Examples with AzureSasToken org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken used on opensource projects

Example 1 with AzureSasToken

use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.

the class ObjectStorageProvisioner method provision.

@Override
public CompletableFuture<ProvisionResponse> provision(ObjectStorageResourceDefinition resourceDefinition) {
    String containerName = resourceDefinition.getContainerName();
    String accountName = resourceDefinition.getAccountName();
    monitor.info("Azure Storage Container request submitted: " + containerName);
    OffsetDateTime expiryTime = OffsetDateTime.now().plusHours(1);
    return with(retryPolicy).getAsync(() -> blobStoreApi.exists(accountName, containerName)).thenCompose(exists -> {
        if (exists) {
            return reusingExistingContainer(containerName);
        } else {
            return createContainer(containerName, accountName);
        }
    }).thenCompose(empty -> createContainerSasToken(containerName, accountName, expiryTime)).thenApply(writeOnlySas -> {
        var resource = ObjectContainerProvisionedResource.Builder.newInstance().id(containerName).accountName(accountName).containerName(containerName).resourceDefinitionId(resourceDefinition.getId()).transferProcessId(resourceDefinition.getTransferProcessId()).build();
        var secretToken = new AzureSasToken("?" + writeOnlySas, expiryTime.toInstant().toEpochMilli());
        return ProvisionResponse.Builder.newInstance().resource(resource).secretToken(secretToken).build();
    });
}

Example 2 with AzureSasToken

use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.

the class BlobStoreWriter method write.

@Override
public Result<Void> write(DataAddress destination, String name, InputStream data, String secretToken) {
    var accountName = destination.getProperty("account");
    var container = destination.getProperty("container");
    AzureSasToken sasToken = null;
    try {
        sasToken = typeManager.readValue(secretToken, AzureSasToken.class);
    } catch (Exception e) {
        var message = "Cannot interpret temporary secret as valid AzureSasToken!";
        monitor.severe(message);
        return Result.failure(message);
    }
    Objects.requireNonNull(accountName, "accountName");
    if (secretToken == null) {
        throw new IllegalArgumentException("BlobStoreWriter secretToken cannot be null!");
    } else {
        var endpoint = "https://" + accountName + ".blob.core.windows.net";
        var sas = sasToken.getSas();
        if (sas.startsWith("?")) {
            sas = sas.substring(1);
        }
        uploadBlob(name, data, container, endpoint, sas);
        uploadBlob(name + ".complete", new ByteArrayInputStream(new byte[0]), container, endpoint, sas);
        return Result.success();
    }
}

Example 3 with AzureSasToken

use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.

the class ObjectStorageProvisioner method provision.

@Override
public CompletableFuture<StatusResult<ProvisionResponse>> provision(ObjectStorageResourceDefinition resourceDefinition, Policy policy) {
    String containerName = resourceDefinition.getContainerName();
    String accountName = resourceDefinition.getAccountName();
    monitor.info("Azure Storage Container request submitted: " + containerName);
    OffsetDateTime expiryTime = OffsetDateTime.now().plusHours(1);
    return with(retryPolicy).getAsync(() -> blobStoreApi.exists(accountName, containerName)).thenCompose(exists -> {
        if (exists) {
            return reusingExistingContainer(containerName);
        } else {
            return createContainer(containerName, accountName);
        }
    }).thenCompose(empty -> createContainerSasToken(containerName, accountName, expiryTime)).thenApply(writeOnlySas -> {
        // Ensure resource name is unique to avoid key collisions in local and remote vaults
        String resourceName = resourceDefinition.getId() + "-container";
        var resource = ObjectContainerProvisionedResource.Builder.newInstance().id(containerName).accountName(accountName).containerName(containerName).resourceDefinitionId(resourceDefinition.getId()).transferProcessId(resourceDefinition.getTransferProcessId()).resourceName(resourceName).hasToken(true).build();
        var secretToken = new AzureSasToken("?" + writeOnlySas, expiryTime.toInstant().toEpochMilli());
        var response = ProvisionResponse.Builder.newInstance().resource(resource).secretToken(secretToken).build();
        return StatusResult.success(response);
    });
}

Example 4 with AzureSasToken

use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.

the class AzureDataFactoryCopyIntegrationTest method setSecret.

private void setSecret(Account account, Vault vault, String secretName) {
    // ADF SLA to start an activity is 4 minutes.
    var expiryTime = OffsetDateTime.now().plusMinutes(8);
    var permission = new BlobContainerSasPermission().setWritePermission(true);
    var sasSignatureValues = new BlobServiceSasSignatureValues(expiryTime, permission).setStartTime(OffsetDateTime.now());
    var sasToken = account.client.getBlobContainerClient(account.containerName).generateSas(sasSignatureValues);
    var edcAzureSas = new AzureSasToken(sasToken, expiryTime.toEpochSecond());
    // Set Secret
    vault.secretClient().setSecret(secretName, typeManager.writeValueAsString(edcAzureSas)).block(Duration.ofMinutes(1));
    // Add for clean up test data
    secretCleanup.add(() -> vault.secretClient().beginDeleteSecret(secretName).blockLast(Duration.ofMinutes(1)));
    secretCleanup.add(() -> vault.secretClient().purgeDeletedSecret(secretName).block(Duration.ofMinutes(1)));
}

Example 5 with AzureSasToken

use of org.eclipse.dataspaceconnector.azure.blob.core.AzureSasToken in project DataSpaceConnector by eclipse-dataspaceconnector.

the class AzureDataPlaneCopyIntegrationTest method transfer_success.

@Test
void transfer_success() {
    blobServiceClient1.getBlobContainerClient(account1ContainerName).getBlobClient(blobName).upload(BinaryData.fromString(content));
    var source = DataAddress.Builder.newInstance().type(TYPE).property(ACCOUNT_NAME, account1Name).property(CONTAINER_NAME, account1ContainerName).property(BLOB_NAME, blobName).keyName(account1KeyName).build();
    when(vault.resolveSecret(account1KeyName)).thenReturn(account1Key);
    var destination = DataAddress.Builder.newInstance().type(TYPE).property(ACCOUNT_NAME, account2Name).property(CONTAINER_NAME, sinkContainerName).keyName(account2KeyName).build();
    when(vault.resolveSecret(account2Name + "-key1")).thenReturn(account2Key);
    var account2SasToken = account2Api.createContainerSasToken(account2Name, sinkContainerName, "w", OffsetDateTime.MAX.minusDays(1));
    var secretToken = new AzureSasToken(account2SasToken, Long.MAX_VALUE);
    when(vault.resolveSecret(account2KeyName)).thenReturn(typeManager.writeValueAsString(secretToken));
    var request = DataFlowRequest.Builder.newInstance().sourceDataAddress(source).destinationDataAddress(destination).id(UUID.randomUUID().toString()).processId(UUID.randomUUID().toString()).build();
    var dataSource = new AzureStorageDataSourceFactory(account1Api, policy, monitor, vault).createSource(request);
    int partitionSize = 5;
    var dataSink = new AzureStorageDataSinkFactory(account2Api, executor, partitionSize, monitor, vault, new TypeManager()).createSink(request);
    assertThat(dataSink.transfer(dataSource)).succeedsWithin(500, TimeUnit.MILLISECONDS).satisfies(transferResult -> assertThat(transferResult.succeeded()).isTrue());
    var destinationBlob = blobServiceClient2.getBlobContainerClient(sinkContainerName).getBlobClient(blobName);
    assertThat(destinationBlob.exists()).withFailMessage("should have copied blob between containers").isTrue();
    assertThat(destinationBlob.downloadContent()).asString().isEqualTo(content);
}