From 7176cc07133c9dcc367b83c7a5e7014255ae1811 Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 12:22:48 +0530 Subject: [PATCH 1/8] Adding check for rejecting URLs that are not HTTPS --- .../exported/shared_key_credential.go | 20 ++++++++++++++ sdk/storage/azblob/service/client_test.go | 27 +++++++++++++++++++ 2 files changed, 47 insertions(+) diff --git a/sdk/storage/azblob/internal/exported/shared_key_credential.go b/sdk/storage/azblob/internal/exported/shared_key_credential.go index bd0bd5e260db..e4b076601f4e 100644 --- a/sdk/storage/azblob/internal/exported/shared_key_credential.go +++ b/sdk/storage/azblob/internal/exported/shared_key_credential.go @@ -11,7 +11,9 @@ import ( "crypto/hmac" "crypto/sha256" "encoding/base64" + "errors" "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo" "net/http" "net/url" "sort" @@ -195,6 +197,17 @@ func NewSharedKeyCredPolicy(cred *SharedKeyCredential) *SharedKeyCredPolicy { } func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { + // skip adding the authorization header if no SharedKeyCredential was provided. + // this prevents a panic that might be hard to diagnose and allows testing + // against http endpoints that don't require authentication. + if s.cred == nil { + return req.Next() + } + + if err := checkHTTPSForAuth(req); err != nil { + return nil, err + } + if d := getHeader(shared.HeaderXmsDate, req.Raw().Header); d == "" { req.Raw().Header.Set(shared.HeaderXmsDate, time.Now().UTC().Format(http.TimeFormat)) } @@ -216,3 +229,10 @@ func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { } return response, err } + +func checkHTTPSForAuth(req *policy.Request) error { + if strings.ToLower(req.Raw().URL.Scheme) != "https" { + return errorinfo.NonRetriableError(errors.New("authenticated requests are not permitted for non TLS protected (https) endpoints")) + } + return nil +} diff --git a/sdk/storage/azblob/service/client_test.go b/sdk/storage/azblob/service/client_test.go index 78c7b6c0ff88..c3e53716ac84 100644 --- a/sdk/storage/azblob/service/client_test.go +++ b/sdk/storage/azblob/service/client_test.go @@ -1809,3 +1809,30 @@ func (s *ServiceUnrecordedTestsSuite) TestServiceBlobBatchErrors() { _, err = svcClient.SubmitBatch(context.Background(), nil, nil) _require.Error(err) } + +func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { + _require := require.New(s.T()) + + cred, err := testcommon.GetGenericSharedKeyCredential(testcommon.TestAccountDefault) + _require.NoError(err) + + svcClient, err := service.NewClientWithSharedKeyCredential("http://"+cred.AccountName()+".blob.core.windows.net/", cred, nil) + _require.NoError(err) + + _, err = svcClient.GetProperties(context.Background(), nil) + _require.Error(err) +} + +func (s *ServiceRecordedTestsSuite) TestServiceClientWithNilSharedKey() { + _require := require.New(s.T()) + + accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault) + _require.Greater(len(accountName), 0) + + svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".blob.core.windows.net/", nil, nil) + _require.NoError(err) + + _, err = svcClient.GetProperties(context.Background(), nil) + _require.Error(err) + testcommon.ValidateBlobErrorCode(_require, err, bloberror.NoAuthenticationInformation) +} From 91fe5d6f1ac538a8fcb382f25f855fe4c985bc76 Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 13:56:18 +0530 Subject: [PATCH 2/8] Adding checks in azfile and azdatalake --- sdk/storage/azdatalake/go.mod | 22 ++++----- sdk/storage/azdatalake/go.sum | 48 +++++++++---------- .../exported/shared_key_credential.go | 24 ++++++++++ sdk/storage/azdatalake/service/client_test.go | 30 ++++++++++++ .../exported/shared_key_credential.go | 20 ++++++++ sdk/storage/azfile/service/client_test.go | 26 ++++++++++ 6 files changed, 134 insertions(+), 36 deletions(-) diff --git a/sdk/storage/azdatalake/go.mod b/sdk/storage/azdatalake/go.mod index 32183804dae3..7ba494ebed64 100644 --- a/sdk/storage/azdatalake/go.mod +++ b/sdk/storage/azdatalake/go.mod @@ -3,26 +3,26 @@ module github.com/Azure/azure-sdk-for-go/sdk/storage/azdatalake go 1.18 require ( - github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 - github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 - github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 + github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 + github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 + github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 github.com/stretchr/testify v1.8.4 ) require ( - github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 // indirect + github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/dnaeon/go-vcr v1.2.0 // indirect - github.com/golang-jwt/jwt v3.2.1+incompatible // indirect - github.com/google/uuid v1.1.1 // indirect + github.com/golang-jwt/jwt/v5 v5.0.0 // indirect + github.com/google/uuid v1.3.1 // indirect github.com/kylelemons/godebug v1.1.0 // indirect - github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 // indirect + github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 // indirect github.com/pmezard/go-difflib v1.0.0 // indirect - golang.org/x/crypto v0.14.0 // indirect - golang.org/x/net v0.17.0 // indirect - golang.org/x/sys v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/crypto v0.16.0 // indirect + golang.org/x/net v0.19.0 // indirect + golang.org/x/sys v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect ) diff --git a/sdk/storage/azdatalake/go.sum b/sdk/storage/azdatalake/go.sum index 6712a77cdedc..2df1d108469d 100644 --- a/sdk/storage/azdatalake/go.sum +++ b/sdk/storage/azdatalake/go.sum @@ -1,41 +1,39 @@ -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0 h1:8q4SaHjFsClSvuVne0ID/5Ka8u3fcIHyqkLjcFpNRHQ= -github.com/Azure/azure-sdk-for-go/sdk/azcore v1.7.0/go.mod h1:bjGvMhVMb+EEm3VRNQawDMUyMMjo+S5ewNjflkep/0Q= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0 h1:QkAcEIAKbNL4KoFr4SathZPhDhF4mVwpBMFlYjyAqy8= -github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.1.0/go.mod h1:bhXu1AjYL+wutSL/kpSq6s7733q2Rb0yuot9Zgfqa/0= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0 h1:TuEMD+E+1aTjjLICGQOW6vLe8UWES7kopac9mUXL56Y= -github.com/Azure/azure-sdk-for-go/sdk/internal v1.4.0/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1 h1:lGlwhPtrX6EVml1hO0ivjkUxsSyl4dsiw9qcA1k/3IQ= +github.com/Azure/azure-sdk-for-go/sdk/azcore v1.9.1/go.mod h1:RKUqNu35KJYcVG/fqTRqmuXJZYNhYkBrnC/hX7yGbTA= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0 h1:BMAjVKJM0U/CYF27gA0ZMmXGkOcvfFtD0oHVZ1TIPRI= +github.com/Azure/azure-sdk-for-go/sdk/azidentity v1.4.0/go.mod h1:1fXstnBMas5kzG+S3q8UoJcmyU6nUeunJcMDHcRYHhs= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1 h1:6oNBlSdi1QqM1PNW7FPA6xOGA5UNsXnkaYZz9vdPGhA= +github.com/Azure/azure-sdk-for-go/sdk/internal v1.5.1/go.mod h1:s4kgfzA0covAXNicZHDMN58jExvcng2mC/DepXiF1EI= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0 h1:u/LLAOFgsMv7HmNL4Qufg58y+qElGOt5qv0z1mURkRY= github.com/Azure/azure-sdk-for-go/sdk/storage/azblob v1.0.0/go.mod h1:2e8rMJtl2+2j+HXbTBwnyGpm5Nou7KhvSfxOq8JpTag= -github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1 h1:BWe8a+f/t+7KY7zH2mqygeUD0t8hNFXe08p1Pb3/jKE= -github.com/AzureAD/microsoft-authentication-library-for-go v0.5.1/go.mod h1:Vt9sXTKwMyGcOxSmLDMnGPgqsUg7m8pe215qMLrDXw4= +github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1 h1:WpB/QDNLpMw72xHJc34BNNykqSOeEJDAWkhf0u12/Jk= +github.com/AzureAD/microsoft-authentication-library-for-go v1.1.1/go.mod h1:wP83P5OoQ5p6ip3ScPr0BAq0BvuPAvacpEuSzyouqAI= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/dnaeon/go-vcr v1.2.0 h1:zHCHvJYTMh1N7xnV7zf1m1GPBF9Ad0Jk/whtQ1663qI= github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ= -github.com/golang-jwt/jwt v3.2.1+incompatible h1:73Z+4BJcrTC+KczS6WvTPvRGOp1WmfEP4Q1lOd9Z/+c= -github.com/golang-jwt/jwt v3.2.1+incompatible/go.mod h1:8pz2t5EyA70fFQQSrl6XZXzqecmYZeUEB8OUGHkxJ+I= -github.com/golang-jwt/jwt/v4 v4.2.0 h1:besgBTC8w8HjP6NzQdxwKH9Z5oQMZ24ThTrHp3cZ8eU= -github.com/google/uuid v1.1.1 h1:Gkbcsh/GbpXz7lPftLA3P6TYMwjCLYm83jiFQZF/3gY= -github.com/google/uuid v1.1.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= +github.com/golang-jwt/jwt/v5 v5.0.0 h1:1n1XNM9hk7O9mnQoNBGolZvzebBQ7p93ULHRc28XJUE= +github.com/golang-jwt/jwt/v5 v5.0.0/go.mod h1:pqrtFR0X4osieyHYxtmOUWsAWrfe1Q5UVIyoH402zdk= +github.com/google/uuid v1.3.1 h1:KjJaJ9iWZ3jOFZIf1Lqf4laDRCasjl0BCmnEGxkdLb4= +github.com/google/uuid v1.3.1/go.mod h1:TIyPZe4MgqvfeYDBFedMoGGpEw/LqOeaOT+nhxU+yHo= github.com/kylelemons/godebug v1.1.0 h1:RPNrshWIDI6G2gRW9EHilWtl7Z6Sb1BR0xunSBf0SNc= github.com/kylelemons/godebug v1.1.0/go.mod h1:9/0rRGxNHcop5bhtWyNeEfOS8JIWk580+fNqagV/RAw= github.com/modocache/gover v0.0.0-20171022184752-b58185e213c5/go.mod h1:caMODM3PzxT8aQXRPkAt8xlV/e7d7w8GM5g0fa5F0D8= -github.com/montanaflynn/stats v0.6.6/go.mod h1:etXPPgVO6n31NxCd9KQUMvCM+ve0ruNzt6R8Bnaayow= -github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4 h1:Qj1ukM4GlMWXNdMBuXcXfz/Kw9s1qm0CLY32QxuSImI= -github.com/pkg/browser v0.0.0-20210115035449-ce105d075bb4/go.mod h1:N6UoU20jOqggOuDwUaBQpluzLNDqif3kq9z2wpdYEfQ= +github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8 h1:KoWmjvw+nsYOo29YJK9vDA65RGE3NrOnUtO7a+RF9HU= +github.com/pkg/browser v0.0.0-20210911075715-681adbf594b8/go.mod h1:HKlIX3XHQyzLZPlr7++PzdhaXEj94dEiJgZDTsxEqUI= github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM= github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk= github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= -golang.org/x/net v0.17.0 h1:pVaXccu2ozPjCXewfr1S7xza/zcXTity9cCdXQYSjIM= -golang.org/x/net v0.17.0/go.mod h1:NxSsAGuq816PNPmqtQdLE42eU2Fs7NoRIZrHJAlaCOE= -golang.org/x/sys v0.0.0-20210124154548-22da62e12c0c/go.mod h1:h1NjWce9XRLGQEsW7wpKNCjG9DtNlClVuFLEZdDNbEs= -golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE= -golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= -golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY= +golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= +golang.org/x/net v0.19.0 h1:zTwKpTd2XuCqf8huc7Fo2iSy+4RHPd10s4KzeTnVr1c= +golang.org/x/net v0.19.0/go.mod h1:CfAk/cbD4CthTvqiEl8NpboMuiuOYsAr/7NOjZJtv1U= +golang.org/x/sys v0.0.0-20210616045830-e2b7044e8c71/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= +golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= +golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI= diff --git a/sdk/storage/azdatalake/internal/exported/shared_key_credential.go b/sdk/storage/azdatalake/internal/exported/shared_key_credential.go index e75b29f0ad8b..bf0c728faf53 100644 --- a/sdk/storage/azdatalake/internal/exported/shared_key_credential.go +++ b/sdk/storage/azdatalake/internal/exported/shared_key_credential.go @@ -11,7 +11,9 @@ import ( "crypto/hmac" "crypto/sha256" "encoding/base64" + "errors" "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo" "github.com/Azure/azure-sdk-for-go/sdk/storage/azblob" "net/http" "net/url" @@ -50,6 +52,9 @@ func (c *SharedKeyCredential) AccountName() string { } func ConvertToBlobSharedKey(c *SharedKeyCredential) (*azblob.SharedKeyCredential, error) { + if c == nil { + return nil, errors.New("SharedKeyCredential cannot be nil") + } cred, err := azblob.NewSharedKeyCredential(c.accountName, c.accountKeyString) if err != nil { return nil, err @@ -205,6 +210,17 @@ func NewSharedKeyCredPolicy(cred *SharedKeyCredential) *SharedKeyCredPolicy { } func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { + // skip adding the authorization header if no SharedKeyCredential was provided. + // this prevents a panic that might be hard to diagnose and allows testing + // against http endpoints that don't require authentication. + if s.cred == nil { + return req.Next() + } + + if err := checkHTTPSForAuth(req); err != nil { + return nil, err + } + if d := getHeader(shared.HeaderXmsDate, req.Raw().Header); d == "" { req.Raw().Header.Set(shared.HeaderXmsDate, time.Now().UTC().Format(http.TimeFormat)) } @@ -226,3 +242,11 @@ func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { } return response, err } + +// TODO: update the azblob dependency having checks for rejecting URLs that are not HTTPS +func checkHTTPSForAuth(req *policy.Request) error { + if strings.ToLower(req.Raw().URL.Scheme) != "https" { + return errorinfo.NonRetriableError(errors.New("authenticated requests are not permitted for non TLS protected (https) endpoints")) + } + return nil +} diff --git a/sdk/storage/azdatalake/service/client_test.go b/sdk/storage/azdatalake/service/client_test.go index d84ff8ca9383..74878e319cb0 100644 --- a/sdk/storage/azdatalake/service/client_test.go +++ b/sdk/storage/azdatalake/service/client_test.go @@ -780,3 +780,33 @@ func (s *ServiceRecordedTestsSuite) TestAccountListFilesystemsEmptyPrefix() { } _require.GreaterOrEqual(count, 2) } + +func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { + _require := require.New(s.T()) + testName := s.T().Name() + + cred, err := testcommon.GetGenericSharedKeyCredential(testcommon.TestAccountDatalake) + _require.NoError(err) + + svcClient, err := service.NewClientWithSharedKeyCredential("http://"+cred.AccountName()+".dfs.core.windows.net/", cred, nil) + _require.NoError(err) + + fsName := testcommon.GenerateFileSystemName(testName) + fileName := testcommon.GenerateFileName(testName) + fileClient := svcClient.NewFileSystemClient(fsName).NewFileClient(fileName) + _require.Equal(fileClient.DFSURL(), "http://"+cred.AccountName()+".dfs.core.windows.net/"+fsName+"/"+fileName) + + _, err = fileClient.Create(context.Background(), nil) + _require.Error(err) +} + +func (s *ServiceRecordedTestsSuite) TestServiceClientWithNilSharedKey() { + _require := require.New(s.T()) + + accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDatalake) + _require.Greater(len(accountName), 0) + + svcClient, err := service.NewClientWithSharedKeyCredential("http://"+accountName+".dfs.core.windows.net/", nil, nil) + _require.Error(err) + _require.Nil(svcClient) +} diff --git a/sdk/storage/azfile/internal/exported/shared_key_credential.go b/sdk/storage/azfile/internal/exported/shared_key_credential.go index 50aaf889942f..b2545b2bbb72 100644 --- a/sdk/storage/azfile/internal/exported/shared_key_credential.go +++ b/sdk/storage/azfile/internal/exported/shared_key_credential.go @@ -11,7 +11,9 @@ import ( "crypto/hmac" "crypto/sha256" "encoding/base64" + "errors" "fmt" + "github.com/Azure/azure-sdk-for-go/sdk/internal/errorinfo" "net/http" "net/url" "sort" @@ -195,6 +197,17 @@ func NewSharedKeyCredPolicy(cred *SharedKeyCredential) *SharedKeyCredPolicy { } func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { + // skip adding the authorization header if no SharedKeyCredential was provided. + // this prevents a panic that might be hard to diagnose and allows testing + // against http endpoints that don't require authentication. + if s.cred == nil { + return req.Next() + } + + if err := checkHTTPSForAuth(req); err != nil { + return nil, err + } + if d := getHeader(shared.HeaderXmsDate, req.Raw().Header); d == "" { req.Raw().Header.Set(shared.HeaderXmsDate, time.Now().UTC().Format(http.TimeFormat)) } @@ -216,3 +229,10 @@ func (s *SharedKeyCredPolicy) Do(req *policy.Request) (*http.Response, error) { } return response, err } + +func checkHTTPSForAuth(req *policy.Request) error { + if strings.ToLower(req.Raw().URL.Scheme) != "https" { + return errorinfo.NonRetriableError(errors.New("authenticated requests are not permitted for non TLS protected (https) endpoints")) + } + return nil +} diff --git a/sdk/storage/azfile/service/client_test.go b/sdk/storage/azfile/service/client_test.go index 9f0521dd6e0f..e9bd2accf7f1 100644 --- a/sdk/storage/azfile/service/client_test.go +++ b/sdk/storage/azfile/service/client_test.go @@ -629,3 +629,29 @@ func (s *ServiceRecordedTestsSuite) TestPremiumAccountListShares() { } } } + +func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { + _require := require.New(s.T()) + + cred, err := testcommon.GetGenericSharedKeyCredential(testcommon.TestAccountDefault) + _require.NoError(err) + + svcClient, err := service.NewClientWithSharedKeyCredential("http://"+cred.AccountName()+".file.core.windows.net/", cred, nil) + _require.NoError(err) + + _, err = svcClient.GetProperties(context.Background(), nil) + _require.Error(err) +} + +func (s *ServiceRecordedTestsSuite) TestServiceClientWithNilSharedKey() { + _require := require.New(s.T()) + + accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault) + _require.Greater(len(accountName), 0) + + svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".file.core.windows.net/", nil, nil) + _require.NoError(err) + + _, err = svcClient.GetProperties(context.Background(), nil) + _require.Error(err) +} From 96502df502e4860141a0a88f550e024e0c940f2b Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 14:08:22 +0530 Subject: [PATCH 3/8] Adding changelog --- sdk/storage/azblob/CHANGELOG.md | 2 ++ sdk/storage/azdatalake/CHANGELOG.md | 4 ++++ sdk/storage/azfile/CHANGELOG.md | 2 ++ 3 files changed, 8 insertions(+) diff --git a/sdk/storage/azblob/CHANGELOG.md b/sdk/storage/azblob/CHANGELOG.md index 77698e093e25..7482d7a6b6ae 100644 --- a/sdk/storage/azblob/CHANGELOG.md +++ b/sdk/storage/azblob/CHANGELOG.md @@ -8,6 +8,8 @@ ### Bugs Fixed +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. + ### Other Changes ## 1.2.1 (2023-12-13) diff --git a/sdk/storage/azdatalake/CHANGELOG.md b/sdk/storage/azdatalake/CHANGELOG.md index 62598c61d6e2..7c39964a7c6d 100644 --- a/sdk/storage/azdatalake/CHANGELOG.md +++ b/sdk/storage/azdatalake/CHANGELOG.md @@ -8,8 +8,12 @@ ### Bugs Fixed +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. + ### Other Changes +* Updated azcore version to `1.9.1` and azidentity version to `1.4.0`. + ## 1.0.0 (2023-10-18) ### Bugs Fixed diff --git a/sdk/storage/azfile/CHANGELOG.md b/sdk/storage/azfile/CHANGELOG.md index 390a176fd2a2..61a5aa7a88d5 100644 --- a/sdk/storage/azfile/CHANGELOG.md +++ b/sdk/storage/azfile/CHANGELOG.md @@ -9,6 +9,8 @@ ### Bugs Fixed +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. + ### Other Changes From 343e90c839aa7db61dcc9cbbe73cb8d8c444f783 Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 14:10:43 +0530 Subject: [PATCH 4/8] Adding changelog --- sdk/storage/azblob/CHANGELOG.md | 2 +- sdk/storage/azdatalake/CHANGELOG.md | 2 +- sdk/storage/azfile/CHANGELOG.md | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/sdk/storage/azblob/CHANGELOG.md b/sdk/storage/azblob/CHANGELOG.md index 7482d7a6b6ae..65b1569271ac 100644 --- a/sdk/storage/azblob/CHANGELOG.md +++ b/sdk/storage/azblob/CHANGELOG.md @@ -8,7 +8,7 @@ ### Bugs Fixed -* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. Fixes [#21841](https://github.com/Azure/azure-sdk-for-go/issues/21841). ### Other Changes diff --git a/sdk/storage/azdatalake/CHANGELOG.md b/sdk/storage/azdatalake/CHANGELOG.md index 7c39964a7c6d..a1bdc56ee002 100644 --- a/sdk/storage/azdatalake/CHANGELOG.md +++ b/sdk/storage/azdatalake/CHANGELOG.md @@ -8,7 +8,7 @@ ### Bugs Fixed -* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. Fixes [#21841](https://github.com/Azure/azure-sdk-for-go/issues/21841). ### Other Changes diff --git a/sdk/storage/azfile/CHANGELOG.md b/sdk/storage/azfile/CHANGELOG.md index 61a5aa7a88d5..af89d25a03ec 100644 --- a/sdk/storage/azfile/CHANGELOG.md +++ b/sdk/storage/azfile/CHANGELOG.md @@ -9,7 +9,7 @@ ### Bugs Fixed -* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. +* Block `SharedKeyCredential` authentication mode for non TLS protected endpoints. Fixes [#21841](https://github.com/Azure/azure-sdk-for-go/issues/21841). ### Other Changes From 2f9c9c14726f436e3cb288f78fa1b85c7983f76c Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 15:53:58 +0530 Subject: [PATCH 5/8] Adding recordings --- sdk/storage/azblob/assets.json | 2 +- sdk/storage/azblob/service/client_test.go | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/sdk/storage/azblob/assets.json b/sdk/storage/azblob/assets.json index 80d6183c5b52..bea6308609da 100644 --- a/sdk/storage/azblob/assets.json +++ b/sdk/storage/azblob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azblob", - "Tag": "go/storage/azblob_0040e8284c" + "Tag": "go/storage/azblob_d290a0fdbc" } diff --git a/sdk/storage/azblob/service/client_test.go b/sdk/storage/azblob/service/client_test.go index c3e53716ac84..f4e9a9c1ea21 100644 --- a/sdk/storage/azblob/service/client_test.go +++ b/sdk/storage/azblob/service/client_test.go @@ -1810,7 +1810,7 @@ func (s *ServiceUnrecordedTestsSuite) TestServiceBlobBatchErrors() { _require.Error(err) } -func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { +func (s *ServiceRecordedTestsSuite) TestServiceClientRejectHTTP() { _require := require.New(s.T()) cred, err := testcommon.GetGenericSharedKeyCredential(testcommon.TestAccountDefault) @@ -1829,7 +1829,9 @@ func (s *ServiceRecordedTestsSuite) TestServiceClientWithNilSharedKey() { accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault) _require.Greater(len(accountName), 0) - svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".blob.core.windows.net/", nil, nil) + options := &service.ClientOptions{} + testcommon.SetClientOptions(s.T(), &options.ClientOptions) + svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".blob.core.windows.net/", nil, options) _require.NoError(err) _, err = svcClient.GetProperties(context.Background(), nil) From 6396420f2c5bdad8a4861b1d69bded14b51c8f4c Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 29 Dec 2023 15:55:34 +0530 Subject: [PATCH 6/8] Adding recordings --- sdk/storage/azdatalake/assets.json | 2 +- sdk/storage/azdatalake/service/client_test.go | 2 +- sdk/storage/azfile/assets.json | 2 +- sdk/storage/azfile/service/client_test.go | 6 ++++-- 4 files changed, 7 insertions(+), 5 deletions(-) diff --git a/sdk/storage/azdatalake/assets.json b/sdk/storage/azdatalake/assets.json index 2a8f02268497..372dddba54e3 100644 --- a/sdk/storage/azdatalake/assets.json +++ b/sdk/storage/azdatalake/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azdatalake", - "Tag": "go/storage/azdatalake_7c0fb050cb" + "Tag": "go/storage/azdatalake_b4ff51bbd3" } \ No newline at end of file diff --git a/sdk/storage/azdatalake/service/client_test.go b/sdk/storage/azdatalake/service/client_test.go index 74878e319cb0..7f4a2eff2241 100644 --- a/sdk/storage/azdatalake/service/client_test.go +++ b/sdk/storage/azdatalake/service/client_test.go @@ -781,7 +781,7 @@ func (s *ServiceRecordedTestsSuite) TestAccountListFilesystemsEmptyPrefix() { _require.GreaterOrEqual(count, 2) } -func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { +func (s *ServiceRecordedTestsSuite) TestServiceClientRejectHTTP() { _require := require.New(s.T()) testName := s.T().Name() diff --git a/sdk/storage/azfile/assets.json b/sdk/storage/azfile/assets.json index 68320e470010..837ecb78ee66 100644 --- a/sdk/storage/azfile/assets.json +++ b/sdk/storage/azfile/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azfile", - "Tag": "go/storage/azfile_f1d39931a0" + "Tag": "go/storage/azfile_8dcec1aeca" } diff --git a/sdk/storage/azfile/service/client_test.go b/sdk/storage/azfile/service/client_test.go index e9bd2accf7f1..6cda562346d7 100644 --- a/sdk/storage/azfile/service/client_test.go +++ b/sdk/storage/azfile/service/client_test.go @@ -630,7 +630,7 @@ func (s *ServiceRecordedTestsSuite) TestPremiumAccountListShares() { } } -func (s *ServiceRecordedTestsSuite) TestServiceClientRequiresHTTPS() { +func (s *ServiceRecordedTestsSuite) TestServiceClientRejectHTTP() { _require := require.New(s.T()) cred, err := testcommon.GetGenericSharedKeyCredential(testcommon.TestAccountDefault) @@ -649,7 +649,9 @@ func (s *ServiceRecordedTestsSuite) TestServiceClientWithNilSharedKey() { accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault) _require.Greater(len(accountName), 0) - svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".file.core.windows.net/", nil, nil) + options := &service.ClientOptions{} + testcommon.SetClientOptions(s.T(), &options.ClientOptions) + svcClient, err := service.NewClientWithSharedKeyCredential("https://"+accountName+".file.core.windows.net/", nil, options) _require.NoError(err) _, err = svcClient.GetProperties(context.Background(), nil) From 69cd4d09c15da8426c212c7cafe79fc935e8ec35 Mon Sep 17 00:00:00 2001 From: Sourav Gupta Date: Fri, 5 Jan 2024 12:38:41 +0530 Subject: [PATCH 7/8] Updating recordings --- sdk/storage/azblob/assets.json | 2 +- sdk/storage/azdatalake/CHANGELOG.md | 1 - sdk/storage/azdatalake/assets.json | 2 +- sdk/storage/azfile/assets.json | 2 +- 4 files changed, 3 insertions(+), 4 deletions(-) diff --git a/sdk/storage/azblob/assets.json b/sdk/storage/azblob/assets.json index a2a2f83f8d49..df7d66f02108 100644 --- a/sdk/storage/azblob/assets.json +++ b/sdk/storage/azblob/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azblob", - "Tag": "go/storage/azblob_ceb9b7d6b4" + "Tag": "go/storage/azblob_9f40a5a13d" } diff --git a/sdk/storage/azdatalake/CHANGELOG.md b/sdk/storage/azdatalake/CHANGELOG.md index 2d1bf6471de3..40d907997e00 100644 --- a/sdk/storage/azdatalake/CHANGELOG.md +++ b/sdk/storage/azdatalake/CHANGELOG.md @@ -16,7 +16,6 @@ ### Other Changes * Updated version of azblob to 1.2.1 - * Updated azcore version to `1.9.1` and azidentity version to `1.4.0`. ## 1.0.0 (2023-10-18) diff --git a/sdk/storage/azdatalake/assets.json b/sdk/storage/azdatalake/assets.json index 877057ad3692..dfaedc2fbadc 100644 --- a/sdk/storage/azdatalake/assets.json +++ b/sdk/storage/azdatalake/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azdatalake", - "Tag": "go/storage/azdatalake_abd1896b54" + "Tag": "go/storage/azdatalake_3ae5e1441b" } \ No newline at end of file diff --git a/sdk/storage/azfile/assets.json b/sdk/storage/azfile/assets.json index 4c4caf344b81..0c84c78afe62 100644 --- a/sdk/storage/azfile/assets.json +++ b/sdk/storage/azfile/assets.json @@ -2,5 +2,5 @@ "AssetsRepo": "Azure/azure-sdk-assets", "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azfile", - "Tag": "go/storage/azfile_f80b868396" + "Tag": "go/storage/azfile_8f8ed3dd66" } From c9b475717f3a51e301fec751d2f73d864ebc4593 Mon Sep 17 00:00:00 2001 From: Sourav Gupta <98318303+souravgupta-msft@users.noreply.github.com> Date: Fri, 5 Jan 2024 12:46:39 +0530 Subject: [PATCH 8/8] Update sdk/storage/azdatalake/assets.json Co-authored-by: Rick Winter --- sdk/storage/azdatalake/assets.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sdk/storage/azdatalake/assets.json b/sdk/storage/azdatalake/assets.json index dfaedc2fbadc..626d6568abd4 100644 --- a/sdk/storage/azdatalake/assets.json +++ b/sdk/storage/azdatalake/assets.json @@ -3,4 +3,4 @@ "AssetsRepoPrefixPath": "go", "TagPrefix": "go/storage/azdatalake", "Tag": "go/storage/azdatalake_3ae5e1441b" -} \ No newline at end of file +}