azblob: STG91 upgrade

sdk/storage/azblob/CHANGELOG.md

@@ -4,6 +4,9 @@
 
 ### Features Added
 
+* Updated service version to `2023-11-03`.
+* Added support for Audience when OAuth is used.
+
 ### Breaking Changes
 
 ### Bugs Fixed

sdk/storage/azblob/README.md

@@ -1,6 +1,6 @@
 # Azure Blob Storage module for Go
 
-> Service Version: 2023-08-03
+> Service Version: 2023-11-03
 
 Azure Blob Storage is Microsoft's object storage solution for the cloud. Blob
 Storage is optimized for storing massive amounts of unstructured data - data that does not adhere to a particular data model or

sdk/storage/azblob/appendblob/client.go

@@ -35,7 +35,8 @@ type Client base.CompositeClient[generated.BlobClient, generated.AppendBlobClien
 //   - cred - an Azure AD credential, typically obtained via the azidentity module
 //   - options - client options; pass nil to accept the default values
 func NewClient(blobURL string, cred azcore.TokenCredential, options *ClientOptions) (*Client, error) {
-	authPolicy := shared.NewStorageChallengePolicy(cred)
+	audience := base.GetAudience((*base.ClientOptions)(options))
+	authPolicy := shared.NewStorageChallengePolicy(cred, audience)
 	conOptions := shared.GetClientOptions(options)
 	plOpts := runtime.PipelineOptions{PerRetry: []policy.Policy{authPolicy}}
 

sdk/storage/azblob/appendblob/client_test.go

@@ -3578,3 +3578,71 @@ func (s *AppendBlobRecordedTestsSuite) TestAppendBlockSetTier() {
 	_, err = abClient.SetTier(context.Background(), blob.AccessTierHot, nil)
 	_require.ErrorContains(err, "operation will not work on this blob type. SetTier only works for page blob in premium storage account and block blob in blob storage account")
 }
+
+func (s *AppendBlobRecordedTestsSuite) TestAppendBlobClientDefaultAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+
+	options := &appendblob.ClientOptions{
+		Audience: "https://storage.azure.com/",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	abClientAudience, err := appendblob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	_, err = abClientAudience.Create(context.Background(), nil)
+	_require.NoError(err)
+
+	_, err = abClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}
+
+func (s *AppendBlobRecordedTestsSuite) TestAppendBlobClientCustomAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+
+	options := &appendblob.ClientOptions{
+		Audience: "https://" + accountName + ".blob.core.windows.net",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	abClientAudience, err := appendblob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	_, err = abClientAudience.Create(context.Background(), nil)
+	_require.NoError(err)
+
+	_, err = abClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}

sdk/storage/azblob/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "go",
   "TagPrefix": "go/storage/azblob",
-  "Tag": "go/storage/azblob_0040e8284c"
+  "Tag": "go/storage/azblob_ceb9b7d6b4"
 }

sdk/storage/azblob/blob/client.go

@@ -36,15 +36,16 @@ type Client base.Client[generated.BlobClient]
 //   - cred - an Azure AD credential, typically obtained via the azidentity module
 //   - options - client options; pass nil to accept the default values
 func NewClient(blobURL string, cred azcore.TokenCredential, options *ClientOptions) (*Client, error) {
-	authPolicy := shared.NewStorageChallengePolicy(cred)
+	audience := base.GetAudience((*base.ClientOptions)(options))
+	authPolicy := shared.NewStorageChallengePolicy(cred, audience)
 	conOptions := shared.GetClientOptions(options)
 	plOpts := runtime.PipelineOptions{PerRetry: []policy.Policy{authPolicy}}
 
 	azClient, err := azcore.NewClient(shared.BlobClient, exported.ModuleVersion, plOpts, &conOptions.ClientOptions)
 	if err != nil {
 		return nil, err
 	}
-	return (*Client)(base.NewBlobClient(blobURL, azClient, &cred)), nil
+	return (*Client)(base.NewBlobClient(blobURL, azClient, &cred, (*base.ClientOptions)(conOptions))), nil
 }
 
 // NewClientWithNoCredential creates an instance of Client with the specified values.
@@ -58,7 +59,7 @@ func NewClientWithNoCredential(blobURL string, options *ClientOptions) (*Client,
 	if err != nil {
 		return nil, err
 	}
-	return (*Client)(base.NewBlobClient(blobURL, azClient, nil)), nil
+	return (*Client)(base.NewBlobClient(blobURL, azClient, nil, (*base.ClientOptions)(conOptions))), nil
 }
 
 // NewClientWithSharedKeyCredential creates an instance of Client with the specified values.
@@ -74,7 +75,7 @@ func NewClientWithSharedKeyCredential(blobURL string, cred *SharedKeyCredential,
 	if err != nil {
 		return nil, err
 	}
-	return (*Client)(base.NewBlobClient(blobURL, azClient, cred)), nil
+	return (*Client)(base.NewBlobClient(blobURL, azClient, cred, (*base.ClientOptions)(conOptions))), nil
 }
 
 // NewClientFromConnectionString creates an instance of Client with the specified values.
@@ -112,6 +113,10 @@ func (b *Client) credential() any {
 	return base.Credential((*base.Client[generated.BlobClient])(b))
 }
 
+func (b *Client) getClientOptions() *base.ClientOptions {
+	return base.GetClientOptions((*base.Client[generated.BlobClient])(b))
+}
+
 // URL returns the URL endpoint used by the Client object.
 func (b *Client) URL() string {
 	return b.generated().Endpoint()
@@ -126,7 +131,7 @@ func (b *Client) WithSnapshot(snapshot string) (*Client, error) {
 	}
 	p.Snapshot = snapshot
 
-	return (*Client)(base.NewBlobClient(p.String(), b.generated().InternalClient(), b.credential())), nil
+	return (*Client)(base.NewBlobClient(p.String(), b.generated().InternalClient(), b.credential(), b.getClientOptions())), nil
 }
 
 // WithVersionID creates a new AppendBlobURL object identical to the source but with the specified version id.
@@ -138,7 +143,7 @@ func (b *Client) WithVersionID(versionID string) (*Client, error) {
 	}
 	p.VersionID = versionID
 
-	return (*Client)(base.NewBlobClient(p.String(), b.generated().InternalClient(), b.credential())), nil
+	return (*Client)(base.NewBlobClient(p.String(), b.generated().InternalClient(), b.credential(), b.getClientOptions())), nil
 }
 
 // Delete marks the specified blob or snapshot for deletion. The blob is later deleted during garbage collection.

sdk/storage/azblob/blob/client_test.go

@@ -3681,3 +3681,67 @@ func (s *BlobRecordedTestsSuite) TestBlobGetAccountInfo() {
 	_require.NoError(err)
 	_require.NotZero(bAccInfo)
 }
+
+func (s *BlobRecordedTestsSuite) TestBlobClientDefaultAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+	testcommon.CreateNewBlockBlob(context.Background(), _require, blobName, containerClient)
+
+	options := &blob.ClientOptions{
+		Audience: "https://storage.azure.com/",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	blobClientAudience, err := blob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	_, err = blobClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}
+
+func (s *BlobRecordedTestsSuite) TestBlobClientCustomAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+	testcommon.CreateNewBlockBlob(context.Background(), _require, blobName, containerClient)
+
+	options := &blob.ClientOptions{
+		Audience: "https://" + accountName + ".blob.core.windows.net",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	blobClientAudience, err := blob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	_, err = blobClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}

sdk/storage/azblob/blockblob/client.go

@@ -45,7 +45,8 @@ type Client base.CompositeClient[generated.BlobClient, generated.BlockBlobClient
 //   - cred - an Azure AD credential, typically obtained via the azidentity module
 //   - options - client options; pass nil to accept the default values
 func NewClient(blobURL string, cred azcore.TokenCredential, options *ClientOptions) (*Client, error) {
-	authPolicy := shared.NewStorageChallengePolicy(cred)
+	audience := base.GetAudience((*base.ClientOptions)(options))
+	authPolicy := shared.NewStorageChallengePolicy(cred, audience)
 	conOptions := shared.GetClientOptions(options)
 	plOpts := runtime.PipelineOptions{PerRetry: []policy.Policy{authPolicy}}
 

sdk/storage/azblob/blockblob/client_test.go

@@ -5869,3 +5869,79 @@ func TestServiceVersion(t *testing.T) {
 	_, err = client.Upload(context.Background(), streaming.NopCloser(r), nil)
 	require.NoError(t, err)
 }
+
+func (s *BlockBlobRecordedTestsSuite) TestBlockBlobClientDefaultAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+
+	options := &blockblob.ClientOptions{
+		Audience: "https://storage.azure.com/",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	bbClientAudience, err := blockblob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	contentSize := 4 * 1024 // 4 KB
+	r, _ := testcommon.GetDataAndReader(testName, contentSize)
+	rsc := streaming.NopCloser(r)
+
+	_, err = bbClientAudience.Upload(context.Background(), rsc, nil)
+	_require.NoError(err)
+
+	_, err = bbClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}
+
+func (s *BlockBlobRecordedTestsSuite) TestBlockBlobClientCustomAudience() {
+	_require := require.New(s.T())
+	testName := s.T().Name()
+
+	accountName, _ := testcommon.GetGenericAccountInfo(testcommon.TestAccountDefault)
+	_require.Greater(len(accountName), 0)
+
+	cred, err := testcommon.GetGenericTokenCredential()
+	_require.NoError(err)
+
+	svcClient, err := testcommon.GetServiceClient(s.T(), testcommon.TestAccountDefault, nil)
+	_require.NoError(err)
+
+	containerName := testcommon.GenerateContainerName(testName)
+	containerClient := testcommon.CreateNewContainer(context.Background(), _require, containerName, svcClient)
+	defer testcommon.DeleteContainer(context.Background(), _require, containerClient)
+
+	blobName := testcommon.GenerateBlobName(testName)
+	blobURL := fmt.Sprintf("https://%s.blob.core.windows.net/%s/%s", accountName, containerName, blobName)
+
+	options := &blockblob.ClientOptions{
+		Audience: "https://" + accountName + ".blob.core.windows.net",
+	}
+	testcommon.SetClientOptions(s.T(), &options.ClientOptions)
+	bbClientAudience, err := blockblob.NewClient(blobURL, cred, options)
+	_require.NoError(err)
+
+	contentSize := 4 * 1024 // 4 KB
+	r, _ := testcommon.GetDataAndReader(testName, contentSize)
+	rsc := streaming.NopCloser(r)
+
+	_, err = bbClientAudience.Upload(context.Background(), rsc, nil)
+	_require.NoError(err)
+
+	_, err = bbClientAudience.GetProperties(context.Background(), nil)
+	_require.NoError(err)
+}

sdk/storage/azblob/client.go

@@ -31,11 +31,7 @@ type Client struct {
 //   - cred - an Azure AD credential, typically obtained via the azidentity module
 //   - options - client options; pass nil to accept the default values
 func NewClient(serviceURL string, cred azcore.TokenCredential, options *ClientOptions) (*Client, error) {
-	var clientOptions *service.ClientOptions
-	if options != nil {
-		clientOptions = &service.ClientOptions{ClientOptions: options.ClientOptions}
-	}
-	svcClient, err := service.NewClient(serviceURL, cred, clientOptions)
+	svcClient, err := service.NewClient(serviceURL, cred, (*service.ClientOptions)(options))
 	if err != nil {
 		return nil, err
 	}
@@ -50,11 +46,7 @@ func NewClient(serviceURL string, cred azcore.TokenCredential, options *ClientOp
 //   - serviceURL - the URL of the storage account e.g. https://<account>.blob.core.windows.net/?<sas token>
 //   - options - client options; pass nil to accept the default values
 func NewClientWithNoCredential(serviceURL string, options *ClientOptions) (*Client, error) {
-	var clientOptions *service.ClientOptions
-	if options != nil {
-		clientOptions = &service.ClientOptions{ClientOptions: options.ClientOptions}
-	}
-	svcClient, err := service.NewClientWithNoCredential(serviceURL, clientOptions)
+	svcClient, err := service.NewClientWithNoCredential(serviceURL, (*service.ClientOptions)(options))
 	if err != nil {
 		return nil, err
 	}
@@ -83,15 +75,12 @@ func NewClientWithSharedKeyCredential(serviceURL string, cred *SharedKeyCredenti
 //   - connectionString - a connection string for the desired storage account
 //   - options - client options; pass nil to accept the default values
 func NewClientFromConnectionString(connectionString string, options *ClientOptions) (*Client, error) {
-	if options == nil {
-		options = &ClientOptions{}
-	}
-	containerClient, err := service.NewClientFromConnectionString(connectionString, (*service.ClientOptions)(options))
+	svcClient, err := service.NewClientFromConnectionString(connectionString, (*service.ClientOptions)(options))
 	if err != nil {
 		return nil, err
 	}
 	return &Client{
-		svc: containerClient,
+		svc: svcClient,
 	}, nil
 }