Skip to content

Commit

Permalink
storage, add security related properties to Fluent API (#1376)
Browse files Browse the repository at this point in the history
* default to TLS 1.2 for storage account

* support allowBlobPublicAccess

* remove storage data dependency in appservice
  • Loading branch information
weidongxu-microsoft authored Mar 8, 2021
1 parent 28c8829 commit dc116e3
Show file tree
Hide file tree
Showing 4 changed files with 191 additions and 12 deletions.
4 changes: 0 additions & 4 deletions azure-mgmt-appservice/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -75,10 +75,6 @@
<artifactId>azure-mgmt-dns</artifactId>
<version>1.40.1-SNAPSHOT</version>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-storage</artifactId>
</dependency>
<dependency>
<groupId>com.microsoft.azure</groupId>
<artifactId>azure-client-authentication</artifactId>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -207,6 +207,32 @@ public interface StorageAccount extends
@Beta
boolean isLargeFileSharesEnabled();

/**
* @return the minimum TLS version for HTTPS traffic.
*/
MinimumTlsVersion minimumTlsVersion();

/**
* Checks whether storage account only allow HTTPS traffic.
*
* @return true if only allow HTTPS traffic, false otherwise
*/
boolean isHttpsTrafficOnly();

/**
* Checks whether blob public access is allowed.
*
* @return true if blob public access is allowed, false otherwise
*/
boolean isBlobPublicAccessAllowed();

// /**
// * Checks whether shared key access is allowed.
// *
// * @return true if shared key access is allowed, false otherwise
// */
// boolean isSharedKeyAccessAllowed();

/**
* Fetch the up-to-date access keys from Azure for this storage account.
*
Expand Down Expand Up @@ -485,9 +511,41 @@ interface WithAccessTraffic {
*
* @return the next stage of storage account definition
*/
@Beta(Beta.SinceVersion.V1_5_0)
@Method
WithCreate withOnlyHttpsTraffic();

/**
* Specifies that both http and https traffic should be allowed to storage account.
*
* @return the next stage of storage account definition
*/
WithCreate withHttpAndHttpsTraffic();

/**
* Specifies the minimum TLS version for HTTPS traffic.
*
* @param minimumTlsVersion the minimum TLS version
* @return the next stage of storage account definition
*/
WithCreate withMinimumTlsVersion(MinimumTlsVersion minimumTlsVersion);
}

/** The stage of storage account definition allowing to configure blob access. */
interface WithBlobAccess {
/**
* Disables blob public access.
*
* Disabling in storage account overrides the public access settings for individual containers.
*
* @return the next stage of storage account definition
*/
WithCreate disableBlobPublicAccess();

// /**
// * Disables shared key access.
// *
// * @return the next stage of storage account definition
// */
// WithCreate disableSharedKeyAccess();
}

/**
Expand Down Expand Up @@ -639,6 +697,7 @@ interface WithCreate extends
DefinitionStages.WithAzureFilesAadIntegration,
DefinitionStages.WithLargeFileShares,
DefinitionStages.WithHns,
DefinitionStages.WithBlobAccess,
Resource.DefinitionWithTags<WithCreate> {
}

Expand Down Expand Up @@ -832,20 +891,56 @@ interface WithAccessTraffic {
*
* @return the next stage of storage account update
*/
@Beta(Beta.SinceVersion.V1_5_0)
@Method
Update withOnlyHttpsTraffic();

/**
* Specifies that both http and https traffic should be allowed to storage account.
*
* @return the next stage of storage account update
*/
@Beta(Beta.SinceVersion.V1_5_0)
@Method
Update withHttpAndHttpsTraffic();

/**
* Specifies the minimal TLS version for HTTPS traffic.
*
* @param minimumTlsVersion the minimum TLS version
* @return the next stage of storage account update
*/
Update withMinimumTlsVersion(MinimumTlsVersion minimumTlsVersion);
}

/** The stage of storage account update allowing to configure blob access. */
interface WithBlobAccess {
/**
* Allows blob public access, configured by individual containers.
*
* @return the next stage of storage account update
*/
Update enableBlobPublicAccess();

/**
* Disables blob public access.
*
* Disabling in storage account overrides the public access settings for individual containers.
*
* @return the next stage of storage account update
*/
Update disableBlobPublicAccess();

// /**
// * Allows shared key access.
// *
// * @return the next stage of storage account update
// */
// Update enableSharedKeyAccess();
//
// /**
// * Disables shared key access.
// *
// * @return the next stage of storage account update
// */
// Update disableSharedKeyAccess();
}

/**
* The stage of storage account update allowing to configure network access.
Expand Down Expand Up @@ -1017,6 +1112,7 @@ interface Update extends
UpdateStages.WithAccessTraffic,
UpdateStages.WithNetworkAccess,
UpdateStages.WithUpgrade,
UpdateStages.WithBlobAccess,
Resource.UpdateWithTags<Update> {
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@
import com.microsoft.azure.management.storage.Identity;
import com.microsoft.azure.management.storage.Kind;
import com.microsoft.azure.management.storage.LargeFileSharesState;
import com.microsoft.azure.management.storage.MinimumTlsVersion;
import com.microsoft.azure.management.storage.ProvisioningState;
import com.microsoft.azure.management.storage.PublicEndpoints;
import com.microsoft.azure.management.storage.Sku;
Expand Down Expand Up @@ -215,6 +216,36 @@ public boolean isLargeFileSharesEnabled() {
return this.inner().largeFileSharesState() == LargeFileSharesState.ENABLED;
}

@Override
public MinimumTlsVersion minimumTlsVersion() {
return this.inner().minimumTlsVersion();
}


@Override
public boolean isHttpsTrafficOnly() {
if (this.inner().enableHttpsTrafficOnly() == null) {
return true;
}
return this.inner().enableHttpsTrafficOnly();
}

@Override
public boolean isBlobPublicAccessAllowed() {
if (this.inner().allowBlobPublicAccess() == null) {
return true;
}
return this.inner().allowBlobPublicAccess();
}

// @Override
// public boolean isSharedKeyAccessAllowed() {
// if (this.inner().allowSharedKeyAccess() == null) {
// return true;
// }
// return this.inner().allowSharedKeyAccess();
// }

@Override
public List<StorageAccountKey> getKeys() {
return this.getKeysAsync().toBlocking().last();
Expand Down Expand Up @@ -433,10 +464,63 @@ public StorageAccountImpl withOnlyHttpsTraffic() {

@Override
public StorageAccountImpl withHttpAndHttpsTraffic() {
updateParameters.withEnableHttpsTrafficOnly(false);
if (isInCreateMode()) {
createParameters.withEnableHttpsTrafficOnly(false);
} else {
updateParameters.withEnableHttpsTrafficOnly(false);
}
return this;
}

@Override
public StorageAccountImpl withMinimumTlsVersion(MinimumTlsVersion minimumTlsVersion) {
if (isInCreateMode()) {
createParameters.withMinimumTlsVersion(minimumTlsVersion);
} else {
updateParameters.withMinimumTlsVersion(minimumTlsVersion);
}
return this;
}

@Override
public StorageAccountImpl enableBlobPublicAccess() {
if (isInCreateMode()) {
createParameters.withAllowBlobPublicAccess(true);
} else {
updateParameters.withAllowBlobPublicAccess(true);
}
return this;
}

@Override
public StorageAccountImpl disableBlobPublicAccess() {
if (isInCreateMode()) {
createParameters.withAllowBlobPublicAccess(false);
} else {
updateParameters.withAllowBlobPublicAccess(false);
}
return this;
}

// @Override
// public StorageAccountImpl enableSharedKeyAccess() {
// if (isInCreateMode()) {
// createParameters.withAllowSharedKeyAccess(true);
// } else {
// updateParameters.withAllowSharedKeyAccess(true);
// }
// return this;
// }
//
// @Override
// public StorageAccountImpl disableSharedKeyAccess() {
// if (isInCreateMode()) {
// createParameters.withAllowSharedKeyAccess(false);
// } else {
// updateParameters.withAllowSharedKeyAccess(false);
// }
// return this;
// }

@Override
public StorageAccountImpl withAccessFromAllNetworks() {
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@
import com.microsoft.azure.management.apigeneration.LangDefinition;
import com.microsoft.azure.management.resources.fluentcore.arm.collection.implementation.TopLevelModifiableResourcesImpl;
import com.microsoft.azure.management.storage.CheckNameAvailabilityResult;
import com.microsoft.azure.management.storage.MinimumTlsVersion;
import com.microsoft.azure.management.storage.ServiceSasParameters;
import com.microsoft.azure.management.storage.StorageAccount;
import com.microsoft.azure.management.storage.StorageAccountSkuType;
Expand Down Expand Up @@ -60,7 +61,9 @@ public ServiceFuture<CheckNameAvailabilityResult> checkNameAvailabilityAsync(Str
public StorageAccountImpl define(String name) {
return wrapModel(name)
.withSku(StorageAccountSkuType.STANDARD_RAGRS)
.withGeneralPurposeAccountKindV2();
.withGeneralPurposeAccountKindV2()
.withOnlyHttpsTraffic()
.withMinimumTlsVersion(MinimumTlsVersion.TLS1_2);
}

@Override
Expand Down

0 comments on commit dc116e3

Please sign in to comment.