Enabling bearer challenges for file share (#41555)

* added support for bearer challenges in file share

* fixing accidental pom change

* style

Author: ibrandes

sdk/storage/azure-storage-file-share/CHANGELOG.md

@@ -3,6 +3,7 @@
 ## 12.27.0-beta.2 (Unreleased)
 
 ### Features Added
+- Added support for bearer token challenges.
 
 ### Breaking Changes
 

sdk/storage/azure-storage-file-share/src/main/java/com/azure/storage/file/share/implementation/util/BuilderHelper.java

@@ -13,7 +13,6 @@
 import com.azure.core.http.policy.AddDatePolicy;
 import com.azure.core.http.policy.AddHeadersPolicy;
 import com.azure.core.http.policy.AzureSasCredentialPolicy;
-import com.azure.core.http.policy.BearerTokenAuthenticationPolicy;
 import com.azure.core.http.policy.HttpLogOptions;
 import com.azure.core.http.policy.HttpLoggingPolicy;
 import com.azure.core.http.policy.HttpPipelinePolicy;
@@ -37,6 +36,7 @@
 import com.azure.storage.common.policy.RequestRetryOptions;
 import com.azure.storage.common.policy.ResponseValidationPolicyBuilder;
 import com.azure.storage.common.policy.ScrubEtagPolicy;
+import com.azure.storage.common.policy.StorageBearerTokenChallengeAuthorizationPolicy;
 import com.azure.storage.common.policy.StorageSharedKeyCredentialPolicy;
 import com.azure.storage.common.sas.CommonSasQueryParameters;
 import com.azure.storage.file.share.models.ShareAudience;
@@ -124,7 +124,7 @@ public static HttpPipeline buildPipeline(StorageSharedKeyCredential storageShare
             String scope = audience != null
                 ? ((audience.toString().endsWith("/") ? audience + ".default" : audience + "/.default"))
                 : Constants.STORAGE_SCOPE;
-            credentialPolicy = new BearerTokenAuthenticationPolicy(tokenCredential, scope);
+            credentialPolicy = new StorageBearerTokenChallengeAuthorizationPolicy(tokenCredential, scope);
         } else if (azureSasCredential != null) {
             credentialPolicy = new AzureSasCredentialPolicy(azureSasCredential, false);
         } else if (sasToken != null) {

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/DirectoryApiTests.java

@@ -10,6 +10,7 @@
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.common.implementation.Constants;
 import com.azure.storage.common.policy.RequestRetryOptions;
+import com.azure.storage.common.test.shared.extensions.LiveOnly;
 import com.azure.storage.common.test.shared.extensions.RequiredServiceVersion;
 import com.azure.storage.file.share.models.NfsFileType;
 import com.azure.storage.file.share.models.CloseHandlesInfo;
@@ -1719,8 +1720,10 @@ public void storageAccountAudience() {
         assertTrue(aadDirClient.exists());
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         String dirName = generatePathName();
         ShareDirectoryClient dirClient = directoryBuilderHelper(shareName, dirName).buildDirectoryClient();
         dirClient.create();
@@ -1729,8 +1732,7 @@ public void audienceError() {
                 .audience(ShareAudience.createShareServiceAccountAudience("badAudience")));
 
         ShareDirectoryClient aadDirClient = oAuthServiceClient.getShareClient(shareName).getDirectoryClient(dirName);
-        ShareStorageException e = assertThrows(ShareStorageException.class, aadDirClient::exists);
-        assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
+        assertNotNull(aadDirClient.exists());
     }
 
     @Test

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/DirectoryAsyncApiTests.java

@@ -6,6 +6,7 @@
 import com.azure.core.http.rest.Response;
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.common.implementation.Constants;
+import com.azure.storage.common.test.shared.extensions.LiveOnly;
 import com.azure.storage.common.test.shared.extensions.RequiredServiceVersion;
 import com.azure.storage.file.share.models.NfsFileType;
 import com.azure.storage.file.share.models.FilePermissionFormat;
@@ -24,6 +25,7 @@
 import com.azure.storage.file.share.options.ShareDirectoryCreateOptions;
 import com.azure.storage.file.share.options.ShareDirectorySetPropertiesOptions;
 import com.azure.storage.file.share.options.ShareFileRenameOptions;
+import org.junit.jupiter.api.Assertions;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
@@ -1021,8 +1023,10 @@ public void storageAccountAudience() {
         StepVerifier.create(createDirMono.then(aadDirClient.exists())).expectNext(true).verifyComplete();
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         String dirName = generatePathName();
         ShareDirectoryAsyncClient dirClient = directoryBuilderHelper(shareName, dirName).buildDirectoryAsyncClient();
         Mono<ShareDirectoryInfo> createDirMono = dirClient.create();
@@ -1034,10 +1038,9 @@ public void audienceError() {
         ShareDirectoryAsyncClient aadDirClient
             = oAuthServiceClient.getShareAsyncClient(shareName).getDirectoryClient(dirName);
 
-        StepVerifier.create(createDirMono.then(aadDirClient.exists())).verifyErrorSatisfies(r -> {
-            ShareStorageException e = assertInstanceOf(ShareStorageException.class, r);
-            assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
-        });
+        StepVerifier.create(createDirMono.then(aadDirClient.exists()))
+            .assertNext(Assertions::assertNotNull)
+            .verifyComplete();
     }
 
     @Test

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/FileApiTests.java

@@ -3021,8 +3021,10 @@ public void storageAccountAudience() {
         assertTrue(aadFileClient.exists());
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         String fileName = generatePathName();
         ShareFileClient fileClient = fileBuilderHelper(shareName, fileName).buildFileClient();
         fileClient.create(Constants.KB);
@@ -3031,8 +3033,7 @@ public void audienceError() {
                 .audience(ShareAudience.createShareServiceAccountAudience("badAudience")));
 
         ShareFileClient aadFileClient = oAuthServiceClient.getShareClient(shareName).getFileClient(fileName);
-        ShareStorageException e = assertThrows(ShareStorageException.class, aadFileClient::exists);
-        assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
+        assertNotNull(aadFileClient.exists());
     }
 
     @Test

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/FileAsyncApiTests.java

@@ -1797,8 +1797,10 @@ public void storageAccountAudience() {
             .verifyComplete();
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         String fileName = generatePathName();
         ShareFileAsyncClient fileClient = fileBuilderHelper(shareName, fileName).buildFileAsyncClient();
         ShareServiceAsyncClient oAuthServiceClient
@@ -1807,10 +1809,9 @@ public void audienceError() {
 
         ShareFileAsyncClient aadFileClient = oAuthServiceClient.getShareAsyncClient(shareName).getFileClient(fileName);
 
-        StepVerifier.create(fileClient.create(Constants.KB).then(aadFileClient.exists())).verifyErrorSatisfies(r -> {
-            ShareStorageException e = assertInstanceOf(ShareStorageException.class, r);
-            assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
-        });
+        StepVerifier.create(fileClient.create(Constants.KB).then(aadFileClient.exists()))
+            .assertNext(Assertions::assertNotNull)
+            .verifyComplete();
     }
 
     @Test

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/ShareApiTests.java

@@ -9,6 +9,7 @@
 import com.azure.core.http.rest.Response;
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.common.implementation.Constants;
+import com.azure.storage.common.test.shared.extensions.LiveOnly;
 import com.azure.storage.common.test.shared.extensions.PlaybackOnly;
 import com.azure.storage.common.test.shared.extensions.RequiredServiceVersion;
 import com.azure.storage.file.share.implementation.util.ModelHelper;
@@ -1367,8 +1368,10 @@ public void storageAccountAudience() {
         assertNotNull(infoPermission);
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         primaryShareClient.create();
         ShareClient aadShareClient = getOAuthShareClientBuilder(new ShareClientBuilder()).shareName(shareName)
             .shareTokenIntent(ShareTokenIntent.BACKUP)
@@ -1379,9 +1382,7 @@ public void audienceError() {
             + "1604012920-1887927527-513D:AI(A;;FA;;;SY)(A;;FA;;;BA)(A;;0x1200a9;;;S-1-5-21-397955417-626881126-"
             + "188441444-3053964)S:NO_ACCESS_CONTROL";
 
-        ShareStorageException e
-            = assertThrows(ShareStorageException.class, () -> aadShareClient.createPermission(permission));
-        assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
+        assertNotNull(aadShareClient.createPermission(permission));
     }
 
     @Test

sdk/storage/azure-storage-file-share/src/test/java/com/azure/storage/file/share/ShareAsyncApiTests.java

@@ -6,6 +6,7 @@
 import com.azure.core.http.rest.Response;
 import com.azure.storage.common.StorageSharedKeyCredential;
 import com.azure.storage.common.implementation.Constants;
+import com.azure.storage.common.test.shared.extensions.LiveOnly;
 import com.azure.storage.common.test.shared.extensions.PlaybackOnly;
 import com.azure.storage.common.test.shared.extensions.RequiredServiceVersion;
 import com.azure.storage.file.share.implementation.util.ModelHelper;
@@ -992,8 +993,10 @@ public void storageAccountAudience() {
             .verifyComplete();
     }
 
+    @RequiredServiceVersion(clazz = ShareServiceVersion.class, min = "2024-11-04")
+    @LiveOnly
     @Test
-    public void audienceError() {
+    public void audienceErrorBearerChallengeRetry() {
         ShareAsyncClient aadShareClient = getOAuthShareClientBuilder(new ShareClientBuilder()).shareName(shareName)
             .shareTokenIntent(ShareTokenIntent.BACKUP)
             .audience(ShareAudience.createShareServiceAccountAudience("badaudience"))
@@ -1004,10 +1007,8 @@ public void audienceError() {
             + "188441444-3053964)S:NO_ACCESS_CONTROL";
 
         StepVerifier.create(primaryShareAsyncClient.create().then(aadShareClient.createPermission(permission)))
-            .verifyErrorSatisfies(r -> {
-                ShareStorageException e = assertInstanceOf(ShareStorageException.class, r);
-                assertEquals(ShareErrorCode.INVALID_AUTHENTICATION_INFO, e.getErrorCode());
-            });
+            .assertNext(Assertions::assertNotNull)
+            .verifyComplete();
     }
 
     @Test