Storage/STG91 Audience remove scope (Azure#5019)

* Audience remove scope

* update record

* update test

* Update sdk/storage/azure-storage-common/src/storage_credential.cpp

Co-authored-by: JinmingHu <[email protected]>

---------

Co-authored-by: JinmingHu <[email protected]>

Author: microzchang

sdk/storage/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "cpp",
   "TagPrefix": "cpp/storage",
-  "Tag": "cpp/storage_e44851d82e"
+  "Tag": "cpp/storage_38dec59ffb"
 }

sdk/storage/azure-storage-blobs/src/blob_client.cpp

@@ -87,8 +87,9 @@ namespace Azure { namespace Storage { namespace Blobs {
     {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(
-          options.Audience.HasValue() ? options.Audience.Value().ToString()
-                                      : Models::BlobAudience::PublicAudience.ToString());
+          options.Audience.HasValue()
+              ? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
+              : _internal::StorageScope);
       perRetryPolicies.emplace_back(
           std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
               credential, tokenContext, options.EnableTenantDiscovery));

sdk/storage/azure-storage-blobs/src/blob_container_client.cpp

@@ -170,8 +170,9 @@ namespace Azure { namespace Storage { namespace Blobs {
     {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(
-          options.Audience.HasValue() ? options.Audience.Value().ToString()
-                                      : Models::BlobAudience::PublicAudience.ToString());
+          options.Audience.HasValue()
+              ? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
+              : _internal::StorageScope);
       tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
           credential, tokenContext, options.EnableTenantDiscovery);
       perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());

sdk/storage/azure-storage-blobs/src/blob_options.cpp

@@ -6,7 +6,7 @@
 namespace Azure { namespace Storage { namespace Blobs {
 
   namespace Models {
-    const BlobAudience BlobAudience::PublicAudience(Azure::Storage::_internal::StorageScope);
+    const BlobAudience BlobAudience::PublicAudience(_internal::StoragePublicAudience);
   } // namespace Models
 
   BlobQueryInputTextOptions BlobQueryInputTextOptions::CreateCsvTextOptions(

sdk/storage/azure-storage-blobs/src/blob_service_client.cpp

@@ -83,8 +83,9 @@ namespace Azure { namespace Storage { namespace Blobs {
     {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(
-          options.Audience.HasValue() ? options.Audience.Value().ToString()
-                                      : Models::BlobAudience::PublicAudience.ToString());
+          options.Audience.HasValue()
+              ? _internal::GetDefaultScopeForAudience(options.Audience.Value().ToString())
+              : _internal::StorageScope);
       tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
           credential, tokenContext, options.EnableTenantDiscovery);
       perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());

sdk/storage/azure-storage-blobs/test/ut/bearer_token_test.cpp

@@ -51,8 +51,8 @@ namespace Azure { namespace Storage { namespace Test {
 
     // With custom audience
     auto blobUrl = Azure::Core::Url(m_blockBlobClient->GetUrl());
-    clientOptions.Audience = Blobs::Models::BlobAudience(
-        blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/.default");
+    clientOptions.Audience
+        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
     blobClient = Blobs::BlobClient(
         m_blockBlobClient->GetUrl(),
         std::make_shared<Azure::Identity::ClientSecretCredential>(

sdk/storage/azure-storage-blobs/test/ut/blob_container_client_test.cpp

@@ -1456,14 +1456,14 @@ namespace Azure { namespace Storage { namespace Test {
 
     // custom audience
     auto containerUrl = Azure::Core::Url(containerClient.GetUrl());
-    clientOptions.Audience = Blobs::Models::BlobAudience(
-        containerUrl.GetScheme() + "://" + containerUrl.GetHost() + "/.default");
+    clientOptions.Audience
+        = Blobs::Models::BlobAudience(containerUrl.GetScheme() + "://" + containerUrl.GetHost());
     containerClient
         = Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(containerClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
+    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
     containerClient
         = Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(containerClient.GetProperties(), StorageException);

sdk/storage/azure-storage-blobs/test/ut/blob_service_client_test.cpp

@@ -514,14 +514,14 @@ namespace Azure { namespace Storage { namespace Test {
 
     // custom audience
     auto serviceUrl = Azure::Core::Url(serviceClient.GetUrl());
-    clientOptions.Audience = Blobs::Models::BlobAudience(
-        serviceUrl.GetScheme() + "://" + serviceUrl.GetHost() + "/.default");
+    clientOptions.Audience
+        = Blobs::Models::BlobAudience(serviceUrl.GetScheme() + "://" + serviceUrl.GetHost());
     serviceClient
         = Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(serviceClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
+    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
     serviceClient
         = Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(serviceClient.GetProperties(), StorageException);

sdk/storage/azure-storage-blobs/test/ut/block_blob_client_test.cpp

@@ -2040,16 +2040,27 @@ namespace Azure { namespace Storage { namespace Test {
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
 
+    // public audience
+    clientOptions.Audience = Blobs::Models::BlobAudience::PublicAudience;
+    blockBlobClient
+        = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(blockBlobClient.GetProperties());
+
     // custom audience
     auto blobUrl = Azure::Core::Url(blockBlobClient.GetUrl());
-    clientOptions.Audience = Blobs::Models::BlobAudience(
-        blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/.default");
+    clientOptions.Audience
+        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
+    blockBlobClient
+        = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(blockBlobClient.GetProperties());
+    clientOptions.Audience
+        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/");
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com/.default");
+    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(blockBlobClient.GetProperties(), StorageException);

sdk/storage/azure-storage-common/inc/azure/storage/common/internal/constants.hpp

@@ -11,6 +11,7 @@ namespace Azure { namespace Storage { namespace _internal {
   constexpr static const char* HttpQuerySnapshot = "snapshot";
   constexpr static const char* HttpQueryVersionId = "versionid";
   constexpr static const char* StorageScope = "https://storage.azure.com/.default";
+  constexpr static const char* StoragePublicAudience = "https://storage.azure.com";
   constexpr static const char* HttpHeaderDate = "date";
   constexpr static const char* HttpHeaderXMsVersion = "x-ms-version";
   constexpr static const char* HttpHeaderRequestId = "x-ms-request-id";