Azure · kasobol-msft · Jan 11, 2021 · Dec 17, 2020 · Dec 17, 2020 · Dec 17, 2020
diff --git a/sdk/core/Azure.Core/api/Azure.Core.net461.cs b/sdk/core/Azure.Core/api/Azure.Core.net461.cs
@@ -22,6 +22,13 @@ public AzureKeyCredential(string key) { }
         public string Key { get { throw null; } }
         public void Update(string key) { }
     }
+    public partial class AzureSasCredential
+    {
+        public AzureSasCredential(string signature) { }
+        [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        public string Signature { get { throw null; } }
+        public void Update(string signature) { }
+    }
     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
     public readonly partial struct ETag : System.IEquatable<Azure.ETag>
     {

diff --git a/sdk/core/Azure.Core/api/Azure.Core.net5.0.cs b/sdk/core/Azure.Core/api/Azure.Core.net5.0.cs
@@ -22,6 +22,13 @@ public AzureKeyCredential(string key) { }
         public string Key { get { throw null; } }
         public void Update(string key) { }
     }
+    public partial class AzureSasCredential
+    {
+        public AzureSasCredential(string signature) { }
+        [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        public string Signature { get { throw null; } }
+        public void Update(string signature) { }
+    }
     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
     public readonly partial struct ETag : System.IEquatable<Azure.ETag>
     {

diff --git a/sdk/core/Azure.Core/api/Azure.Core.netstandard2.0.cs b/sdk/core/Azure.Core/api/Azure.Core.netstandard2.0.cs
@@ -22,6 +22,13 @@ public AzureKeyCredential(string key) { }
         public string Key { get { throw null; } }
         public void Update(string key) { }
     }
+    public partial class AzureSasCredential
+    {
+        public AzureSasCredential(string signature) { }
+        [System.ComponentModel.EditorBrowsableAttribute(System.ComponentModel.EditorBrowsableState.Never)]
+        public string Signature { get { throw null; } }
+        public void Update(string signature) { }
+    }
     [System.Runtime.InteropServices.StructLayoutAttribute(System.Runtime.InteropServices.LayoutKind.Sequential)]
     public readonly partial struct ETag : System.IEquatable<Azure.ETag>
     {

diff --git a/sdk/core/Azure.Core/src/Azure.Core.csproj b/sdk/core/Azure.Core/src/Azure.Core.csproj
@@ -26,6 +26,7 @@
     <Compile Remove="Shared\**\*.cs" />
     <Compile Include="Shared\Argument.cs" />
     <Compile Include="Shared\AzureKeyCredentialPolicy.cs" />
+    <Compile Include="Shared\AzureSasCredentialPolicy.cs" />
     <Compile Include="Shared\EventSourceEventFormatting.cs" />
     <Compile Include="Shared\HashCodeBuilder.cs" />
     <Compile Include="Shared\ClientDiagnostics.cs" />

diff --git a/sdk/core/Azure.Core/src/AzureSasCredential.cs b/sdk/core/Azure.Core/src/AzureSasCredential.cs
@@ -0,0 +1,60 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.ComponentModel;
+using System.Threading;
+using Azure.Core;
+
+namespace Azure
+{
+    /// <summary>
+    /// Shared access signature credential used to authenticate to an Azure Service.
+    /// It provides the ability to update the signature without creating a new client.
+    /// </summary>
+    public class AzureSasCredential
+    {
+        private string _signature;
+
+        /// <summary>
+        /// Signature used to authenticate to an Azure service.
+        /// </summary>
+        [EditorBrowsable(EditorBrowsableState.Never)]
+        public string Signature
+        {
+            get => Volatile.Read(ref _signature);
+            private set => Volatile.Write(ref _signature, value);
+        }
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AzureSasCredential"/> class.
+        /// </summary>
+        /// <param name="signature">Signature to use to authenticate with the Azure service.</param>
+        /// <exception cref="System.ArgumentNullException">
+        /// Thrown when the <paramref name="signature"/> is null.
+        /// </exception>
+        /// <exception cref="System.ArgumentException">
+        /// Thrown when the <paramref name="signature"/> is empty.
+        /// </exception>
+#pragma warning disable CS8618 // Non-nullable field is uninitialized. Consider declaring as nullable.
+        public AzureSasCredential(string signature) => Update(signature);
+#pragma warning restore CS8618 // Non-nullable field is uninitialized. Consider declaring as nullable.
+
+        /// <summary>
+        /// Updates the signature.
+        /// This is intended to be used when you've regenerated your signature
+        /// and want to update long lived clients.
+        /// </summary>
+        /// <param name="signature">Signature to authenticate the service against.</param>
+        /// <exception cref="System.ArgumentNullException">
+        /// Thrown when the <paramref name="signature"/> is null.
+        /// </exception>
+        /// <exception cref="System.ArgumentException">
+        /// Thrown when the <paramref name="signature"/> is empty.
+        /// </exception>
+        public void Update(string signature)
+        {
+            Argument.AssertNotNullOrEmpty(signature, nameof(signature));
+            Signature = signature;
+        }
+    }
+}
diff --git a/sdk/core/Azure.Core/src/Shared/AzureSasCredentialPolicy.cs b/sdk/core/Azure.Core/src/Shared/AzureSasCredentialPolicy.cs
@@ -0,0 +1,40 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System;
+using Azure.Core.Pipeline;
+
+namespace Azure.Core
+{
+    internal class AzureSasCredentialPolicy : HttpPipelineSynchronousPolicy
+    {
+        private readonly AzureSasCredential _credential;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="AzureSasCredentialPolicy"/> class.
+        /// </summary>
+        /// <param name="credential">The <see cref="AzureSasCredentialPolicy"/> used to authenticate requests.</param>
+        public AzureSasCredentialPolicy(AzureSasCredential credential)
+        {
+            Argument.AssertNotNull(credential, nameof(credential));
+            _credential = credential;
+        }
+
+        /// <inheritdoc/>
+        public override void OnSendingRequest(HttpMessage message)
+        {
+            base.OnSendingRequest(message);
+            string query = message.Request.Uri.Query;
+            string signature = _credential.Signature;
+            if (signature.StartsWith("?", StringComparison.InvariantCulture))
+            {
+                signature = signature.Substring(1);
+            }
+            if (!query.Contains(signature))
+            {
+                query = string.IsNullOrEmpty(query) ? '?' + signature : query + '&' + signature;
+                message.Request.Uri.Query = query;
+            }
+        }
+    }
+}
diff --git a/sdk/core/Azure.Core/tests/AzureSasCredentialPolicyTests.cs b/sdk/core/Azure.Core/tests/AzureSasCredentialPolicyTests.cs
@@ -0,0 +1,77 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Threading;
+using System.Threading.Tasks;
+using Azure.Core.Pipeline;
+using Azure.Core.TestFramework;
+using NUnit.Framework;
+
+namespace Azure.Core.Tests
+{
+    public class AzureSasCredentialPolicyTests : PolicyTestBase
+    {
+        [TestCase("sig=test_signature_value")]
+        [TestCase("?sig=test_signature_value")]
+        public async Task SetsSignatureEmptyQuery(string signatureValue)
+        {
+            var transport = new MockTransport(new MockResponse(200));
+            var sasPolicy = new AzureSasCredentialPolicy(new AzureSasCredential(signatureValue));
+
+            await SendGetRequest(transport, sasPolicy);
+
+            Assert.AreEqual("?sig=test_signature_value", transport.SingleRequest.Uri.Query);
+        }
+
+        [TestCase("sig=test_signature_value")]
+        [TestCase("?sig=test_signature_value")]
+        public async Task SetsSignatureNonEmptyQuery(string signatureValue)
+        {
+            var transport = new MockTransport(new MockResponse(200));
+            var sasPolicy = new AzureSasCredentialPolicy(new AzureSasCredential(signatureValue));
+            string query = "?foo=bar";
+
+            await SendGetRequest(transport, sasPolicy, query: query);
+
+            Assert.AreEqual($"?foo=bar&sig=test_signature_value", transport.SingleRequest.Uri.Query);
+        }
+
+        [TestCase("sig=test_signature_value")]
+        [TestCase("?sig=test_signature_value")]
+        public async Task VerifyRetryEmptyQuery(string signatureValue)
+        {
+            var transport = new MockTransport(new MockResponse(200), new MockResponse(200));
+            var sasPolicy = new AzureSasCredentialPolicy(new AzureSasCredential(signatureValue));
+
+            using (Request request = transport.CreateRequest())
+            {
+                request.Method = RequestMethod.Get;
+                var pipeline = new HttpPipeline(transport, new[] { sasPolicy });
+                await pipeline.SendRequestAsync(request, CancellationToken.None);
+                await pipeline.SendRequestAsync(request, CancellationToken.None);
+            }
+
+            Assert.AreEqual("?sig=test_signature_value", transport.Requests[0].Uri.Query);
+        }
+
+        [TestCase("sig=test_signature_value")]
+        [TestCase("?sig=test_signature_value")]
+        public async Task VerifyRetryNonEmptyQuery(string signatureValue)
+        {
+            var transport = new MockTransport(new MockResponse(200), new MockResponse(200));
+            var sasPolicy = new AzureSasCredentialPolicy(new AzureSasCredential(signatureValue));
+            string query = "?foo=bar";
+
+            using (Request request = transport.CreateRequest())
+            {
+                request.Method = RequestMethod.Get;
+                request.Uri.Query = query;
+                var pipeline = new HttpPipeline(transport, new[] { sasPolicy });
+                await pipeline.SendRequestAsync(request, CancellationToken.None);
+                await pipeline.SendRequestAsync(request, CancellationToken.None);
+            }
+
+            Assert.AreEqual("?foo=bar&sig=test_signature_value", transport.Requests[0].Uri.Query);
+        }
+    }
+}
diff --git a/sdk/core/Azure.Core/tests/PolicyTestBase.cs b/sdk/core/Azure.Core/tests/PolicyTestBase.cs
@@ -11,14 +11,15 @@ namespace Azure.Core.Tests
 {
     public abstract class PolicyTestBase
     {
-        protected static async Task<Response> SendGetRequest(HttpPipelineTransport transport, HttpPipelinePolicy policy, ResponseClassifier responseClassifier = null)
+        protected static async Task<Response> SendGetRequest(HttpPipelineTransport transport, HttpPipelinePolicy policy, ResponseClassifier responseClassifier = null, string query = null)
         {
             Assert.IsInstanceOf<HttpPipelineSynchronousPolicy>(policy, "Use SyncAsyncPolicyTestBase base type for non-sync policies");
 
             using (Request request = transport.CreateRequest())
             {
                 request.Method = RequestMethod.Get;
                 request.Uri.Reset(new Uri("http://example.com"));
+                request.Uri.Query = query;
                 var pipeline = new HttpPipeline(transport, new[] { policy }, responseClassifier);
                 return await pipeline.SendRequestAsync(request, CancellationToken.None);
             }

diff --git a/...orage/Azure.Storage.Blobs.ChangeFeed/api/Azure.Storage.Blobs.ChangeFeed.netstandard2.0.cs b/...orage/Azure.Storage.Blobs.ChangeFeed/api/Azure.Storage.Blobs.ChangeFeed.netstandard2.0.cs
@@ -5,6 +5,7 @@ public partial class BlobChangeFeedClient
         protected BlobChangeFeedClient() { }
         public BlobChangeFeedClient(string connectionString) { }
         public BlobChangeFeedClient(string connectionString, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlobChangeFeedClient(System.Uri serviceUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobChangeFeedClient(System.Uri serviceUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobChangeFeedClient(System.Uri serviceUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobChangeFeedClient(System.Uri serviceUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }

diff --git a/sdk/storage/Azure.Storage.Blobs.ChangeFeed/src/BlobChangeFeedClient.cs b/sdk/storage/Azure.Storage.Blobs.ChangeFeed/src/BlobChangeFeedClient.cs
@@ -111,6 +111,28 @@ public BlobChangeFeedClient(Uri serviceUri, StorageSharedKeyCredential credentia
             _blobServiceClient = new BlobServiceClient(serviceUri, credential, options);
         }
 
+        /// <summary>
+        /// Initializes a new instance of the <see cref="BlobChangeFeedClient"/>
+        /// class.
+        /// </summary>
+        /// <param name="serviceUri">
+        /// A <see cref="Uri"/> referencing the blob service.
+        /// This is likely to be similar to "https://{account_name}.blob.core.windows.net".
+        /// Must not contain shared access signature.
+        /// </param>
+        /// <param name="credential">
+        /// The shared access signature credential used to sign requests.
+        /// </param>
+        /// <param name="options">
+        /// Optional client options that define the transport pipeline
+        /// policies for authentication, retries, etc., that are applied to
+        /// every request.
+        /// </param>
+        public BlobChangeFeedClient(Uri serviceUri, AzureSasCredential credential, BlobClientOptions options = default)
+        {
+            _blobServiceClient = new BlobServiceClient(serviceUri, credential, options);
+        }
+
         /// <summary>
         /// Initializes a new instance of the <see cref="BlobChangeFeedClient"/>
         /// class.

diff --git a/sdk/storage/Azure.Storage.Blobs/api/Azure.Storage.Blobs.netstandard2.0.cs b/sdk/storage/Azure.Storage.Blobs/api/Azure.Storage.Blobs.netstandard2.0.cs
@@ -5,6 +5,7 @@ public partial class BlobClient : Azure.Storage.Blobs.Specialized.BlobBaseClient
         protected BlobClient() { }
         public BlobClient(string connectionString, string blobContainerName, string blobName) { }
         public BlobClient(string connectionString, string blobContainerName, string blobName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlobClient(System.Uri blobUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobClient(System.Uri blobUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobClient(System.Uri blobUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobClient(System.Uri blobUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -60,6 +61,7 @@ public partial class BlobContainerClient
         protected BlobContainerClient() { }
         public BlobContainerClient(string connectionString, string blobContainerName) { }
         public BlobContainerClient(string connectionString, string blobContainerName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlobContainerClient(System.Uri blobContainerUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobContainerClient(System.Uri blobContainerUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobContainerClient(System.Uri blobContainerUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobContainerClient(System.Uri blobContainerUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -119,6 +121,7 @@ public partial class BlobServiceClient
         protected BlobServiceClient() { }
         public BlobServiceClient(string connectionString) { }
         public BlobServiceClient(string connectionString, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlobServiceClient(System.Uri serviceUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobServiceClient(System.Uri serviceUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobServiceClient(System.Uri serviceUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobServiceClient(System.Uri serviceUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -1224,6 +1227,7 @@ public partial class AppendBlobClient : Azure.Storage.Blobs.Specialized.BlobBase
         protected AppendBlobClient() { }
         public AppendBlobClient(string connectionString, string blobContainerName, string blobName) { }
         public AppendBlobClient(string connectionString, string blobContainerName, string blobName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public AppendBlobClient(System.Uri blobUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public AppendBlobClient(System.Uri blobUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public AppendBlobClient(System.Uri blobUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public AppendBlobClient(System.Uri blobUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -1257,6 +1261,7 @@ public partial class BlobBaseClient
         protected BlobBaseClient() { }
         public BlobBaseClient(string connectionString, string blobContainerName, string blobName) { }
         public BlobBaseClient(string connectionString, string blobContainerName, string blobName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlobBaseClient(System.Uri blobUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobBaseClient(System.Uri blobUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobBaseClient(System.Uri blobUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlobBaseClient(System.Uri blobUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -1361,6 +1366,7 @@ public partial class BlockBlobClient : Azure.Storage.Blobs.Specialized.BlobBaseC
         protected BlockBlobClient() { }
         public BlockBlobClient(string connectionString, string containerName, string blobName) { }
         public BlockBlobClient(string connectionString, string blobContainerName, string blobName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public BlockBlobClient(System.Uri blobUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlockBlobClient(System.Uri blobUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlockBlobClient(System.Uri blobUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public BlockBlobClient(System.Uri blobUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
@@ -1407,6 +1413,7 @@ public partial class PageBlobClient : Azure.Storage.Blobs.Specialized.BlobBaseCl
         protected PageBlobClient() { }
         public PageBlobClient(string connectionString, string blobContainerName, string blobName) { }
         public PageBlobClient(string connectionString, string blobContainerName, string blobName, Azure.Storage.Blobs.BlobClientOptions options) { }
+        public PageBlobClient(System.Uri blobUri, Azure.AzureSasCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public PageBlobClient(System.Uri blobUri, Azure.Core.TokenCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public PageBlobClient(System.Uri blobUri, Azure.Storage.Blobs.BlobClientOptions options = null) { }
         public PageBlobClient(System.Uri blobUri, Azure.Storage.StorageSharedKeyCredential credential, Azure.Storage.Blobs.BlobClientOptions options = null) { }