("Azure Storage Container request submitted: " + containerName);
OffsetDateTime expiryTime = OffsetDateTime.now().plusHours(1);
return with(retryPolicy).getAsync(() -> blobStoreApi.exists(accountName, containerName)).thenCompose(exists -> {
if (exists) {
return reusingExistingContainer(containerName);
} else {
return createContainer(containerName, accountName);
}
}).thenCompose(empty -> createContainerSasToken(containerName, accountName, expiryTime)).thenApply(writeOnlySas -> {
// Ensure resource name is unique to avoid key collisions in local and remote vaults
String resourceName = resourceDefinition.getId() + "-container";
var resource = ObjectContainerProvisionedResource.Builder.newInstance().id(containerName).accountName(accountName).containerName(containerName).resourceDefinitionId(resourceDefinition.getId()).transferProcessId(resourceDefinition.getTransferProcessId()).resourceName(resourceName).hasToken(true).build();
var secretToken = new AzureSasToken("?" + writeOnlySas, expiryTime.toInstant().toEpochMilli());
var response = ProvisionResponse.Builder.newInstance().resource(resource).secretToken(secretToken).build();
return StatusResult.success(response);
});
}
use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.
the class AzureDataFactoryCopyIntegrationTest method setSecret.
private void setSecret(Account account, Vault vault, String secretName) {
// ADF SLA to start an activity is 4 minutes.
var expiryTime = OffsetDateTime.now().plusMinutes(8);
var permission = new BlobContainerSasPermission().setWritePermission(true);
var sasSignatureValues = new BlobServiceSasSignatureValues(expiryTime, permission).setStartTime(OffsetDateTime.now());
var sasToken = account.client.getBlobContainerClient(account.containerName).generateSas(sasSignatureValues);
var edcAzureSas = new AzureSasToken(sasToken, expiryTime.toEpochSecond());
// Set Secret
vault.secretClient().setSecret(secretName, typeManager.writeValueAsString(edcAzureSas)).block(Duration.ofMinutes(1));
// Add for clean up test data
secretCleanup.add(() -> vault.secretClient().beginDeleteSecret(secretName).blockLast(Duration.ofMinutes(1)));
secretCleanup.add(() -> vault.secretClient().purgeDeletedSecret(secretName).block(Duration.ofMinutes(1)));
}
use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.
the class AzureDataPlaneCopyIntegrationTest method transfer_success.
@Test
void transfer_success() {
blobServiceClient1.getBlobContainerClient(account1ContainerName).getBlobClient(blobName).upload(BinaryData.fromString(content));
var source = DataAddress.Builder.newInstance().type(TYPE).property(ACCOUNT_NAME, account1Name).property(CONTAINER_NAME, account1ContainerName).property(BLOB_NAME, blobName).keyName(account1KeyName).build();
when(vault.resolveSecret(account1KeyName)).thenReturn(account1Key);
var destination = DataAddress.Builder.newInstance().type(TYPE).property(ACCOUNT_NAME, account2Name).property(CONTAINER_NAME, sinkContainerName).keyName(account2KeyName).build();
when(vault.resolveSecret(account2Name + "-key1")).thenReturn(account2Key);
var account2SasToken = account2Api.createContainerSasToken(account2Name, sinkContainerName, "w", OffsetDateTime.MAX.minusDays(1));
var secretToken = new AzureSasToken(account2SasToken, Long.MAX_VALUE);
when(vault.resolveSecret(account2KeyName)).thenReturn(typeManager.writeValueAsString(secretToken));
var request = DataFlowRequest.Builder.newInstance().sourceDataAddress(source).destinationDataAddress(destination).id(UUID.randomUUID().toString()).processId(UUID.randomUUID().toString()).build();
var dataSource = new AzureStorageDataSourceFactory(account1Api, policy, monitor, vault).createSource(request);
int partitionSize = 5;
var dataSink = new AzureStorageDataSinkFactory(account2Api, executor, partitionSize, monitor, vault, new TypeManager()).createSink(request);
assertThat(dataSink.transfer(dataSource)).succeedsWithin(500, TimeUnit.MILLISECONDS).satisfies(transferResult -> assertThat(transferResult.succeeded()).isTrue());
var destinationBlob = blobServiceClient2.getBlobContainerClient(sinkContainerName).getBlobClient(blobName);
assertThat(destinationBlob.exists()).withFailMessage("should have copied blob between containers").isTrue();
assertThat(destinationBlob.downloadContent()).asString().isEqualTo(content);
}
Aggregations