Skip to content

Storage - STG102 Directory-Level SAS on Blob FNS#48477

Draft
ibrandes wants to merge 4 commits intoAzure:feature/storage/stg102basefrom
ibrandes:stg102/directoryLevelSasFNS
Draft

Storage - STG102 Directory-Level SAS on Blob FNS#48477
ibrandes wants to merge 4 commits intoAzure:feature/storage/stg102basefrom
ibrandes:stg102/directoryLevelSasFNS

Conversation

@ibrandes
Copy link
Member

@ibrandes ibrandes commented Mar 19, 2026

No description provided.

@github-actions github-actions bot added the Storage Storage Service (Queues, Blobs, Files) label Mar 19, 2026
@ibrandes ibrandes requested a review from Copilot March 19, 2026 20:49
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support and tests for directory-level Service SAS on Blob Flat Namespace (FNS), including emitting the directory resource type (sr=d) and directory depth (sdd) and validating behavior in unit/integration tests.

Changes:

  • Introduces setDirectory(...) / isDirectory() on BlobServiceSasSignatureValues to indicate directory-level SAS intent.
  • Updates BlobSasImplUtil to select directory resource (sr=d) and compute directory depth for SAS.
  • Adds/extends tests to cover directory canonicalization/resource selection and end-to-end directory SAS usage (shared key + user delegation).

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 8 comments.

File Description
sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/implementation/util/BlobSasImplUtil.java Adds directory SAS resource selection and emits directory depth query parameter.
sdk/storage/azure-storage-blob/src/main/java/com/azure/storage/blob/sas/BlobServiceSasSignatureValues.java Adds public API surface to mark SAS as directory-level.
sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasClientTests.java Adds new directory SAS integration tests and updates canonicalized resource test cases.
sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobServiceSasModelsTests.java Extends ensureState() tests to validate directory resource/depth handling.

@ibrandes ibrandes requested a review from Copilot March 19, 2026 23:15
Copilot AI reviewed Mar 19, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

browndav-msft
browndav-msft reviewed Mar 21, 2026
View reviewed changes
sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java
allPermissions.setImmutabilityPolicyPermission(true);
}
BlobSasPermission allPermissions = getAllBlobSasPermissions();

Copy link
Member

@browndav-msft browndav-msft Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just for my understanding, we're consolidating everything because the version will be the latest version (since we don't have a ServiceVersion annotation at the top?

browndav-msft
browndav-msft reviewed Mar 21, 2026
View reviewed changes
sdk/storage/azure-storage-blob/src/test/java/com/azure/storage/blob/SasAsyncClientTests.java

StepVerifier.create(appendBlobClient1.create().flatMap(ignored -> appendBlobClient2.create()).then())
.verifyComplete();
}
Copy link
Member

@browndav-msft browndav-msft Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just a question, ghcp says its oaky (and there are no asserts in dotnet), but should we assert something? I know StepVerifier will catch any errors, but should we check that a read permission or something is set?

browndav-msft
browndav-msft reviewed Mar 21, 2026
View reviewed changes
...orage/azure-storage-blob/src/test/java/com/azure/storage/blob/BlobServiceSasModelsTests.java
BlobSasImplUtil implUtil = new BlobSasImplUtil(sasValues, containerName, blobName, null, null, null);

List<String> stringToSignHolder = new ArrayList<>();
String sasToken = implUtil.generateSas(ENVIRONMENT.getPrimaryAccount().getCredential(), stringToSignHolder::add,
Copy link
Member

@browndav-msft browndav-msft Mar 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

good use of the stringToSignHolderHandler. I remember seeing this when I was debugging some tests a while back and it was quite useful for seeing the actual values that go in instead of a bunch of trying to count newlines 😅

@browndav-msft
Copy link
Member

browndav-msft commented Mar 21, 2026

It looks like you need to run all of the tests at once to capture them at once. E.g. when I ran BlobServiceSasModelsTests#ensureStateResourceAndPermission in playback mode with the old 4 it passes. When I run it with the four you wrote, it passes. When I run it with all 8, it says that 5-8 are missing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@browndav-msft browndav-msft browndav-msft left review comments

@alzimmermsft alzimmermsft Awaiting requested review from alzimmermsft alzimmermsft will be requested when the pull request is marked ready for review alzimmermsft is a code owner

@gunjansingh-msft gunjansingh-msft Awaiting requested review from gunjansingh-msft gunjansingh-msft will be requested when the pull request is marked ready for review gunjansingh-msft is a code owner

@kyleknap kyleknap Awaiting requested review from kyleknap kyleknap will be requested when the pull request is marked ready for review kyleknap is a code owner

@seanmcc-msft seanmcc-msft Awaiting requested review from seanmcc-msft seanmcc-msft will be requested when the pull request is marked ready for review seanmcc-msft is a code owner

Assignees

No one assigned

Labels

Storage Storage Service (Queues, Blobs, Files)

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ibrandes @browndav-msft