[Storage][DataMovement] Protocol Validation for NFS over REST (Azure#49689)

* Initial commit

* refactor into ValidateTransferAsync

* Added check on the source options

* Exported Apis and recorded new tests

* Re-recorded some tests

* some additional recordings

* fixed mocked tests

* record

* fixed playback issue

* removed unused code

* Addressed feedback pt1

* addressed feedback pt 2

* fix test

* minor fix

* another small change

* Export apis

* Added one more test

* removed unused import

* Refactor with DataMovementFileShareEventSource

* Export api

* small change

* small change to the authorization failure error message

* removed console.log

* bubble up original exception for ProtocolValidationAuthorizationFailure

Author: nickliu-msft

sdk/storage/Azure.Storage.DataMovement.Files.Shares/api/Azure.Storage.DataMovement.Files.Shares.net6.0.cs

@@ -41,6 +41,7 @@ public ShareFileStorageResourceOptions() { }
         public System.Collections.Generic.IDictionary<string, string> FileMetadata { get { throw null; } set { } }
         public bool? FilePermissions { get { throw null; } set { } }
         public bool IsNfs { get { throw null; } set { } }
+        public bool SkipProtocolValidation { get { throw null; } set { } }
         public Azure.Storage.Files.Shares.Models.ShareFileRequestConditions SourceConditions { get { throw null; } set { } }
     }
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/api/Azure.Storage.DataMovement.Files.Shares.net8.0.cs

@@ -41,6 +41,7 @@ public ShareFileStorageResourceOptions() { }
         public System.Collections.Generic.IDictionary<string, string> FileMetadata { get { throw null; } set { } }
         public bool? FilePermissions { get { throw null; } set { } }
         public bool IsNfs { get { throw null; } set { } }
+        public bool SkipProtocolValidation { get { throw null; } set { } }
         public Azure.Storage.Files.Shares.Models.ShareFileRequestConditions SourceConditions { get { throw null; } set { } }
     }
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/api/Azure.Storage.DataMovement.Files.Shares.netstandard2.0.cs

@@ -41,6 +41,7 @@ public ShareFileStorageResourceOptions() { }
         public System.Collections.Generic.IDictionary<string, string> FileMetadata { get { throw null; } set { } }
         public bool? FilePermissions { get { throw null; } set { } }
         public bool IsNfs { get { throw null; } set { } }
+        public bool SkipProtocolValidation { get { throw null; } set { } }
         public Azure.Storage.Files.Shares.Models.ShareFileRequestConditions SourceConditions { get { throw null; } set { } }
     }
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "net",
   "TagPrefix": "net/storage/Azure.Storage.DataMovement.Files.Shares",
-  "Tag": "net/storage/Azure.Storage.DataMovement.Files.Shares_7af87df10f"
+  "Tag": "net/storage/Azure.Storage.DataMovement.Files.Shares_5ab02c363e"
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/Azure.Storage.DataMovement.Files.Shares.csproj

@@ -28,6 +28,7 @@
     <PackageReference Include="System.Threading.Channels" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="$(AzureCoreSharedSources)AzureEventSource.cs" LinkBase="Shared\Core" />
     <Compile Include="$(AzureCoreSharedSources)CancellationHelper.cs" LinkBase="SharedCore" />
     <Compile Include="$(AzureCoreSharedSources)HashCodeBuilder.cs" LinkBase="Shared\Core" />
   </ItemGroup>

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/DataMovementFileShareEventSource.cs

@@ -0,0 +1,25 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+using System.Diagnostics.Tracing;
+using Azure.Core.Diagnostics;
+
+namespace Azure.Storage.DataMovement.Files.Shares
+{
+    internal class DataMovementFileShareEventSource : AzureEventSource
+    {
+        private const string EventSourceName = "Azure-Storage-DataMovement-Files-Shares";
+
+        private const int ProtocolValidationSkippedEvent = 1;
+
+        private DataMovementFileShareEventSource() : base(EventSourceName) { }
+
+        public static DataMovementFileShareEventSource Singleton { get; } = new DataMovementFileShareEventSource();
+
+        [Event(ProtocolValidationSkippedEvent, Level = EventLevel.Informational, Message = "Transfer [{0}] Protocol Validation skipped for {1}: Resource={2}")]
+        public void ProtocolValidationSkipped(string transferId, string endpoint, string resourceUri)
+        {
+            WriteEvent(ProtocolValidationSkippedEvent, transferId, endpoint, resourceUri);
+        }
+    }
+}

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/DataMovementSharesExtensions.cs

@@ -3,8 +3,11 @@
 
 using System;
 using System.Collections.Generic;
+using System.Threading.Tasks;
+using System.Threading;
 using Azure.Storage.Files.Shares.Models;
 using Metadata = System.Collections.Generic.IDictionary<string, string>;
+using Azure.Storage.Files.Shares;
 
 namespace Azure.Storage.DataMovement.Files.Shares
 {
@@ -680,6 +683,38 @@ private static string[] ConvertContentPropertyObjectToStringArray(string content
                 throw Storage.Errors.UnexpectedPropertyType(contentPropertyName, DataMovementConstants.StringTypeStr, DataMovementConstants.StringArrayTypeStr);
             }
         }
+
+        public static async Task ValidateProtocolAsync(
+            ShareClient parentShareClient,
+            ShareFileStorageResourceOptions options,
+            string transferId,
+            string endpoint,
+            string resourceUri,
+            CancellationToken cancellationToken)
+        {
+            if (!options?.SkipProtocolValidation ?? true)
+            {
+                try
+                {
+                    ShareProperties properties = await parentShareClient.GetPropertiesAsync(cancellationToken).ConfigureAwait(false);
+                    ShareProtocols expectedProtocol = options.IsNfs ? ShareProtocols.Nfs : ShareProtocols.Smb;
+                    ShareProtocols actualProtocol = properties.Protocols ?? ShareProtocols.Smb;
+
+                    if (actualProtocol != expectedProtocol)
+                    {
+                        throw Errors.ProtocolSetMismatch(endpoint, expectedProtocol, actualProtocol);
+                    }
+                }
+                catch (RequestFailedException ex) when (ex.Status == 403)
+                {
+                    throw Errors.ProtocolValidationAuthorizationFailure(ex, endpoint);
+                }
+            }
+            else
+            {
+                DataMovementFileShareEventSource.Singleton.ProtocolValidationSkipped(transferId, endpoint, resourceUri);
+            }
+        }
     }
 
 #pragma warning disable SA1402 // File may only contain a single type

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/ShareDirectoryStorageResourceContainer.cs

@@ -65,8 +65,8 @@ protected override async IAsyncEnumerable<StorageResource> GetStorageResourcesAs
                 ShareDirectoryStorageResourceContainer destinationStorageResourceContainer
                     = destinationContainer as ShareDirectoryStorageResourceContainer;
                 ShareFileStorageResourceOptions destinationOptions = destinationStorageResourceContainer.ResourceOptions;
-                // destination must be SMB
-                if ((!destinationOptions?.IsNfs ?? true))
+                // both source and destination must be SMB
+                if ((!ResourceOptions?.IsNfs ?? true) && (!destinationOptions?.IsNfs ?? true))
                 {
                     traits = ShareFileTraits.Attributes;
                     if (destinationOptions?.FilePermissions ?? false)
@@ -176,5 +176,40 @@ await ShareDirectoryClient.CreateIfNotExistsAsync(
                 options: options,
                 cancellationToken: cancellationToken).ConfigureAwait(false);
         }
+
+        protected override async Task ValidateTransferAsync(
+            string transferId,
+            StorageResource sourceResource,
+            CancellationToken cancellationToken = default)
+        {
+            CancellationHelper.ThrowIfCancellationRequested(cancellationToken);
+
+            if (sourceResource is ShareDirectoryStorageResourceContainer sourceShareDirectoryResource)
+            {
+                // Ensure the transfer is supported (NFS -> NFS and SMB -> SMB)
+                if ((ResourceOptions?.IsNfs ?? false) != (sourceShareDirectoryResource.ResourceOptions?.IsNfs ?? false))
+                {
+                    throw Errors.ShareTransferNotSupported();
+                }
+
+                // Validate the source protocol
+                await DataMovementSharesExtensions.ValidateProtocolAsync(
+                    sourceShareDirectoryResource.ShareDirectoryClient.GetParentShareClient(),
+                    sourceShareDirectoryResource.ResourceOptions,
+                    transferId,
+                    "source",
+                    sourceResource.Uri.AbsoluteUri,
+                    cancellationToken).ConfigureAwait(false);
+            }
+
+            // Validate the destination protocol
+            await DataMovementSharesExtensions.ValidateProtocolAsync(
+                ShareDirectoryClient.GetParentShareClient(),
+                ResourceOptions,
+                transferId,
+                "destination",
+                Uri.AbsoluteUri,
+                cancellationToken).ConfigureAwait(false);
+        }
     }
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/ShareFileStorageResource.cs

@@ -276,8 +276,8 @@ protected override async Task SetPermissionsAsync(
             if (sourceResource is ShareFileStorageResource)
             {
                 ShareFileStorageResource sourceShareFile = (ShareFileStorageResource)sourceResource;
-                // destination must be SMB and destination FilePermission option must be set.
-                if ((!_options?.IsNfs ?? true) && (_options?.FilePermissions ?? false))
+                // both source and destination must be SMB and destination FilePermission option must be set.
+                if ((!sourceShareFile._options?.IsNfs ?? true) && (!_options?.IsNfs ?? true) && (_options?.FilePermissions ?? false))
                 {
                     string permissionsValue = sourceProperties?.RawProperties?.GetPermission();
                     string destinationPermissionKey = sourceProperties?.RawProperties?.GetDestinationPermissionKey();
@@ -347,6 +347,41 @@ protected override StorageResourceCheckpointDetails GetDestinationCheckpointDeta
                 isDirectoryMetadataSet: _options?._isDirectoryMetadataSet ?? false,
                 directoryMetadata: _options?.DirectoryMetadata);
         }
+
+        protected override async Task ValidateTransferAsync(
+            string transferId,
+            StorageResource sourceResource,
+            CancellationToken cancellationToken = default)
+        {
+            CancellationHelper.ThrowIfCancellationRequested(cancellationToken);
+
+            if (sourceResource is ShareFileStorageResource sourceShareFileResource)
+            {
+                // Ensure the transfer is supported (NFS -> NFS and SMB -> SMB)
+                if ((_options?.IsNfs ?? false) != (sourceShareFileResource._options?.IsNfs ?? false))
+                {
+                    throw Errors.ShareTransferNotSupported();
+                }
+
+                // Validate the source protocol
+                await DataMovementSharesExtensions.ValidateProtocolAsync(
+                    sourceShareFileResource.ShareFileClient.GetParentShareClient(),
+                    sourceShareFileResource._options,
+                    transferId,
+                    "source",
+                    sourceResource.Uri.AbsoluteUri,
+                    cancellationToken).ConfigureAwait(false);
+            }
+
+            // Validate the destination protocol
+            await DataMovementSharesExtensions.ValidateProtocolAsync(
+                ShareFileClient.GetParentShareClient(),
+                _options,
+                transferId,
+                "destination",
+                Uri.AbsoluteUri,
+                cancellationToken).ConfigureAwait(false);
+        }
     }
 
 #pragma warning disable SA1402 // File may only contain a single type
@@ -355,5 +390,16 @@ internal partial class Errors
     {
         public static InvalidOperationException ShareFileAlreadyExists(string pathName)
             => new InvalidOperationException($"Share File `{pathName}` already exists. Cannot overwrite file.");
+
+        public static ArgumentException ProtocolSetMismatch(string endpoint, ShareProtocols setProtocol, ShareProtocols actualProtocol)
+            => new ArgumentException($"The Protocol set on the {endpoint} '{setProtocol}' does not match the actual Protocol of the share '{actualProtocol}'.");
+
+        public static UnauthorizedAccessException ProtocolValidationAuthorizationFailure(RequestFailedException ex, string endpoint)
+            => new UnauthorizedAccessException($"Authorization failure on the {endpoint} when validating the Protocol. " +
+                $"To skip this validation, please enable SkipProtocolValidation.", ex);
+
+        public static NotSupportedException ShareTransferNotSupported()
+            => new NotSupportedException("This Share transfer is not supported. " +
+                "Currently only NFS -> NFS and SMB -> SMB Share transfers are supported");
     }
 }

sdk/storage/Azure.Storage.DataMovement.Files.Shares/src/ShareFileStorageResourceOptions.cs

@@ -46,6 +46,14 @@ public class ShareFileStorageResourceOptions
         private Metadata _fileMetadata = default;
         internal bool _isFileMetadataSet = false;
 
+        /// <summary>
+        /// Optional. Specifies whether protocol validation for the resource should be skipped before starting the transfer.
+        /// By default this value is set to false.
+        /// Applies to copy, upload, and download transfers.
+        /// Note: Protocol validation requires share-level read access.
+        /// </summary>
+        public bool SkipProtocolValidation { get; set; } = false;
+
         /// <summary>
         /// Optional. Specifies whether the Share uses NFS or SMB protocol.
         /// By default this value is set to false. If true is selected, the account used must support NFS.