def test_sas_signature_is_scrubbed_off(self, resource_group, location, storage_account, storage_account_key): # SAS URL is calculated from storage key, so this test runs live only bsc = BlobServiceClient(self.account_url(storage_account, "blob"), storage_account_key) self._setup(bsc) # Arrange container = bsc.get_container_client(self.container_name) token = generate_container_sas( container.account_name, container.container_name, account_key=container.credential.account_key, permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) # parse out the signed signature token_components = parse_qs(token) signed_signature = quote( token_components[QueryStringConstants.SIGNED_SIGNATURE][0]) sas_service = ContainerClient.from_container_url(container.url, credential=token) # Act with LogCaptured(self) as log_captured: sas_service.get_account_information(logging_enable=True) log_as_str = log_captured.getvalue() # Assert # make sure the query parameter 'sig' is logged, but its value is not self.assertTrue( QueryStringConstants.SIGNED_SIGNATURE in log_as_str) self.assertFalse(signed_signature in log_as_str)
def test_copy_source_sas_is_scrubbed_off(self, resource_group, location, storage_account, storage_account_key): # SAS URL is calculated from storage key, so this test runs live only bsc = BlobServiceClient(self.account_url(storage_account, "blob"), storage_account_key) self._setup(bsc) # Arrange dest_blob_name = self.get_resource_name('destblob') dest_blob = bsc.get_blob_client(self.container_name, dest_blob_name) # parse out the signed signature query_parameters = urlparse(self.source_blob_url).query token_components = parse_qs(query_parameters) if QueryStringConstants.SIGNED_SIGNATURE not in token_components: pytest.fail("Blob URL {} doesn't contain {}, parsed query params: {}".format( self.source_blob_url, QueryStringConstants.SIGNED_SIGNATURE, list(token_components.keys()) )) signed_signature = quote(token_components[QueryStringConstants.SIGNED_SIGNATURE][0]) # Act with LogCaptured(self) as log_captured: dest_blob.start_copy_from_url( self.source_blob_url, requires_sync=True, logging_enable=True) log_as_str = log_captured.getvalue() # Assert # make sure the query parameter 'sig' is logged, but its value is not self.assertTrue(QueryStringConstants.SIGNED_SIGNATURE in log_as_str) self.assertFalse(signed_signature in log_as_str) # make sure authorization header is logged, but its value is not # the keyword SharedKey is present in the authorization header's value self.assertTrue(_AUTHORIZATION_HEADER_NAME in log_as_str) self.assertFalse('SharedKey' in log_as_str)
def test_delete_share_with_non_existing_share_fail_not_exist(self, resource_group, location, storage_account, storage_account_key): self._setup(storage_account, storage_account_key) client = self._get_share_reference() # Act with LogCaptured(self) as log_captured: with self.assertRaises(HttpResponseError): client.delete_share() log_as_str = log_captured.getvalue() self._delete_shares()
async def test_delete_share_with_non_existing_share_async(self, resource_group, location, storage_account, storage_account_key): self._setup(storage_account, storage_account_key) client = self._get_share_reference() # Act with LogCaptured(self) as log_captured: with self.assertRaises(HttpResponseError): deleted = await client.delete_share() log_as_str = log_captured.getvalue() self.assertTrue('ERROR' not in log_as_str) await self._delete_shares(client.share_name)
def test_authorization_is_scrubbed_off(self, resource_group, location, storage_account, storage_account_key): # Arrange bsc = BlobServiceClient(self.account_url(storage_account, "blob"), storage_account_key) self._setup(bsc) container = bsc.get_container_client(self.container_name) # Act with LogCaptured(self) as log_captured: container.get_container_properties(logging_enable=True) log_as_str = log_captured.getvalue() # Assert # make sure authorization header is logged, but its value is not # the keyword SharedKey is present in the authorization header's value self.assertTrue(_AUTHORIZATION_HEADER_NAME in log_as_str) self.assertFalse('SharedKey' in log_as_str)