def test_sas_signature_is_scrubbed_off(self, resource_group, location,
storage_account,
storage_account_key):
# SAS URL is calculated from storage key, so this test runs live only
bsc = BlobServiceClient(self.account_url(storage_account, "blob"),
storage_account_key)
self._setup(bsc)
# Arrange
container = bsc.get_container_client(self.container_name)
token = generate_container_sas(
container.account_name,
container.container_name,
account_key=container.credential.account_key,
permission=ContainerSasPermissions(read=True),
expiry=datetime.utcnow() + timedelta(hours=1),
)
# parse out the signed signature
token_components = parse_qs(token)
signed_signature = quote(
token_components[QueryStringConstants.SIGNED_SIGNATURE][0])
sas_service = ContainerClient.from_container_url(container.url,
credential=token)
# Act
with LogCaptured(self) as log_captured:
sas_service.get_account_information(logging_enable=True)
log_as_str = log_captured.getvalue()
# Assert
# make sure the query parameter 'sig' is logged, but its value is not
self.assertTrue(
QueryStringConstants.SIGNED_SIGNATURE in log_as_str)
self.assertFalse(signed_signature in log_as_str)
def test_copy_source_sas_is_scrubbed_off(self, resource_group, location, storage_account, storage_account_key):
# SAS URL is calculated from storage key, so this test runs live only
bsc = BlobServiceClient(self.account_url(storage_account, "blob"), storage_account_key)
self._setup(bsc)
# Arrange
dest_blob_name = self.get_resource_name('destblob')
dest_blob = bsc.get_blob_client(self.container_name, dest_blob_name)
# parse out the signed signature
query_parameters = urlparse(self.source_blob_url).query
token_components = parse_qs(query_parameters)
if QueryStringConstants.SIGNED_SIGNATURE not in token_components:
pytest.fail("Blob URL {} doesn't contain {}, parsed query params: {}".format(
self.source_blob_url,
QueryStringConstants.SIGNED_SIGNATURE,
list(token_components.keys())
))
signed_signature = quote(token_components[QueryStringConstants.SIGNED_SIGNATURE][0])
# Act
with LogCaptured(self) as log_captured:
dest_blob.start_copy_from_url(
self.source_blob_url, requires_sync=True, logging_enable=True)
log_as_str = log_captured.getvalue()
# Assert
# make sure the query parameter 'sig' is logged, but its value is not
self.assertTrue(QueryStringConstants.SIGNED_SIGNATURE in log_as_str)
self.assertFalse(signed_signature in log_as_str)
# make sure authorization header is logged, but its value is not
# the keyword SharedKey is present in the authorization header's value
self.assertTrue(_AUTHORIZATION_HEADER_NAME in log_as_str)
self.assertFalse('SharedKey' in log_as_str)
def test_delete_share_with_non_existing_share_fail_not_exist(self, resource_group, location, storage_account, storage_account_key):
self._setup(storage_account, storage_account_key)
client = self._get_share_reference()
# Act
with LogCaptured(self) as log_captured:
with self.assertRaises(HttpResponseError):
client.delete_share()
log_as_str = log_captured.getvalue()
self._delete_shares()
async def test_delete_share_with_non_existing_share_async(self, resource_group, location, storage_account, storage_account_key):
self._setup(storage_account, storage_account_key)
client = self._get_share_reference()
# Act
with LogCaptured(self) as log_captured:
with self.assertRaises(HttpResponseError):
deleted = await client.delete_share()
log_as_str = log_captured.getvalue()
self.assertTrue('ERROR' not in log_as_str)
await self._delete_shares(client.share_name)
def test_authorization_is_scrubbed_off(self, resource_group, location, storage_account, storage_account_key):
# Arrange
bsc = BlobServiceClient(self.account_url(storage_account, "blob"), storage_account_key)
self._setup(bsc)
container = bsc.get_container_client(self.container_name)
# Act
with LogCaptured(self) as log_captured:
container.get_container_properties(logging_enable=True)
log_as_str = log_captured.getvalue()
# Assert
# make sure authorization header is logged, but its value is not
# the keyword SharedKey is present in the authorization header's value
self.assertTrue(_AUTHORIZATION_HEADER_NAME in log_as_str)
self.assertFalse('SharedKey' in log_as_str)