fix and test (Azure#48579)

Author: jaschrep-msft

sdk/storage/Azure.Storage.Blobs/src/BlobContainerClient.cs

@@ -407,7 +407,10 @@ internal BlobContainerClient(
         {
             _uri = containerUri;
             _clientConfiguration = clientConfiguration;
-            _authenticationPolicy = StorageClientOptions.GetAuthenticationPolicy(_clientConfiguration.SharedKeyCredential);
+            _authenticationPolicy = StorageClientOptions.GetAuthenticationPolicy(
+                (object)_clientConfiguration.SharedKeyCredential ??
+                (object)_clientConfiguration.TokenCredential ??
+                (object)_clientConfiguration.SasCredential);
             _clientSideEncryption = clientSideEncryption?.Clone();
             _containerRestClient = BuildContainerRestClient(containerUri);
 

sdk/storage/Azure.Storage.Blobs/tests/ContainerClientTests.cs

@@ -11,15 +11,18 @@
 using System.Threading;
 using System.Threading.Tasks;
 using Azure.Core;
+using Azure.Core.Pipeline;
 using Azure.Core.TestFramework;
 using Azure.Identity;
 using Azure.Storage.Blobs.Models;
 using Azure.Storage.Blobs.Specialized;
 using Azure.Storage.Blobs.Tests;
+using Azure.Storage.Common;
 using Azure.Storage.Sas;
 using Azure.Storage.Shared;
 using Azure.Storage.Test;
 using Azure.Storage.Test.Shared;
+using Azure.Storage.Tests;
 using Moq;
 using Moq.Protected;
 using NUnit.Framework;
@@ -441,6 +444,67 @@ public void ctor_BlobContainerClient_clientSideEncryptionOptions()
             Assert.NotNull(client.ClientSideEncryption);
         }
 
+        [Test]
+        public void Ctor_FromConfig(
+            [Values(
+            StorageAuthType.None,
+            StorageAuthType.StorageSharedKey,
+            StorageAuthType.Token,
+            StorageAuthType.Sas)] StorageAuthType authType)
+        {
+            StorageSharedKeyCredential sharedKeyCred =
+                authType == StorageAuthType.StorageSharedKey ? new("", "") : null;
+            TokenCredential tokenCred =
+                authType == StorageAuthType.Token ? new DefaultAzureCredential() : null;
+            AzureSasCredential sasCred =
+                authType == StorageAuthType.Sas ? new("?foo=bar") : null;
+
+            BlobClientOptions options = new();
+            BlobContainerClient container = new(
+                new Uri("https://example.blob.core.windows.net"),
+                new BlobClientConfiguration(
+                    options.Build(authType switch
+                    {
+                        StorageAuthType.StorageSharedKey => sharedKeyCred,
+                        StorageAuthType.Token => tokenCred,
+                        StorageAuthType.Sas => sasCred,
+                        _ => null,
+                    }),
+                    sharedKeyCred,
+                    tokenCred,
+                    sasCred,
+                    new ClientDiagnostics(options),
+                    _serviceVersion,
+                    customerProvidedKey: default,
+                    transferValidation: null,
+                    encryptionScope: null,
+                    trimBlobNameSlashes: default),
+                null);
+
+            Assert.That(container.ClientConfiguration.SharedKeyCredential,
+                authType == StorageAuthType.StorageSharedKey ? Is.EqualTo(sharedKeyCred) : Is.Null);
+            Assert.That(container.ClientConfiguration.TokenCredential,
+                authType == StorageAuthType.Token ? Is.EqualTo(tokenCred) : Is.Null);
+            Assert.That(container.ClientConfiguration.SasCredential,
+                authType == StorageAuthType.Sas ? Is.EqualTo(sasCred) : Is.Null);
+
+            switch (authType)
+            {
+                case StorageAuthType.None:
+                    Assert.That(container.AuthenticationPolicy, Is.Null);
+                    break;
+                case StorageAuthType.StorageSharedKey:
+                    Assert.That(container.AuthenticationPolicy, Is.TypeOf<StorageSharedKeyPipelinePolicy>());
+                    break;
+                case StorageAuthType.Token:
+                    Assert.That(container.AuthenticationPolicy, Is.TypeOf<StorageBearerTokenChallengeAuthorizationPolicy>());
+                    break;
+                case StorageAuthType.Sas:
+                    Assert.That(container.AuthenticationPolicy, Is.TypeOf<AzureSasCredentialSynchronousPolicy>());
+                    break;
+            }
+        }
+
         [RecordedTest]
         public async Task CreateAsync_WithSharedKey()
         {

sdk/storage/Azure.Storage.Common/src/Shared/StorageClientOptions.cs

@@ -92,6 +92,8 @@ public static HttpPipelinePolicy GetAuthenticationPolicy(object credentials = nu
                     return sharedKey.AsPolicy();
                 case TokenCredential token:
                     return token.AsPolicy(scope, options);
+                case AzureSasCredential sas:
+                    return new AzureSasCredentialSynchronousPolicy(sas);
                 default:
                     throw Errors.InvalidCredentials(credentials.GetType().FullName);
             }

sdk/storage/Azure.Storage.Common/tests/Shared/StorageAuthType.cs

@@ -0,0 +1,12 @@
+// Copyright (c) Microsoft Corporation. All rights reserved.
+// Licensed under the MIT License.
+
+namespace Azure.Storage.Tests;
+
+public enum StorageAuthType
+{
+    None,
+    StorageSharedKey,
+    Token,
+    Sas,
+}