[Storage] Refine Create user delegation SAS logic (#27517)

Author: blueww

src/Storage/Storage.Management/ChangeLog.md

@@ -18,6 +18,12 @@
         - Additional information about change #1
 -->
 ## Upcoming Release
+* When create Storage context, allowed user input StorageAccountName
+    - `New-AzStorageContext`
+* Reported error when user create user delegation SAS with a storage context not contains StorageAccountName.
+    - `New-AzStorageBlobSASToken`
+    - `New-AzStorageContainerSASToken`
+    - `New-AzDataLakeGen2SasToken`
 
 ## Version 8.3.0
 * Supported NFS File Share and NFS file and directory properties

src/Storage/Storage.Management/help/New-AzStorageContext.md

@@ -16,8 +16,7 @@ Creates an Azure Storage context.
 ### OAuthAccount (Default)
 ```
 New-AzStorageContext [-StorageAccountName] <String> [-UseConnectedAccount] [-Protocol <String>]
- [-Endpoint <String>] [-EnableFileBackupRequestIntent]
- [<CommonParameters>]
+ [-Endpoint <String>] [-EnableFileBackupRequestIntent] [<CommonParameters>]
 ```
 
 ### AccountNameAndKey
@@ -59,14 +58,19 @@ New-AzStorageContext [-StorageAccountName] <String> -SasToken <String> -Environm
 ### OAuthAccountEnvironment
 ```
 New-AzStorageContext [-StorageAccountName] <String> [-UseConnectedAccount] [-Protocol <String>]
- -Environment <String> [-EnableFileBackupRequestIntent]
- [<CommonParameters>]
+ -Environment <String> [-EnableFileBackupRequestIntent] [<CommonParameters>]
 ```
 
 ### AccountNameAndKeyServiceEndpoint
 ```
 New-AzStorageContext [-StorageAccountName] <String> [-StorageAccountKey] <String> -BlobEndpoint <String>
- [-FileEndpoint <String>] [-QueueEndpoint <String>] [-TableEndpoint <String>]
+ [-FileEndpoint <String>] [-QueueEndpoint <String>] [-TableEndpoint <String>] [<CommonParameters>]
+```
+
+### OAuthAccountServiceEndpoint
+```
+New-AzStorageContext [[-StorageAccountName] <String>] [-UseConnectedAccount] [-BlobEndpoint <String>]
+ [-FileEndpoint <String>] [-QueueEndpoint <String>] [-TableEndpoint <String>] [-EnableFileBackupRequestIntent]
  [<CommonParameters>]
 ```
 
@@ -92,13 +96,6 @@ New-AzStorageContext [-Anonymous] [-BlobEndpoint <String>] [-FileEndpoint <Strin
  [-TableEndpoint <String>] [<CommonParameters>]
 ```
 
-### OAuthAccountServiceEndpoint
-```
-New-AzStorageContext [-UseConnectedAccount] [-BlobEndpoint <String>] [-FileEndpoint <String>]
- [-QueueEndpoint <String>] [-TableEndpoint <String>] [-EnableFileBackupRequestIntent]
- [<CommonParameters>]
-```
-
 ## DESCRIPTION
 The **New-AzStorageContext** cmdlet creates an Azure Storage context.
 The default Authentication of a Storage Context is OAuth (Microsoft Entra ID), if only input Storage account name.
@@ -263,7 +260,7 @@ Accept wildcard characters: False
 
 ```yaml
 Type: System.String
-Parameter Sets: SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint, OAuthAccountServiceEndpoint
+Parameter Sets: OAuthAccountServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint
 Aliases:
 
 Required: False
@@ -352,7 +349,7 @@ Azure storage file service endpoint
 
 ```yaml
 Type: System.String
-Parameter Sets: AccountNameAndKeyServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint, OAuthAccountServiceEndpoint
+Parameter Sets: AccountNameAndKeyServiceEndpoint, OAuthAccountServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint
 Aliases:
 
 Required: False
@@ -398,7 +395,7 @@ Azure storage queue service endpoint
 
 ```yaml
 Type: System.String
-Parameter Sets: AccountNameAndKeyServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint, OAuthAccountServiceEndpoint
+Parameter Sets: AccountNameAndKeyServiceEndpoint, OAuthAccountServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint
 Aliases:
 
 Required: False
@@ -455,12 +452,24 @@ Accept pipeline input: False
 Accept wildcard characters: False
 ```
 
+```yaml
+Type: System.String
+Parameter Sets: OAuthAccountServiceEndpoint
+Aliases:
+
+Required: False
+Position: 0
+Default value: None
+Accept pipeline input: False
+Accept wildcard characters: False
+```
+
 ### -TableEndpoint
 Azure storage table service endpoint
 
 ```yaml
 Type: System.String
-Parameter Sets: AccountNameAndKeyServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint, OAuthAccountServiceEndpoint
+Parameter Sets: AccountNameAndKeyServiceEndpoint, OAuthAccountServiceEndpoint, SasTokenServiceEndpoint, AnonymousAccountServiceEndpoint
 Aliases:
 
 Required: False

src/Storage/Storage/Common/Cmdlet/NewAzureStorageContext.cs

@@ -121,6 +121,8 @@ public class NewAzureStorageContext : AzureDataCmdlet
             Mandatory = true, ParameterSetName = OAuthEnvironmentParameterSet)]
         [Parameter(Position = 0, HelpMessage = StorageAccountNameHelpMessage,
             Mandatory = true, ParameterSetName = AccountNameKeyServiceEndpointParameterSet)]
+        [Parameter(HelpMessage = StorageAccountNameHelpMessage,
+            Mandatory = false, ParameterSetName = OAuthServiceEndpointParameterSet)]
         [ValidateNotNullOrEmpty]
         public string StorageAccountName { get; set; }
 

src/Storage/Storage/Common/SasTokenHelper.cs

@@ -755,6 +755,10 @@ public static string GetBlobSharedAccessSignature(AzureStorageContext context, B
             }
             if (generateUserDelegationSas)
             {
+                if (context.StorageAccountName.StartsWith("["))
+                {
+                    throw new InvalidOperationException("Please provide '-Context' as a storage context created by cmdlet `New-AzStorageContext` with parameters include '-StorageAccountName'.");
+                }
                 global::Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey = null;
                 BlobServiceClient oauthService = new BlobServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, ClientOptions);
 
@@ -784,6 +788,10 @@ public static string GetDatalakeGen2SharedAccessSignature(AzureStorageContext co
             }
             if (generateUserDelegationSas)
             {
+                if (context.StorageAccountName.StartsWith("["))
+                {
+                    throw new InvalidOperationException("Please provide '-Context' as a storage context created by cmdlet `New-AzStorageContext` with parameters include '-StorageAccountName'.");
+                }
                 global::Azure.Storage.Files.DataLake.Models.UserDelegationKey userDelegationKey = null;
                 DataLakeServiceClient oauthService = new DataLakeServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, clientOptions);
 

src/Storage/Storage/Common/StorageExtensions.cs

@@ -291,6 +291,10 @@ private static string GetBlobSasToken(BlobBaseClient blob, AzureStorageContext c
             string sasToken = null;
             if (context != null && context.StorageAccount.Credentials.IsToken) //oauth
             {
+                if (context.StorageAccountName.StartsWith("["))
+                {
+                    throw new InvalidOperationException("Please provide '-Context' as a storage context created by cmdlet `New-AzStorageContext` with parameters include '-StorageAccountName', or provide the source blob object get with such storage context.");
+                }
                 global::Azure.Storage.Blobs.Models.UserDelegationKey userDelegationKey = null;
                 BlobServiceClient oauthService = new BlobServiceClient(context.StorageAccount.BlobEndpoint, context.Track2OauthToken, null);