Added post deployment step to create SAS with additional permission (#…

…11509)

* Added post deployment step to create SAS with additional permission

sdk/storage/test-resources-post.ps1

@@ -44,4 +44,51 @@ Write-Verbose "CORS rule set for $storageAccountName"
 $datalakeStorageAccountName = $DeploymentOutputs['DFS_ACCOUNT_NAME']
 $context = New-AzStorageContext -StorageAccountName $datalakeStorageAccountName
 Set-AzStorageCORSRule -ServiceType 'Blob' -CorsRules $corsRules -Context $context
-Write-Verbose "CORS rule set for $datalakeStorageAccountName"
+Write-Verbose "CORS rule set for $datalakeStorageAccountName"
+
+# Run any post deployment script and set any additional keys to set in Env
+$AdditionalEnvKeys = @{}
+
+# Create SAS for storage account with additional permissions that are not supported by SRP deployment
+$storageAccount = $DeploymentOutputs['ACCOUNT_NAME']
+Write-Host "Creating SAS for storage account $storageAccount"
+$storageContext = New-AzStorageContext -StorageAccountName $storageAccount -StorageAccountKey $DeploymentOutputs['ACCOUNT_KEY']
+$storageSas = New-AzStorageAccountSASToken -ResourceType Service, Container, Object -Service Blob, File, Queue, Table -Permission "rwdxftlacup" -Context $storageContext
+$AdditionalEnvKeys["ACCOUNT_SAS"] = $storageSas
+
+$datalakeStorageAccount = $DeploymentOutputs['DFS_ACCOUNT_NAME']
+Write-Host "Creating SAS for datalake storage account $datalakeStorageAccount"
+$storageContext = New-AzStorageContext -StorageAccountName $datalakeStorageAccount -StorageAccountKey $DeploymentOutputs['DFS_ACCOUNT_KEY']
+$storageSas = New-AzStorageAccountSASToken -ResourceType Service, Container, Object -Service Blob, File, Queue, Table -Permission "rwdxftlacup" -Context $storageContext
+$AdditionalEnvKeys["DFS_ACCOUNT_SAS"] = $storageSas
+
+
+# Try to detect the shell based on the parent process name (e.g. launch via shebang).
+$shell, $shellExportFormat = if (($parentProcessName = (Get-Process -Id $PID).Parent.ProcessName) -and $parentProcessName -eq 'cmd') {
+  'cmd', 'set {0}={1}'
+}
+elseif (@('bash', 'csh', 'tcsh', 'zsh') -contains $parentProcessName) {
+  'shell', 'export {0}={1}'
+}
+else {
+  'PowerShell', '$env:{0} = ''{1}'''
+}
+
+$CI = ($null -ne $env:SYSTEM_TEAMPROJECTID)
+
+# Set additional keys as ENV variables
+foreach ($key in $AdditionalEnvKeys.Keys) {
+  $value = $AdditionalEnvKeys[$key]
+  $environmentVariables[$key] = $value
+
+  if ($CI) {
+    # Treat all ARM template output variables as secrets since "SecureString" variables do not set values.
+    # In order to mask secrets but set environment variables for any given ARM template, we set variables twice as shown below.
+    Write-Host "Setting variable '$key': ***"
+    Write-Host "##vso[task.setvariable variable=_$key;issecret=true;]$($value)"
+    Write-Host "##vso[task.setvariable variable=$key;]$($value)"
+  }
+  else {
+    Write-Host ($shellExportFormat -f $key, $value)
+  }
+}