Azure · gajibillik · Feb 1, 2022 · Feb 2, 2022 · Feb 17, 2022 · Feb 25, 2022
diff --git a/DiagnosticsExtension/Controllers/ConnectionStringValidationController.cs b/DiagnosticsExtension/Controllers/ConnectionStringValidationController.cs
@@ -1,4 +1,4 @@
-// -----------------------------------------------------------------------
+// -----------------------------------------------------------------------
 // <copyright file="ConnectionStringValidationController.cs" company="Microsoft Corporation">
 // Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT License. See LICENSE in the project root for license information.
@@ -37,6 +37,9 @@ public ConnectionStringValidationController()
                 new MySqlValidator(),
                 new KeyVaultValidator(),
                 new StorageValidator(),
+                new BlobStorageValidator(),
+                new QueueStorageValidator(),
+                new FileShareStorageValidator(),
                 new ServiceBusValidator(),
                 new EventHubsValidator(),
                 new HttpValidator()
@@ -72,25 +75,31 @@ public async Task<HttpResponseMessage> Validate([FromBody] ConnectionStringReque
             {
                 return Request.CreateErrorResponse(HttpStatusCode.BadRequest, "Type is not specified in the request body");
             }
-
             var result = await Validate(requestBody.ConnectionString, requestBody.Type);
             return result;
         }
 
+        /// <summary>
+        /// This method is used to validate connection information via appsetting.
+        /// </summary>
+        /// <param name="appSettingName">This should be the configured appsetting key/connection property of the function. </param>
+        /// <param name="type">This should be the type of Azure service being connected.</param>
+        /// <param name="entityName">This is valid only for servicebus and eventhub. Need not be passed for other azure services.</param>
+        /// <returns>ConnectionStringValidationResult</returns>
         [HttpGet]
-        [Route("validateappsetting")]
-        public async Task<HttpResponseMessage> ValidateAppSetting(string appSettingName, string type)
+        [Route("validateappsettingforfunctionapp")]
+        public async Task<HttpResponseMessage> ValidateAppSettingForFunctionApp(string appSettingName, string type, string entityName = null)
         {
-            var envDict = Environment.GetEnvironmentVariables();
-            if (envDict.Contains(appSettingName))
+            bool success = Enum.TryParse(type, out ConnectionStringType csType);
+            if (success && typeValidatorMap.ContainsKey(csType))
             {
-                var connectionString = (string)envDict[appSettingName];
-                return await Validate(connectionString, type);
+                var result = await typeValidatorMap[csType].ValidateViaAppsettingAsync(appSettingName, entityName);
+                return Request.CreateResponse(HttpStatusCode.OK, result);
             }
             else
             {
-                return Request.CreateErrorResponse(HttpStatusCode.NotFound, $"AppSetting {appSettingName} not found");
+                return Request.CreateErrorResponse(HttpStatusCode.BadRequest, $"Type '{type}' is not supported");
             }
         }
     }
-}
+}
diff --git a/DiagnosticsExtension/DiagnosticsExtension.csproj b/DiagnosticsExtension/DiagnosticsExtension.csproj
diff --git a/DiagnosticsExtension/Models/ConnectionStringValidator/BlobStorageValidator.cs b/DiagnosticsExtension/Models/ConnectionStringValidator/BlobStorageValidator.cs
@@ -0,0 +1,133 @@
+// -----------------------------------------------------------------------
+// <copyright file="StorageValidator.cs" company="Microsoft Corporation">
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License. See LICENSE in the project root for license information.
+// </copyright>
+// -----------------------------------------------------------------------
+
+using DiagnosticsExtension.Controllers;
+using DiagnosticsExtension.Models.ConnectionStringValidator.Exceptions;
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Threading.Tasks;
+using Azure.Storage.Blobs;
+using Azure.Storage.Queues;
+using Azure.Storage.Blobs.Models;
+using Microsoft.WindowsAzure.Storage;
+using Azure.Core;
+using Azure.Identity;
+
+namespace DiagnosticsExtension.Models.ConnectionStringValidator
+{
+    public class BlobStorageValidator : IConnectionStringValidator
+    {
+        public string ProviderName => "Microsoft.WindowsAzure.Storage";
+        public ConnectionStringType Type => ConnectionStringType.BlobStorageAccount;
+        public async Task<ConnectionStringValidationResult> ValidateViaAppsettingAsync(string appSettingName, string entityName)
+        {
+            ConnectionStringValidationResult response = new ConnectionStringValidationResult(Type);
+            bool isManagedIdentityConnection = false;
+            try
+            {
+                var envDict = Environment.GetEnvironmentVariables();
+                string appSettingClientIdValue, appSettingClientCredValue = null;
+                BlobServiceClient client = null;
+                if (envDict.Contains(appSettingName))
+                {
+                    // Connection String
+                    try
+                    {
+                        string connectionString = Environment.GetEnvironmentVariable(appSettingName);
+                        client = new BlobServiceClient(connectionString);
+                    }
+                    catch (ArgumentNullException e)
+                    {
+                        throw new EmptyConnectionStringException(e.Message, e);
+                    }
+                    catch (Exception e)
+                    {
+                        throw new MalformedConnectionStringException(e.Message, e);
+                    }
+                }
+                else
+                {
+                    // Managed Identity
+                    isManagedIdentityConnection = true;
+                    string serviceUriString = ManagedIdentityConnectionResponseUtility.ResolveManagedIdentityCommonProperty(appSettingName, ConnectionStringValidationResult.ManagedIdentityCommonProperty.blobServiceUri);
+                    if (string.IsNullOrEmpty(serviceUriString))
+                    {
+                        serviceUriString = ManagedIdentityConnectionResponseUtility.ResolveManagedIdentityCommonProperty(appSettingName, ConnectionStringValidationResult.ManagedIdentityCommonProperty.serviceUri);
+                    }
+                    if (!string.IsNullOrEmpty(serviceUriString))
+                    {
+                        string clientIdAppSettingKey = Environment.GetEnvironmentVariables().Keys.Cast<string>().Where(k => k.StartsWith(appSettingName) && k.ToLower().EndsWith("clientid")).FirstOrDefault();
+                        appSettingClientIdValue = ManagedIdentityConnectionResponseUtility.ResolveManagedIdentityCommonProperty(appSettingName, ConnectionStringValidationResult.ManagedIdentityCommonProperty.clientId);
+                        appSettingClientCredValue = ManagedIdentityConnectionResponseUtility.ResolveManagedIdentityCommonProperty(appSettingName, ConnectionStringValidationResult.ManagedIdentityCommonProperty.credential);
+                        if (appSettingClientCredValue != null && appSettingClientCredValue != Constants.ValidCredentialValue)
+                        {
+                            throw new ManagedIdentityException(String.Format(Constants.ManagedIdentityCredentialInvalidSummary, appSettingName));
+                        }
+                        Uri serviceUri = new Uri(serviceUriString);
+                        // If the user has configured __credential with "managedidentity" and set an app setting for __clientId (even if its empty) we assume their intent is to use a user assigned managed identity
+                        if (appSettingClientCredValue != null && clientIdAppSettingKey != null)
+                        {   
+                            if (string.IsNullOrEmpty(appSettingClientIdValue))
+                            {
+                                throw new ManagedIdentityException(String.Format(Constants.ManagedIdentityClientIdEmptySummary, clientIdAppSettingKey),
+                                                                   String.Format(Constants.ManagedIdentityClientIdEmptyDetails, appSettingName));
+                            }
+                            response.IdentityType = Constants.User;
+                            client = new BlobServiceClient(serviceUri, ManagedIdentityCredentialTokenValidator.GetValidatedCredential(appSettingClientIdValue,appSettingName));
+                        }
+                        else
+                        {
+                            // Creating client using System assigned managed identity
+                            response.IdentityType = Constants.System;
+                            client = new BlobServiceClient(serviceUri, new Azure.Identity.ManagedIdentityCredential());
+                        }
+                    }
+                    else
+                    {
+                        string serviceuriAppSettingName = Environment.GetEnvironmentVariables().Keys.Cast<string>().Where(k => k.StartsWith(appSettingName) && k.ToLower().EndsWith("serviceuri")).FirstOrDefault();
+                        if (serviceuriAppSettingName == null)
+                        {
+                            throw new ManagedIdentityException(Constants.BlobServiceUriMissingSummary);
+                        }
+                        throw new ManagedIdentityException(String.Format(Constants.BlobServiceUriEmptySummary, serviceuriAppSettingName));
+
+                    }
+                }
+                var resultSegment =
+                    client.GetBlobContainers(BlobContainerTraits.Metadata, null, default)
+                    .AsPages(default, 10);
+                //need to read at least one result item to confirm authorization check for connection
+                resultSegment.Single();
+
+                response.Status = ConnectionStringValidationResult.ResultStatus.Success;
+            }
+            catch (Exception e)
+            {
+                if (isManagedIdentityConnection)
+                {
+                    ManagedIdentityConnectionResponseUtility.EvaluateResponseStatus(e, Type, ref response, appSettingName);
+                }
+                else
+                {
+                    ConnectionStringResponseUtility.EvaluateResponseStatus(e, Type, ref response, appSettingName);
+                }
+            }
+
+            return response;
+        }
+        public async Task<ConnectionStringValidationResult> ValidateAsync(string connStr, string clientId = null)
+        {
+            throw new NotImplementedException();
+        }
+        public async Task<bool> IsValidAsync(string connStr)
+        {
+            throw new NotImplementedException();
+        }
+
+    }
+}