Fix SAS token generation for directory-scoped access #1277
Conversation
There was a problem hiding this comment.
Thanks for the contribution! This looks positive.
My only requested change is to use usize rather than u32, in most of the counting results (think Iterator::count or String::len return usize.
| assert!(signed_token.contains("sr=b")); | ||
| // this assert will be a bad idea if we ever add a new field that ends with "sdd" | ||
| assert!(!signed_token.contains("sdd=")); |
There was a problem hiding this comment.
As this example uses a constant expire date of 1970-01-08, the signed token result should always be the same. What are your thoughts for just having a const for the expected result?
Otherwise, to address your comment, this could also naively split on &, as the SasToken in the example should not result in a & except as a delim.
There was a problem hiding this comment.
Good idea!
I added both better splitting and an assert against a hardcoded string. This way you get more clear failures if things break but have a wider test too.
If people add more tests later or other things break the hardcoded tests they can remove one or the other
Co-authored-by: Brian Caswell <[email protected]>
|
Thanks for the approve @demoray ! |
You didn't need to do anything else. I needed CI to validate the changes, which has been done now. |
Directory scoped SAS tokens require
signedDirectoryDepthfield to work. This adds it as an optional element.Docs say "The value of the sdd field must be a non-negative integer." so I went with a u32 assuming no one would need a higher directory depth than that. Is that a sensible assumption?
I also added some tests but they aren't particularly inspired so I am happy to change/remove them
Links:
About directory scoped access: https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#service-sas-support-for-directory-scoped-access
Directory depth field: https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#specify-the-directory-depth