Storage/feature parity (Azure#4869)

* add content type support on rename file. (Azure#4712)

* Storage/STG74 Bearer Challenge (Azure#4743)

* bearer challenge

* Storage/STG78 OAuth Copy (Azure#4831)

* OAuth Copy

* add test for oauth copy

* add test

* fix conversation

* fix conversation

* update clang format

* update test record

* update test case

* fix unit test cases

* update recordings

* recordings

* fff

* fix doc

* CL

* recording

* fix typo

* CL

* recording

* revert debug code

---------

Co-authored-by: Jinming Hu <[email protected]>

Author: microzchang

sdk/storage/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "cpp",
   "TagPrefix": "cpp/storage",
-  "Tag": "cpp/storage_62e8551aa8"
+  "Tag": "cpp/storage_366c2de93d"
 }

sdk/storage/azure-storage-blobs/CHANGELOG.md

@@ -4,6 +4,10 @@
 
 ### Features Added
 
+- TenantId can now be discovered through the service challenge response, when using a TokenCredential for authorization.
+    - A new property is now available on `BlobClientOptions` called `EnableTenantDiscovery`. If set to `true`, the client will attempt an initial unauthorized request to the service to prompt a challenge containing the tenantId hint.
+- Added a new field `SourceAuthorization` in options for copy operations, which can be used to specify authorization for copy source.
+
 ### Breaking Changes
 
 ### Bugs Fixed

sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_options.hpp

@@ -158,6 +158,13 @@ namespace Azure { namespace Storage { namespace Blobs {
      * API version used by this client.
      */
     std::string ApiVersion;
+
+    /**
+     * Enables tenant discovery through the authorization challenge when the client is configured to
+     * use a TokenCredential. When enabled, the client will attempt an initial un-authorized request
+     * to prompt a challenge in order to discover the correct tenant for the resource.
+     */
+    bool EnableTenantDiscovery = false;
   };
 
   /**
@@ -580,6 +587,14 @@ namespace Azure { namespace Storage { namespace Blobs {
      * in this option. Default is to replace.
      */
     Models::BlobCopySourceTagsMode CopySourceTagsMode;
+
+    /**
+     * @brief Optional. Source authorization used to access the source file.
+     * The format is: \<scheme\> \<signature\>
+     * Only Bearer type is supported. Credentials should be a valid OAuth access token to copy
+     * source.
+     */
+    std::string SourceAuthorization;
   };
 
   /**
@@ -949,6 +964,14 @@ namespace Azure { namespace Storage { namespace Blobs {
      * in this option. Default is to replace.
      */
     Models::BlobCopySourceTagsMode CopySourceTagsMode;
+
+    /**
+     * @brief Optional. Source authorization used to access the source file.
+     * The format is: \<scheme\> \<signature\>
+     * Only Bearer type is supported. Credentials should be a valid OAuth access token to copy
+     * source.
+     */
+    std::string SourceAuthorization;
   };
 
   /**
@@ -997,6 +1020,14 @@ namespace Azure { namespace Storage { namespace Blobs {
        * @brief Optional conditions that the source must meet to perform this operation.
        */
     SourceAccessConditions;
+
+    /**
+     * @brief Optional. Source authorization used to access the source file.
+     * The format is: \<scheme\> \<signature\>
+     * Only Bearer type is supported. Credentials should be a valid OAuth access token to copy
+     * source.
+     */
+    std::string SourceAuthorization;
   };
 
   /**
@@ -1282,6 +1313,14 @@ namespace Azure { namespace Storage { namespace Blobs {
      * @brief Optional conditions that must be met to perform this operation.
      */
     AppendBlobAccessConditions AccessConditions;
+
+    /**
+     * @brief Optional. Source authorization used to access the source file.
+     * The format is: \<scheme\> \<signature\>
+     * Only Bearer type is supported. Credentials should be a valid OAuth access token to copy
+     * source.
+     */
+    std::string SourceAuthorization;
   };
 
   /**
@@ -1385,6 +1424,14 @@ namespace Azure { namespace Storage { namespace Blobs {
        * @brief Optional conditions that the source must meet to perform this operation.
        */
     SourceAccessConditions;
+
+    /**
+     * @brief Optional. Source authorization used to access the source file.
+     * The format is: \<scheme\> \<signature\>
+     * Only Bearer type is supported. Credentials should be a valid OAuth access token to copy
+     * source.
+     */
+    std::string SourceAuthorization;
   };
 
   /**

sdk/storage/azure-storage-blobs/src/append_blob_client.cpp

@@ -216,6 +216,10 @@ namespace Azure { namespace Storage { namespace Blobs {
       protocolLayerOptions.EncryptionAlgorithm = m_customerProvidedKey.Value().Algorithm.ToString();
     }
     protocolLayerOptions.EncryptionScope = m_encryptionScope;
+    if (!options.SourceAuthorization.empty())
+    {
+      protocolLayerOptions.CopySourceAuthorization = options.SourceAuthorization;
+    }
     return _detail::AppendBlobClient::AppendBlockFromUri(
         *m_pipeline, m_blobUrl, protocolLayerOptions, context);
   }

sdk/storage/azure-storage-blobs/src/blob_client.cpp

@@ -16,6 +16,7 @@
 #include <azure/storage/common/internal/file_io.hpp>
 #include <azure/storage/common/internal/reliable_stream.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
@@ -87,8 +88,8 @@ namespace Azure { namespace Storage { namespace Blobs {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(_internal::StorageScope);
       perRetryPolicies.emplace_back(
-          std::make_unique<Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
-              credential, tokenContext));
+          std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
+              credential, tokenContext, options.EnableTenantDiscovery));
     }
     perOperationPolicies.emplace_back(
         std::make_unique<_internal::StorageServiceVersionPolicy>(options.ApiVersion));
@@ -677,6 +678,10 @@ namespace Azure { namespace Storage { namespace Blobs {
     protocolLayerOptions.LegalHold = options.HasLegalHold;
     protocolLayerOptions.EncryptionScope = m_encryptionScope;
     protocolLayerOptions.CopySourceTags = options.CopySourceTagsMode;
+    if (!options.SourceAuthorization.empty())
+    {
+      protocolLayerOptions.CopySourceAuthorization = options.SourceAuthorization;
+    }
 
     return _detail::BlobClient::CopyFromUri(*m_pipeline, m_blobUrl, protocolLayerOptions, context);
   }

sdk/storage/azure-storage-blobs/src/blob_container_client.cpp

@@ -13,6 +13,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
@@ -169,9 +170,8 @@ namespace Azure { namespace Storage { namespace Blobs {
     {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(_internal::StorageScope);
-      tokenAuthPolicy = std::make_unique<
-          Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
-          credential, tokenContext);
+      tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
+          credential, tokenContext, options.EnableTenantDiscovery);
       perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());
     }
     perOperationPolicies.emplace_back(

sdk/storage/azure-storage-blobs/src/blob_service_client.cpp

@@ -10,6 +10,7 @@
 #include <azure/storage/common/crypt.hpp>
 #include <azure/storage/common/internal/constants.hpp>
 #include <azure/storage/common/internal/shared_key_policy.hpp>
+#include <azure/storage/common/internal/storage_bearer_token_authentication_policy.hpp>
 #include <azure/storage/common/internal/storage_per_retry_policy.hpp>
 #include <azure/storage/common/internal/storage_service_version_policy.hpp>
 #include <azure/storage/common/internal/storage_switch_to_secondary_policy.hpp>
@@ -82,9 +83,8 @@ namespace Azure { namespace Storage { namespace Blobs {
     {
       Azure::Core::Credentials::TokenRequestContext tokenContext;
       tokenContext.Scopes.emplace_back(_internal::StorageScope);
-      tokenAuthPolicy = std::make_unique<
-          Azure::Core::Http::Policies::_internal::BearerTokenAuthenticationPolicy>(
-          credential, tokenContext);
+      tokenAuthPolicy = std::make_unique<_internal::StorageBearerTokenAuthenticationPolicy>(
+          credential, tokenContext, options.EnableTenantDiscovery);
       perRetryPolicies.emplace_back(tokenAuthPolicy->Clone());
     }
     perOperationPolicies.emplace_back(

sdk/storage/azure-storage-blobs/src/block_blob_client.cpp

@@ -379,6 +379,11 @@ namespace Azure { namespace Storage { namespace Blobs {
     }
     protocolLayerOptions.EncryptionScope = m_encryptionScope;
     protocolLayerOptions.CopySourceTags = options.CopySourceTagsMode;
+    if (!options.SourceAuthorization.empty())
+    {
+      protocolLayerOptions.CopySourceAuthorization = options.SourceAuthorization;
+    }
+
     return _detail::BlockBlobClient::UploadFromUri(
         *m_pipeline, m_blobUrl, protocolLayerOptions, context);
   }
@@ -458,6 +463,11 @@ namespace Azure { namespace Storage { namespace Blobs {
       protocolLayerOptions.EncryptionAlgorithm = m_customerProvidedKey.Value().Algorithm.ToString();
     }
     protocolLayerOptions.EncryptionScope = m_encryptionScope;
+    if (!options.SourceAuthorization.empty())
+    {
+      protocolLayerOptions.CopySourceAuthorization = options.SourceAuthorization;
+    }
+
     return _detail::BlockBlobClient::StageBlockFromUri(
         *m_pipeline, m_blobUrl, protocolLayerOptions, context);
   }

sdk/storage/azure-storage-blobs/src/page_blob_client.cpp

@@ -233,6 +233,10 @@ namespace Azure { namespace Storage { namespace Blobs {
       protocolLayerOptions.EncryptionAlgorithm = m_customerProvidedKey.Value().Algorithm.ToString();
     }
     protocolLayerOptions.EncryptionScope = m_encryptionScope;
+    if (!options.SourceAuthorization.empty())
+    {
+      protocolLayerOptions.CopySourceAuthorization = options.SourceAuthorization;
+    }
     return _detail::PageBlobClient::UploadPagesFromUri(
         *m_pipeline, m_blobUrl, protocolLayerOptions, context);
   }

sdk/storage/azure-storage-blobs/test/ut/CMakeLists.txt

@@ -18,6 +18,7 @@ add_executable (
   azure-storage-blobs-test
     append_blob_client_test.cpp
     append_blob_client_test.hpp
+    bearer_token_test.cpp
     blob_batch_client_test.cpp
     blob_container_client_test.cpp
     blob_container_client_test.hpp