Class EncryptedBlobClientBuilder
- All Implemented Interfaces:
AzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>
,AzureSasCredentialTrait<EncryptedBlobClientBuilder>
,ConfigurationTrait<EncryptedBlobClientBuilder>
,ConnectionStringTrait<EncryptedBlobClientBuilder>
,EndpointTrait<EncryptedBlobClientBuilder>
,HttpTrait<EncryptedBlobClientBuilder>
,TokenCredentialTrait<EncryptedBlobClientBuilder>
The following information must be provided on this builder:
- Endpoint set through
endpoint(String)
, including the container name and blob name, in the format ofhttps://{accountName}.blob.core.windows.net/{containerName}/{blobName}
. - Container and blob name if not specified in the
endpoint(String)
, set throughcontainerName(String)
andblobName(String)
respectively. - Credential set through
credential(StorageSharedKeyCredential)
,sasToken(String)
, orconnectionString(String)
if the container is not publicly accessible. - Key and key wrapping algorithm (for encryption) and/or key resolver (for decryption) must be specified
through
key(AsyncKeyEncryptionKey, String)
andkeyResolver(AsyncKeyEncryptionKeyResolver)
Once all the configurations are set on this builder use the following mapping to construct the given client:
-
Constructor Summary
ConstructorDescriptionDeprecated.Creates a new instance of the EncryptedBlobClientbuilder. -
Method Summary
Modifier and TypeMethodDescriptionaddPolicy
(HttpPipelinePolicy pipelinePolicy) Adds apipeline policy
to apply on each request sent.blobAsyncClient
(BlobAsyncClient blobAsyncClient) Configures the builder based on the passedBlobAsyncClient
.blobClient
(BlobClient blobClient) Configures the builder based on the passedBlobClient
.Sets the name of the blob.Creates aEncryptedBlobAsyncClient
based on options set in the Builder.Creates aEncryptedBlobClient
based on options set in the Builder.clientOptions
(ClientOptions clientOptions) Allows for setting common properties such as application ID, headers, proxy configuration, etc.configuration
(Configuration configuration) Sets the configuration object used to retrieve environment configuration values during building of the client.connectionString
(String connectionString) Sets the connection string to connect to the service.containerName
(String containerName) Sets the name of the container that contains the blob.credential
(AzureNamedKeyCredential credential) Sets theAzureNamedKeyCredential
used to authorize requests sent to the service.credential
(AzureSasCredential credential) Sets theAzureSasCredential
used to authorize requests sent to the service.credential
(TokenCredential credential) Sets theTokenCredential
used to authorize requests sent to the service.credential
(StorageSharedKeyCredential credential) Sets theStorageSharedKeyCredential
used to authorize requests sent to the service.customerProvidedKey
(CustomerProvidedKey customerProvidedKey) Sets thecustomer provided key
that is used to encrypt blob contents on the server.encryptionScope
(String encryptionScope) Sets theencryption scope
that is used to encrypt blob contents on the server.Sets the service endpoint, additionally parses it for information (SAS token, container name, blob name)static HttpLogOptions
Gets the default Storage allowlist log headers and query parameters.httpClient
(HttpClient httpClient) Sets theHttpClient
to use for sending and receiving requests to and from the service.httpLogOptions
(HttpLogOptions logOptions) Sets thelogging configuration
to use when sending and receiving requests to and from the service.key
(AsyncKeyEncryptionKey key, String keyWrapAlgorithm) Sets the encryption key parameters for the clientkeyResolver
(AsyncKeyEncryptionKeyResolver keyResolver) Sets the encryption parameters for this clientpipeline
(HttpPipeline httpPipeline) Sets theHttpPipeline
to use for the service client.requiresEncryption
(boolean requiresEncryption) Sets the requires encryption option.retryOptions
(RetryOptions retryOptions) Sets theRetryOptions
for all the requests made through the client.retryOptions
(RequestRetryOptions retryOptions) Sets the request retry options for all the requests made through the client.Sets the SAS token used to authorize requests sent to the service.serviceVersion
(BlobServiceVersion version) Sets theBlobServiceVersion
that is used when making API requests.Clears the credential used to authorize the request.Sets the snapshot identifier of the blob.Sets the version identifier of the blob.
-
Constructor Details
-
EncryptedBlobClientBuilder
Deprecated.Creates a new instance of the EncryptedBlobClientBuilder -
EncryptedBlobClientBuilder
Creates a new instance of the EncryptedBlobClientbuilder.- Parameters:
version
- The version of the client side encryption protocol to use. It is highly recommended that v2 be preferred for security reasons, though v1 continues to be supported for compatibility reasons. Note that even a client configured to encrypt using v2 can decrypt blobs that use the v1 protocol.
-
-
Method Details
-
buildEncryptedBlobClient
Creates aEncryptedBlobClient
based on options set in the Builder.Code Samples
EncryptedBlobAsyncClient client = new EncryptedBlobClientBuilder() .key(key, keyWrapAlgorithm) .keyResolver(keyResolver) .connectionString(connectionString) .buildEncryptedBlobAsyncClient();
- Returns:
- a
EncryptedBlobClient
created from the configurations in this builder. - Throws:
NullPointerException
- Ifendpoint
,containerName
, orblobName
isnull
.IllegalStateException
- If multiple credentials have been specified.IllegalStateException
- If bothretryOptions(RetryOptions)
andretryOptions(RequestRetryOptions)
have been set.
-
buildEncryptedBlobAsyncClient
Creates aEncryptedBlobAsyncClient
based on options set in the Builder.Code Samples
EncryptedBlobClient client = new EncryptedBlobClientBuilder() .key(key, keyWrapAlgorithm) .keyResolver(keyResolver) .connectionString(connectionString) .buildEncryptedBlobClient();
- Returns:
- a
EncryptedBlobAsyncClient
created from the configurations in this builder. - Throws:
NullPointerException
- Ifendpoint
,containerName
, orblobName
isnull
.IllegalStateException
- If multiple credentials have been specified.IllegalStateException
- If bothretryOptions(RetryOptions)
andretryOptions(RequestRetryOptions)
have been set.
-
key
Sets the encryption key parameters for the client- Parameters:
key
- An object of typeAsyncKeyEncryptionKey
that is used to wrap/unwrap the content encryption keykeyWrapAlgorithm
- TheString
used to wrap the key.- Returns:
- the updated EncryptedBlobClientBuilder object
-
keyResolver
Sets the encryption parameters for this client- Parameters:
keyResolver
- The key resolver used to select the correct key for decrypting existing blobs.- Returns:
- the updated EncryptedBlobClientBuilder object
-
credential
Sets theAzureNamedKeyCredential
used to authorize requests sent to the service.- Specified by:
credential
in interfaceAzureNamedKeyCredentialTrait<EncryptedBlobClientBuilder>
- Parameters:
credential
-AzureNamedKeyCredential
.- Returns:
- the updated EncryptedBlobClientBuilder
- Throws:
NullPointerException
- Ifcredential
isnull
.
-
credential
Sets theTokenCredential
used to authorize requests sent to the service. Refer to the Azure SDK for Java identity and authentication documentation for more details on proper usage of theTokenCredential
type.- Specified by:
credential
in interfaceTokenCredentialTrait<EncryptedBlobClientBuilder>
- Parameters:
credential
-TokenCredential
used to authorize requests sent to the service.- Returns:
- the updated EncryptedBlobClientBuilder
- Throws:
NullPointerException
- Ifcredential
isnull
.
-
sasToken
Sets the SAS token used to authorize requests sent to the service.- Parameters:
sasToken
- The SAS token to use for authenticating requests. This string should only be the query parameters (with or without a leading '?') and not a full url.- Returns:
- the updated EncryptedBlobClientBuilder
- Throws:
NullPointerException
- IfsasToken
isnull
.
-
credential
Sets theAzureSasCredential
used to authorize requests sent to the service.- Specified by:
credential
in interfaceAzureSasCredentialTrait<EncryptedBlobClientBuilder>
- Parameters:
credential
-AzureSasCredential
used to authorize requests sent to the service.- Returns:
- the updated EncryptedBlobClientBuilder
- Throws:
NullPointerException
- Ifcredential
isnull
.
-
setAnonymousAccess
Clears the credential used to authorize the request.This is for blobs that are publicly accessible.
- Returns:
- the updated EncryptedBlobClientBuilder
-
connectionString
Sets the connection string to connect to the service.- Specified by:
connectionString
in interfaceConnectionStringTrait<EncryptedBlobClientBuilder>
- Parameters:
connectionString
- Connection string of the storage account.- Returns:
- the updated EncryptedBlobClientBuilder
- Throws:
IllegalArgumentException
- IfconnectionString
is invalid.
-
endpoint
Sets the service endpoint, additionally parses it for information (SAS token, container name, blob name)If the blob name contains special characters, pass in the url encoded version of the blob name.
If the endpoint is to a blob in the root container, this method will fail as it will interpret the blob name as the container name. With only one path element, it is impossible to distinguish between a container name and a blob in the root container, so it is assumed to be the container name as this is much more common. When working with blobs in the root container, it is best to set the endpoint to the account url and specify the blob name separately using the
blobName
method.- Specified by:
endpoint
in interfaceEndpointTrait<EncryptedBlobClientBuilder>
- Parameters:
endpoint
- URL of the service- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
IllegalArgumentException
- Ifendpoint
isnull
or is a malformed URL.
-
containerName
Sets the name of the container that contains the blob.- Parameters:
containerName
- Name of the container. If the valuenull
or empty the root container,$root
, will be used.- Returns:
- the updated EncryptedBlobClientBuilder object
-
blobName
Sets the name of the blob.- Parameters:
blobName
- Name of the blob. If the blob name contains special characters, pass in the url encoded version of the blob name.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IfblobName
isnull
-
snapshot
Sets the snapshot identifier of the blob.- Parameters:
snapshot
- Snapshot identifier for the blob.- Returns:
- the updated EncryptedBlobClientBuilder object
-
versionId
Sets the version identifier of the blob.- Parameters:
versionId
- Version identifier for the blob, passnull
to interact with the latest blob version.- Returns:
- the updated EncryptedBlobClientBuilder object
-
httpClient
Sets theHttpClient
to use for sending and receiving requests to and from the service.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.- Specified by:
httpClient
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
httpClient
- TheHttpClient
to use for requests.- Returns:
- the updated EncryptedBlobClientBuilder object
-
addPolicy
Adds apipeline policy
to apply on each request sent.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.- Specified by:
addPolicy
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
pipelinePolicy
- Apipeline policy
.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IfpipelinePolicy
isnull
.
-
httpLogOptions
Sets thelogging configuration
to use when sending and receiving requests to and from the service. If alogLevel
is not provided, default value ofHttpLogDetailLevel.NONE
is set.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.- Specified by:
httpLogOptions
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
logOptions
- Thelogging configuration
to use when sending and receiving requests to and from the service.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IflogOptions
isnull
.
-
getDefaultHttpLogOptions
Gets the default Storage allowlist log headers and query parameters.- Returns:
- the default http log options.
-
configuration
Sets the configuration object used to retrieve environment configuration values during building of the client.- Specified by:
configuration
in interfaceConfigurationTrait<EncryptedBlobClientBuilder>
- Parameters:
configuration
- Configuration store used to retrieve environment configurations.- Returns:
- the updated EncryptedBlobClientBuilder object
-
retryOptions
Sets the request retry options for all the requests made through the client. Setting this is mutually exclusive with usingretryOptions(RetryOptions)
.- Parameters:
retryOptions
-RequestRetryOptions
.- Returns:
- the updated EncryptedBlobClientBuilder object.
-
retryOptions
Sets theRetryOptions
for all the requests made through the client.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.Setting this is mutually exclusive with using
retryOptions(RequestRetryOptions)
. Consider usingretryOptions(RequestRetryOptions)
to also set storage specific options.- Specified by:
retryOptions
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
retryOptions
- TheRetryOptions
to use for all the requests made through the client.- Returns:
- the updated EncryptedBlobClientBuilder object
-
pipeline
Sets theHttpPipeline
to use for the service client.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.The
endpoint
andcustomer provided key
are not ignored whenpipeline
is set.- Specified by:
pipeline
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
httpPipeline
-HttpPipeline
to use for sending service requests and receiving responses.- Returns:
- the updated EncryptedBlobClientBuilder object
-
clientOptions
Allows for setting common properties such as application ID, headers, proxy configuration, etc. Note that it is recommended that this method be called with an instance of theHttpClientOptions
class (a subclass of theClientOptions
base class). The HttpClientOptions subclass provides more configuration options suitable for HTTP clients, which is applicable for any class that implements this HttpTrait interface.Note: It is important to understand the precedence order of the HttpTrait APIs. In particular, if a
HttpPipeline
is specified, this takes precedence over all other APIs in the trait, and they will be ignored. If noHttpPipeline
is specified, a HTTP pipeline will be constructed internally based on the settings provided to this trait. Additionally, there may be other APIs in types that implement this trait that are also ignored if anHttpPipeline
is specified, so please be sure to refer to the documentation of types that implement this trait to understand the full set of implications.- Specified by:
clientOptions
in interfaceHttpTrait<EncryptedBlobClientBuilder>
- Parameters:
clientOptions
- A configured instance ofHttpClientOptions
.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IfclientOptions
isnull
.- See Also:
-
serviceVersion
Sets theBlobServiceVersion
that is used when making API requests.If a service version is not provided, the service version that will be used will be the latest known service version based on the version of the client library being used. If no service version is specified, updating to a newer version of the client library will have the result of potentially moving to a newer service version.
Targeting a specific service version may also mean that the service will return an error for newer APIs.
- Parameters:
version
-BlobServiceVersion
of the service to be used when making requests.- Returns:
- the updated EncryptedBlobClientBuilder object
-
customerProvidedKey
Sets thecustomer provided key
that is used to encrypt blob contents on the server.- Parameters:
customerProvidedKey
-CustomerProvidedKey
- Returns:
- the updated EncryptedBlobClientBuilder object
-
encryptionScope
Sets theencryption scope
that is used to encrypt blob contents on the server.- Parameters:
encryptionScope
- Encryption scope containing the encryption key information.- Returns:
- the updated EncryptedBlobClientBuilder object
-
blobClient
Configures the builder based on the passedBlobClient
. This will set theHttpPipeline
,URL
andBlobServiceVersion
that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.If
pipeline
is set, all other settings are ignored, aside fromendpoint
andserviceVersion
.Note that for security reasons, this method does not copy over the
CustomerProvidedKey
and encryption scope properties from the provided client. To set CPK, please usecustomerProvidedKey(CustomerProvidedKey)
.- Parameters:
blobClient
- BlobClient used to configure the builder.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IfcontainerClient
isnull
.
-
blobAsyncClient
Configures the builder based on the passedBlobAsyncClient
. This will set theHttpPipeline
,URL
andBlobServiceVersion
that are used to interact with the service. Note that the underlying pipeline should not already be configured for encryption/decryption.If
pipeline
is set, all other settings are ignored, aside fromendpoint
andserviceVersion
.Note that for security reasons, this method does not copy over the
CustomerProvidedKey
and encryption scope properties from the provided client. To set CPK, please usecustomerProvidedKey(CustomerProvidedKey)
.- Parameters:
blobAsyncClient
- BlobAsyncClient used to configure the builder.- Returns:
- the updated EncryptedBlobClientBuilder object
- Throws:
NullPointerException
- IfcontainerClient
isnull
.
-
requiresEncryption
Sets the requires encryption option.- Parameters:
requiresEncryption
- Whether encryption is enforced by this client. Client will throw if data is downloaded and it is not encrypted.- Returns:
- the updated EncryptedBlobClientBuilder object
-
EncryptedBlobClientBuilder(EncryptionVersion)
.