vendor, internal/build: fix OpenBSD by bumping Azure libs (#17966)

* bump azure-storage-blob-go dependency to 0.3.0 release

* update azure-storage-blob-go module import path

* fix multiple return values on azblob.NewSharedKeyCredential

* vendor: bump Azure libs to latest from upstream

internal/build/azure.go

@@ -22,7 +22,7 @@ import (
 	"net/url"
 	"os"
 
-	"github.com/Azure/azure-storage-blob-go/2018-03-28/azblob"
+	"github.com/Azure/azure-storage-blob-go/azblob"
 )
 
 // AzureBlobstoreConfig is an authentication and configuration struct containing
@@ -45,7 +45,11 @@ func AzureBlobstoreUpload(path string, name string, config AzureBlobstoreConfig)
 		return nil
 	}
 	// Create an authenticated client against the Azure cloud
-	credential := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	credential, err := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	if err != nil {
+		return err
+	}
+
 	pipeline := azblob.NewPipeline(credential, azblob.PipelineOptions{})
 
 	u, _ := url.Parse(fmt.Sprintf("https://%s.blob.core.windows.net", config.Account))
@@ -67,7 +71,11 @@ func AzureBlobstoreUpload(path string, name string, config AzureBlobstoreConfig)
 
 // AzureBlobstoreList lists all the files contained within an azure blobstore.
 func AzureBlobstoreList(config AzureBlobstoreConfig) ([]azblob.BlobItem, error) {
-	credential := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	credential, err := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	if err != nil {
+		return nil, err
+	}
+
 	pipeline := azblob.NewPipeline(credential, azblob.PipelineOptions{})
 
 	u, _ := url.Parse(fmt.Sprintf("https://%s.blob.core.windows.net", config.Account))
@@ -95,7 +103,11 @@ func AzureBlobstoreDelete(config AzureBlobstoreConfig, blobs []azblob.BlobItem)
 		return nil
 	}
 	// Create an authenticated client against the Azure cloud
-	credential := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	credential, err := azblob.NewSharedKeyCredential(config.Account, config.Token)
+	if err != nil {
+		return err
+	}
+
 	pipeline := azblob.NewPipeline(credential, azblob.PipelineOptions{})
 
 	u, _ := url.Parse(fmt.Sprintf("https://%s.blob.core.windows.net", config.Account))

vendor/github.com/Azure/azure-pipeline-go/pipeline/core.go

@@ -2,6 +2,7 @@ package pipeline
 
 import (
 	"context"
+	"github.com/mattn/go-ieproxy"
 	"net"
 	"net/http"
 	"os"
@@ -204,7 +205,7 @@ func newDefaultHTTPClient() *http.Client {
 	// We want the Transport to have a large connection pool
 	return &http.Client{
 		Transport: &http.Transport{
-			Proxy: http.ProxyFromEnvironment,
+			Proxy: ieproxy.GetProxyFunc(),
 			// We use Dial instead of DialContext as DialContext has been reported to cause slower performance.
 			Dial /*Context*/ : (&net.Dialer{
 				Timeout:   30 * time.Second,
@@ -253,3 +254,31 @@ type methodFactoryMarker struct {
 func (methodFactoryMarker) New(next Policy, po *PolicyOptions) Policy {
 	panic("methodFactoryMarker policy should have been replaced with a method policy")
 }
+
+// LogSanitizer can be implemented to clean secrets from lines logged by ForceLog
+// By default no implemetation is provided here, because pipeline may be used in many different
+// contexts, so the correct implementation is context-dependent
+type LogSanitizer interface {
+	SanitizeLogMessage(raw string) string
+}
+
+var sanitizer LogSanitizer
+var enableForceLog bool = true
+
+// SetLogSanitizer can be called to supply a custom LogSanitizer.
+// There is no threadsafety or locking on the underlying variable,
+// so call this function just once at startup of your application
+// (Don't later try to change the sanitizer on the fly).
+func SetLogSanitizer(s LogSanitizer)(){
+	sanitizer = s
+}
+
+// SetForceLogEnabled can be used to disable ForceLog
+// There is no threadsafety or locking on the underlying variable,
+// so call this function just once at startup of your application
+// (Don't later try to change the setting on the fly).
+func SetForceLogEnabled(enable bool)() {
+	enableForceLog = enable
+}
+
+

vendor/github.com/Azure/azure-pipeline-go/pipeline/defaultlog.go

+package pipeline
+
+
+// ForceLog should rarely be used. It forceable logs an entry to the
+// Windows Event Log (on Windows) or to the SysLog (on Linux)
+func ForceLog(level LogLevel, msg string) {
+	if !enableForceLog {
+		return
+	}
+	if sanitizer != nil {
+		msg = sanitizer.SanitizeLogMessage(msg)
+	}
+	forceLog(level, msg)
+}

vendor/github.com/Azure/azure-pipeline-go/pipeline/defaultlog_syslog.go

@@ -7,9 +7,9 @@ import (
 	"log/syslog"
 )
 
-// ForceLog should rarely be used. It forceable logs an entry to the
+// forceLog should rarely be used. It forceable logs an entry to the
 // Windows Event Log (on Windows) or to the SysLog (on Linux)
-func ForceLog(level LogLevel, msg string) {
+func forceLog(level LogLevel, msg string) {
 	if defaultLogger == nil {
 		return // Return fast if we failed to create the logger.
 	}

vendor/github.com/Azure/azure-pipeline-go/pipeline/defaultlog_windows.go

@@ -6,9 +6,9 @@ import (
 	"unsafe"
 )
 
-// ForceLog should rarely be used. It forceable logs an entry to the
+// forceLog should rarely be used. It forceable logs an entry to the
 // Windows Event Log (on Windows) or to the SysLog (on Linux)
-func ForceLog(level LogLevel, msg string) {
+func forceLog(level LogLevel, msg string) {
 	var el eventType
 	switch level {
 	case LogError, LogFatal, LogPanic:
@@ -35,7 +35,7 @@ const (
 )
 
 var reportEvent = func() func(eventType eventType, eventID int32, msg string) {
-	advAPI32 := syscall.MustLoadDLL("AdvAPI32.dll")
+	advAPI32 := syscall.MustLoadDLL("advapi32.dll") // lower case to tie in with Go's sysdll registration
 	registerEventSource := advAPI32.MustFindProc("RegisterEventSourceW")
 
 	sourceName, _ := os.Executable()

vendor/github.com/Azure/azure-pipeline-go/pipeline/error.go

@@ -9,6 +9,23 @@ type causer interface {
 	Cause() error
 }
 
+func errorWithPC(msg string, pc uintptr) string {
+	s := ""
+	if fn := runtime.FuncForPC(pc); fn != nil {
+		file, line := fn.FileLine(pc)
+		s = fmt.Sprintf("-> %v, %v:%v\n", fn.Name(), file, line)
+	}
+	s += msg + "\n\n"
+	return s
+}
+
+func getPC(callersToSkip int) uintptr {
+	// Get the PC of Initialize method's caller.
+	pc := [1]uintptr{}
+	_ = runtime.Callers(callersToSkip, pc[:])
+	return pc[0]
+}
+
 // ErrorNode can be an embedded field in a private error object. This field
 // adds Program Counter support and a 'cause' (reference to a preceding error).
 // When initializing a error type with this embedded field, initialize the
@@ -22,12 +39,7 @@ type ErrorNode struct {
 // When defining a new error type, have its Error method call this one passing
 // it the string representation of the error.
 func (e *ErrorNode) Error(msg string) string {
-	s := ""
-	if fn := runtime.FuncForPC(e.pc); fn != nil {
-		file, line := fn.FileLine(e.pc)
-		s = fmt.Sprintf("-> %v, %v:%v\n", fn.Name(), file, line)
-	}
-	s += msg + "\n\n"
+	s := errorWithPC(msg, e.pc)
 	if e.cause != nil {
 		s += e.cause.Error() + "\n"
 	}
@@ -83,10 +95,8 @@ func (e ErrorNode) Timeout() bool {
 // value of 3 is very common; but, depending on your code nesting, you may need
 // a different value.
 func (ErrorNode) Initialize(cause error, callersToSkip int) ErrorNode {
-	// Get the PC of Initialize method's caller.
-	pc := [1]uintptr{}
-	_ = runtime.Callers(callersToSkip, pc[:])
-	return ErrorNode{pc: pc[0], cause: cause}
+	pc := getPC(callersToSkip)
+	return ErrorNode{pc: pc, cause: cause}
 }
 
 // Cause walks all the preceding errors and return the originating error.
@@ -101,12 +111,53 @@ func Cause(err error) error {
 	return err
 }
 
+// ErrorNodeNoCause can be an embedded field in a private error object. This field
+// adds Program Counter support.
+// When initializing a error type with this embedded field, initialize the
+// ErrorNodeNoCause field by calling ErrorNodeNoCause{}.Initialize().
+type ErrorNodeNoCause struct {
+	pc uintptr // Represents a Program Counter that you can get symbols for.
+}
+
+// Error returns a string with the PC's symbols or "" if the PC is invalid.
+// When defining a new error type, have its Error method call this one passing
+// it the string representation of the error.
+func (e *ErrorNodeNoCause) Error(msg string) string {
+	return errorWithPC(msg, e.pc)
+}
+
+// Temporary returns true if the error occurred due to a temporary condition.
+func (e ErrorNodeNoCause) Temporary() bool {
+	return false
+}
+
+// Timeout returns true if the error occurred due to time expiring.
+func (e ErrorNodeNoCause) Timeout() bool {
+	return false
+}
+
+// Initialize is used to initialize an embedded ErrorNode field.
+// It captures the caller's program counter.
+// To initialize the field, use "ErrorNodeNoCause{}.Initialize(3)". A callersToSkip
+// value of 3 is very common; but, depending on your code nesting, you may need
+// a different value.
+func (ErrorNodeNoCause) Initialize(callersToSkip int) ErrorNodeNoCause {
+	pc := getPC(callersToSkip)
+	return ErrorNodeNoCause{pc: pc}
+}
+
 // NewError creates a simple string error (like Error.New). But, this
-// error also captures the caller's Program Counter and the preceding error.
+// error also captures the caller's Program Counter and the preceding error (if provided).
 func NewError(cause error, msg string) error {
-	return &pcError{
-		ErrorNode: ErrorNode{}.Initialize(cause, 3),
-		msg:       msg,
+	if cause != nil {
+		return &pcError{
+			ErrorNode: ErrorNode{}.Initialize(cause, 3),
+			msg:       msg,
+		}
+	}
+	return &pcErrorNoCause{
+		ErrorNodeNoCause: ErrorNodeNoCause{}.Initialize(3),
+		msg:              msg,
 	}
 }
 
@@ -119,3 +170,12 @@ type pcError struct {
 // Error satisfies the error interface. It shows the error with Program Counter
 // symbols and calls Error on the preceding error so you can see the full error chain.
 func (e *pcError) Error() string { return e.ErrorNode.Error(e.msg) }
+
+// pcErrorNoCause is a simple string error (like error.New) with an ErrorNode (PC).
+type pcErrorNoCause struct {
+	ErrorNodeNoCause
+	msg string
+}
+
+// Error satisfies the error interface. It shows the error with Program Counter symbols.
+func (e *pcErrorNoCause) Error() string { return e.ErrorNodeNoCause.Error(e.msg) }

vendor/github.com/Azure/azure-pipeline-go/pipeline/version.go

@@ -5,5 +5,5 @@ const (
 	UserAgent = "azure-pipeline-go/" + Version
 
 	// Version is the semantic version (see http://semver.org) of the pipeline package.
-	Version = "0.1.0"
+	Version = "0.2.1"
 )

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/access_conditions.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/access_conditions.go

@@ -4,8 +4,8 @@ import (
 	"time"
 )
 
-// HTTPAccessConditions identifies standard HTTP access conditions which you optionally set.
-type HTTPAccessConditions struct {
+// ModifiedAccessConditions identifies standard HTTP access conditions which you optionally set.
+type ModifiedAccessConditions struct {
 	IfModifiedSince   time.Time
 	IfUnmodifiedSince time.Time
 	IfMatch           ETag
@@ -13,7 +13,7 @@ type HTTPAccessConditions struct {
 }
 
 // pointers is for internal infrastructure. It returns the fields as pointers.
-func (ac HTTPAccessConditions) pointers() (ims *time.Time, ius *time.Time, ime *ETag, inme *ETag) {
+func (ac ModifiedAccessConditions) pointers() (ims *time.Time, ius *time.Time, ime *ETag, inme *ETag) {
 	if !ac.IfModifiedSince.IsZero() {
 		ims = &ac.IfModifiedSince
 	}
@@ -31,16 +31,14 @@ func (ac HTTPAccessConditions) pointers() (ims *time.Time, ius *time.Time, ime *
 
 // ContainerAccessConditions identifies container-specific access conditions which you optionally set.
 type ContainerAccessConditions struct {
-	HTTPAccessConditions
+	ModifiedAccessConditions
 	LeaseAccessConditions
 }
 
 // BlobAccessConditions identifies blob-specific access conditions which you optionally set.
 type BlobAccessConditions struct {
-	HTTPAccessConditions
+	ModifiedAccessConditions
 	LeaseAccessConditions
-	AppendBlobAccessConditions
-	PageBlobAccessConditions
 }
 
 // LeaseAccessConditions identifies lease access conditions for a container or blob which you optionally set.

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/atomicmorph.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/atomicmorph.go

@@ -5,13 +5,12 @@ import "sync/atomic"
 // AtomicMorpherInt32 identifies a method passed to and invoked by the AtomicMorphInt32 function.
 // The AtomicMorpher callback is passed a startValue and based on this value it returns
 // what the new value should be and the result that AtomicMorph should return to its caller.
-type AtomicMorpherInt32 func(startVal int32) (val int32, morphResult interface{})
+type atomicMorpherInt32 func(startVal int32) (val int32, morphResult interface{})
+
+const targetAndMorpherMustNotBeNil = "target and morpher must not be nil"
 
 // AtomicMorph atomically morphs target in to new value (and result) as indicated bythe AtomicMorpher callback function.
-func AtomicMorphInt32(target *int32, morpher AtomicMorpherInt32) interface{} {
-	if target == nil || morpher == nil {
-		panic("target and morpher mut not be nil")
-	}
+func atomicMorphInt32(target *int32, morpher atomicMorpherInt32) interface{} {
 	for {
 		currentVal := atomic.LoadInt32(target)
 		desiredVal, morphResult := morpher(currentVal)
@@ -24,13 +23,10 @@ func AtomicMorphInt32(target *int32, morpher AtomicMorpherInt32) interface{} {
 // AtomicMorpherUint32 identifies a method passed to and invoked by the AtomicMorph function.
 // The AtomicMorpher callback is passed a startValue and based on this value it returns
 // what the new value should be and the result that AtomicMorph should return to its caller.
-type AtomicMorpherUint32 func(startVal uint32) (val uint32, morphResult interface{})
+type atomicMorpherUint32 func(startVal uint32) (val uint32, morphResult interface{})
 
 // AtomicMorph atomically morphs target in to new value (and result) as indicated bythe AtomicMorpher callback function.
-func AtomicMorphUint32(target *uint32, morpher AtomicMorpherUint32) interface{} {
-	if target == nil || morpher == nil {
-		panic("target and morpher mut not be nil")
-	}
+func atomicMorphUint32(target *uint32, morpher atomicMorpherUint32) interface{} {
 	for {
 		currentVal := atomic.LoadUint32(target)
 		desiredVal, morphResult := morpher(currentVal)
@@ -43,13 +39,10 @@ func AtomicMorphUint32(target *uint32, morpher AtomicMorpherUint32) interface{}
 // AtomicMorpherUint64 identifies a method passed to and invoked by the AtomicMorphUint64 function.
 // The AtomicMorpher callback is passed a startValue and based on this value it returns
 // what the new value should be and the result that AtomicMorph should return to its caller.
-type AtomicMorpherInt64 func(startVal int64) (val int64, morphResult interface{})
+type atomicMorpherInt64 func(startVal int64) (val int64, morphResult interface{})
 
 // AtomicMorph atomically morphs target in to new value (and result) as indicated bythe AtomicMorpher callback function.
-func AtomicMorphInt64(target *int64, morpher AtomicMorpherInt64) interface{} {
-	if target == nil || morpher == nil {
-		panic("target and morpher mut not be nil")
-	}
+func atomicMorphInt64(target *int64, morpher atomicMorpherInt64) interface{} {
 	for {
 		currentVal := atomic.LoadInt64(target)
 		desiredVal, morphResult := morpher(currentVal)
@@ -62,13 +55,10 @@ func AtomicMorphInt64(target *int64, morpher AtomicMorpherInt64) interface{} {
 // AtomicMorpherUint64 identifies a method passed to and invoked by the AtomicMorphUint64 function.
 // The AtomicMorpher callback is passed a startValue and based on this value it returns
 // what the new value should be and the result that AtomicMorph should return to its caller.
-type AtomicMorpherUint64 func(startVal uint64) (val uint64, morphResult interface{})
+type atomicMorpherUint64 func(startVal uint64) (val uint64, morphResult interface{})
 
 // AtomicMorph atomically morphs target in to new value (and result) as indicated bythe AtomicMorpher callback function.
-func AtomicMorphUint64(target *uint64, morpher AtomicMorpherUint64) interface{} {
-	if target == nil || morpher == nil {
-		panic("target and morpher mut not be nil")
-	}
+func atomicMorphUint64(target *uint64, morpher atomicMorpherUint64) interface{} {
 	for {
 		currentVal := atomic.LoadUint64(target)
 		desiredVal, morphResult := morpher(currentVal)

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/parsing_urls.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/parsing_urls.go

 package azblob
 
 import (
+	"net"
 	"net/url"
 	"strings"
 )
@@ -14,13 +15,39 @@ const (
 // existing URL into its parts by calling NewBlobURLParts(). You construct a URL from parts by calling URL().
 // NOTE: Changing any SAS-related field requires computing a new SAS signature.
 type BlobURLParts struct {
-	Scheme         string // Ex: "https://"
-	Host           string // Ex: "account.blob.core.windows.net"
-	ContainerName  string // "" if no container
-	BlobName       string // "" if no blob
-	Snapshot       string // "" if not a snapshot
-	SAS            SASQueryParameters
-	UnparsedParams string
+	Scheme              string // Ex: "https://"
+	Host                string // Ex: "account.blob.core.windows.net", "10.132.141.33", "10.132.141.33:80"
+	IPEndpointStyleInfo IPEndpointStyleInfo
+	ContainerName       string // "" if no container
+	BlobName            string // "" if no blob
+	Snapshot            string // "" if not a snapshot
+	SAS                 SASQueryParameters
+	UnparsedParams      string
+}
+
+// IPEndpointStyleInfo is used for IP endpoint style URL when working with Azure storage emulator.
+// Ex: "https://10.132.141.33/accountname/containername"
+type IPEndpointStyleInfo struct {
+	AccountName string // "" if not using IP endpoint style
+}
+
+// isIPEndpointStyle checkes if URL's host is IP, in this case the storage account endpoint will be composed as:
+// http(s)://IP(:port)/storageaccount/container/...
+// As url's Host property, host could be both host or host:port
+func isIPEndpointStyle(host string) bool {
+	if host == "" {
+		return false
+	}
+	if h, _, err := net.SplitHostPort(host); err == nil {
+		host = h
+	}
+	// For IPv6, there could be case where SplitHostPort fails for cannot finding port.
+	// In this case, eliminate the '[' and ']' in the URL.
+	// For details about IPv6 URL, please refer to https://tools.ietf.org/html/rfc2732
+	if host[0] == '[' && host[len(host)-1] == ']' {
+		host = host[1 : len(host)-1]
+	}
+	return net.ParseIP(host) != nil
 }
 
 // NewBlobURLParts parses a URL initializing BlobURLParts' fields including any SAS-related & snapshot query parameters. Any other
@@ -37,10 +64,17 @@ func NewBlobURLParts(u url.URL) BlobURLParts {
 		if path[0] == '/' {
 			path = path[1:] // If path starts with a slash, remove it
 		}
+		if isIPEndpointStyle(up.Host) {
+			if accountEndIndex := strings.Index(path, "/"); accountEndIndex == -1 { // Slash not found; path has account name & no container name or blob
+				up.IPEndpointStyleInfo.AccountName = path
+			} else {
+				up.IPEndpointStyleInfo.AccountName = path[:accountEndIndex] // The account name is the part between the slashes
+				path = path[accountEndIndex+1:]                             // path refers to portion after the account name now (container & blob names)
+			}
+		}
 
-		// Find the next slash (if it exists)
-		containerEndIndex := strings.Index(path, "/")
-		if containerEndIndex == -1 { // Slash not found; path has container name & no blob name
+		containerEndIndex := strings.Index(path, "/") // Find the next slash (if it exists)
+		if containerEndIndex == -1 {                  // Slash not found; path has container name & no blob name
 			up.ContainerName = path
 		} else {
 			up.ContainerName = path[:containerEndIndex] // The container name is the part between the slashes
@@ -77,6 +111,9 @@ func (values caseInsensitiveValues) Get(key string) ([]string, bool) {
 // field contains the SAS, snapshot, and unparsed query parameters.
 func (up BlobURLParts) URL() url.URL {
 	path := ""
+	if isIPEndpointStyle(up.Host) && up.IPEndpointStyleInfo.AccountName != "" {
+		path += "/" + up.IPEndpointStyleInfo.AccountName
+	}
 	// Concatenate container & blob names (if they exist)
 	if up.ContainerName != "" {
 		path += "/" + up.ContainerName
@@ -87,6 +124,11 @@ func (up BlobURLParts) URL() url.URL {
 
 	rawQuery := up.UnparsedParams
 
+	//If no snapshot is initially provided, fill it in from the SAS query properties to help the user
+	if up.Snapshot == "" && !up.SAS.snapshotTime.IsZero() {
+		up.Snapshot = up.SAS.snapshotTime.Format(SnapshotTimeFormat)
+	}
+
 	// Concatenate blob snapshot query parameter (if it exists)
 	if up.Snapshot != "" {
 		if len(rawQuery) > 0 {

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/sas_service.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/sas_service.go

@@ -8,14 +8,16 @@ import (
 )
 
 // BlobSASSignatureValues is used to generate a Shared Access Signature (SAS) for an Azure Storage container or blob.
+// For more information, see https://docs.microsoft.com/rest/api/storageservices/constructing-a-service-sas
 type BlobSASSignatureValues struct {
 	Version            string      `param:"sv"`  // If not specified, this defaults to SASVersion
 	Protocol           SASProtocol `param:"spr"` // See the SASProtocol* constants
 	StartTime          time.Time   `param:"st"`  // Not specified if IsZero
 	ExpiryTime         time.Time   `param:"se"`  // Not specified if IsZero
-	Permissions        string      `param:"sp"`  // Create by initializing a ContainerSASPermissions or BlobSASPermissions and then call String()
-	IPRange            IPRange     `param:"sip"`
-	Identifier         string      `param:"si"`
+	SnapshotTime       time.Time
+	Permissions        string  `param:"sp"` // Create by initializing a ContainerSASPermissions or BlobSASPermissions and then call String()
+	IPRange            IPRange `param:"sip"`
+	Identifier         string  `param:"si"`
 	ContainerName      string
 	BlobName           string // Use "" to create a Container SAS
 	CacheControl       string // rscc
@@ -25,19 +27,28 @@ type BlobSASSignatureValues struct {
 	ContentType        string // rsct
 }
 
-// NewSASQueryParameters uses an account's shared key credential to sign this signature values to produce
+// NewSASQueryParameters uses an account's StorageAccountCredential to sign this signature values to produce
 // the proper SAS query parameters.
-func (v BlobSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *SharedKeyCredential) SASQueryParameters {
-	if sharedKeyCredential == nil {
-		panic("sharedKeyCredential can't be nil")
+// See: StorageAccountCredential. Compatible with both UserDelegationCredential and SharedKeyCredential
+func (v BlobSASSignatureValues) NewSASQueryParameters(credential StorageAccountCredential) (SASQueryParameters, error) {
+	resource := "c"
+	if credential == nil {
+		return SASQueryParameters{}, fmt.Errorf("cannot sign SAS query without StorageAccountCredential")
 	}
 
-	resource := "c"
-	if v.BlobName == "" {
+	if !v.SnapshotTime.IsZero() {
+		resource = "bs"
+		//Make sure the permission characters are in the correct order
+		perms := &BlobSASPermissions{}
+		if err := perms.Parse(v.Permissions); err != nil {
+			return SASQueryParameters{}, err
+		}
+		v.Permissions = perms.String()
+	} else if v.BlobName == "" {
 		// Make sure the permission characters are in the correct order
 		perms := &ContainerSASPermissions{}
 		if err := perms.Parse(v.Permissions); err != nil {
-			panic(err)
+			return SASQueryParameters{}, err
 		}
 		v.Permissions = perms.String()
 	} else {
@@ -45,32 +56,54 @@ func (v BlobSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *Share
 		// Make sure the permission characters are in the correct order
 		perms := &BlobSASPermissions{}
 		if err := perms.Parse(v.Permissions); err != nil {
-			panic(err)
+			return SASQueryParameters{}, err
 		}
 		v.Permissions = perms.String()
 	}
 	if v.Version == "" {
 		v.Version = SASVersion
 	}
-	startTime, expiryTime := FormatTimesForSASSigning(v.StartTime, v.ExpiryTime)
+	startTime, expiryTime, snapshotTime := FormatTimesForSASSigning(v.StartTime, v.ExpiryTime, v.SnapshotTime)
+
+	signedIdentifier := v.Identifier
+
+	udk := credential.getUDKParams()
+
+	if udk != nil {
+		udkStart, udkExpiry, _ := FormatTimesForSASSigning(udk.SignedStart, udk.SignedExpiry, time.Time{})
+		//I don't like this answer to combining the functions
+		//But because signedIdentifier and the user delegation key strings share a place, this is an _OK_ way to do it.
+		signedIdentifier = strings.Join([]string{
+			udk.SignedOid,
+			udk.SignedTid,
+			udkStart,
+			udkExpiry,
+			udk.SignedService,
+			udk.SignedVersion,
+		}, "\n")
+	}
 
 	// String to sign: http://msdn.microsoft.com/en-us/library/azure/dn140255.aspx
 	stringToSign := strings.Join([]string{
 		v.Permissions,
 		startTime,
 		expiryTime,
-		getCanonicalName(sharedKeyCredential.AccountName(), v.ContainerName, v.BlobName),
-		v.Identifier,
+		getCanonicalName(credential.AccountName(), v.ContainerName, v.BlobName),
+		signedIdentifier,
 		v.IPRange.String(),
 		string(v.Protocol),
 		v.Version,
+		resource,
+		snapshotTime,         // signed timestamp
 		v.CacheControl,       // rscc
 		v.ContentDisposition, // rscd
 		v.ContentEncoding,    // rsce
 		v.ContentLanguage,    // rscl
 		v.ContentType},       // rsct
 		"\n")
-	signature := sharedKeyCredential.ComputeHMACSHA256(stringToSign)
+
+	signature := ""
+	signature = credential.ComputeHMACSHA256(stringToSign)
 
 	p := SASQueryParameters{
 		// Common SAS parameters
@@ -82,13 +115,30 @@ func (v BlobSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *Share
 		ipRange:     v.IPRange,
 
 		// Container/Blob-specific SAS parameters
-		resource:   resource,
-		identifier: v.Identifier,
+		resource:           resource,
+		identifier:         v.Identifier,
+		cacheControl:       v.CacheControl,
+		contentDisposition: v.ContentDisposition,
+		contentEncoding:    v.ContentEncoding,
+		contentLanguage:    v.ContentLanguage,
+		contentType:        v.ContentType,
+		snapshotTime:       v.SnapshotTime,
 
 		// Calculated SAS signature
 		signature: signature,
 	}
-	return p
+
+	//User delegation SAS specific parameters
+	if udk != nil {
+		p.signedOid = udk.SignedOid
+		p.signedTid = udk.SignedTid
+		p.signedStart = udk.SignedStart
+		p.signedExpiry = udk.SignedExpiry
+		p.signedService = udk.SignedService
+		p.signedVersion = udk.SignedVersion
+	}
+
+	return p, nil
 }
 
 // getCanonicalName computes the canonical name for a container or blob resource for SAS signing.

vendor/github.com/Azure/azure-storage-blob-go/azblob/storage_account_credential.go

+package azblob
+
+// StorageAccountCredential is a wrapper interface for SharedKeyCredential and UserDelegationCredential
+type StorageAccountCredential interface {
+	AccountName() string
+	ComputeHMACSHA256(message string) (base64String string)
+	getUDKParams() *UserDelegationKey
+}

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/url_append_blob.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/url_append_blob.go

@@ -45,7 +45,7 @@ func (ab AppendBlobURL) WithSnapshot(snapshot string) AppendBlobURL {
 // Create creates a 0-length append blob. Call AppendBlock to append data to an append blob.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/put-blob.
 func (ab AppendBlobURL) Create(ctx context.Context, h BlobHTTPHeaders, metadata Metadata, ac BlobAccessConditions) (*AppendBlobCreateResponse, error) {
-	ifModifiedSince, ifUnmodifiedSince, ifMatch, ifNoneMatch := ac.HTTPAccessConditions.pointers()
+	ifModifiedSince, ifUnmodifiedSince, ifMatch, ifNoneMatch := ac.ModifiedAccessConditions.pointers()
 	return ab.abClient.Create(ctx, 0, nil,
 		&h.ContentType, &h.ContentEncoding, &h.ContentLanguage, h.ContentMD5,
 		&h.CacheControl, metadata, ac.LeaseAccessConditions.pointers(), &h.ContentDisposition,
@@ -56,17 +56,39 @@ func (ab AppendBlobURL) Create(ctx context.Context, h BlobHTTPHeaders, metadata
 // This method panics if the stream is not at position 0.
 // Note that the http client closes the body stream after the request is sent to the service.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/append-block.
-func (ab AppendBlobURL) AppendBlock(ctx context.Context, body io.ReadSeeker, ac BlobAccessConditions) (*AppendBlobAppendBlockResponse, error) {
-	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.HTTPAccessConditions.pointers()
-	ifAppendPositionEqual, ifMaxSizeLessThanOrEqual := ac.AppendBlobAccessConditions.pointers()
-	return ab.abClient.AppendBlock(ctx, body, validateSeekableStreamAt0AndGetCount(body), nil,
-		ac.LeaseAccessConditions.pointers(),
+func (ab AppendBlobURL) AppendBlock(ctx context.Context, body io.ReadSeeker, ac AppendBlobAccessConditions, transactionalMD5 []byte) (*AppendBlobAppendBlockResponse, error) {
+	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.ModifiedAccessConditions.pointers()
+	ifAppendPositionEqual, ifMaxSizeLessThanOrEqual := ac.AppendPositionAccessConditions.pointers()
+	count, err := validateSeekableStreamAt0AndGetCount(body)
+	if err != nil {
+		return nil, err
+	}
+	return ab.abClient.AppendBlock(ctx, body, count, nil,
+		transactionalMD5, ac.LeaseAccessConditions.pointers(),
 		ifMaxSizeLessThanOrEqual, ifAppendPositionEqual,
 		ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag, nil)
 }
 
-// AppendBlobAccessConditions identifies append blob-specific access conditions which you optionally set.
+// AppendBlockFromURL copies a new block of data from source URL to the end of the existing append blob.
+// For more information, see https://docs.microsoft.com/rest/api/storageservices/append-block-from-url.
+func (ab AppendBlobURL) AppendBlockFromURL(ctx context.Context, sourceURL url.URL, offset int64, count int64, destinationAccessConditions AppendBlobAccessConditions, sourceAccessConditions ModifiedAccessConditions, transactionalMD5 []byte) (*AppendBlobAppendBlockFromURLResponse, error) {
+	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := destinationAccessConditions.ModifiedAccessConditions.pointers()
+	sourceIfModifiedSince, sourceIfUnmodifiedSince, sourceIfMatchETag, sourceIfNoneMatchETag := sourceAccessConditions.pointers()
+	ifAppendPositionEqual, ifMaxSizeLessThanOrEqual := destinationAccessConditions.AppendPositionAccessConditions.pointers()
+	return ab.abClient.AppendBlockFromURL(ctx, sourceURL.String(), 0, httpRange{offset: offset, count: count}.pointers(),
+		transactionalMD5, nil, destinationAccessConditions.LeaseAccessConditions.pointers(),
+		ifMaxSizeLessThanOrEqual, ifAppendPositionEqual,
+		ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag, sourceIfModifiedSince, sourceIfUnmodifiedSince, sourceIfMatchETag, sourceIfNoneMatchETag, nil)
+}
+
 type AppendBlobAccessConditions struct {
+	ModifiedAccessConditions
+	LeaseAccessConditions
+	AppendPositionAccessConditions
+}
+
+// AppendPositionAccessConditions identifies append blob-specific access conditions which you optionally set.
+type AppendPositionAccessConditions struct {
 	// IfAppendPositionEqual ensures that the AppendBlock operation succeeds
 	// only if the append position is equal to a value.
 	// IfAppendPositionEqual=0 means no 'IfAppendPositionEqual' header specified.
@@ -83,13 +105,7 @@ type AppendBlobAccessConditions struct {
 }
 
 // pointers is for internal infrastructure. It returns the fields as pointers.
-func (ac AppendBlobAccessConditions) pointers() (iape *int64, imsltoe *int64) {
-	if ac.IfAppendPositionEqual < -1 {
-		panic("IfAppendPositionEqual can't be less than -1")
-	}
-	if ac.IfMaxSizeLessThanOrEqual < -1 {
-		panic("IfMaxSizeLessThanOrEqual can't be less than -1")
-	}
+func (ac AppendPositionAccessConditions) pointers() (iape *int64, imsltoe *int64) {
 	var zero int64 // defaults to 0
 	switch ac.IfAppendPositionEqual {
 	case -1:

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/url_block_blob.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/url_block_blob.go

@@ -12,7 +12,7 @@ import (
 )
 
 const (
-	// BlockBlobMaxPutBlobBytes indicates the maximum number of bytes that can be sent in a call to Upload.
+	// BlockBlobMaxUploadBlobBytes indicates the maximum number of bytes that can be sent in a call to Upload.
 	BlockBlobMaxUploadBlobBytes = 256 * 1024 * 1024 // 256MB
 
 	// BlockBlobMaxStageBlockBytes indicates the maximum number of bytes that can be sent in a call to StageBlock.
@@ -30,9 +30,6 @@ type BlockBlobURL struct {
 
 // NewBlockBlobURL creates a BlockBlobURL object using the specified URL and request policy pipeline.
 func NewBlockBlobURL(url url.URL, p pipeline.Pipeline) BlockBlobURL {
-	if p == nil {
-		panic("p can't be nil")
-	}
 	blobClient := newBlobClient(url, p)
 	bbClient := newBlockBlobClient(url, p)
 	return BlockBlobURL{BlobURL: BlobURL{blobClient: blobClient}, bbClient: bbClient}
@@ -59,8 +56,12 @@ func (bb BlockBlobURL) WithSnapshot(snapshot string) BlockBlobURL {
 // Note that the http client closes the body stream after the request is sent to the service.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/put-blob.
 func (bb BlockBlobURL) Upload(ctx context.Context, body io.ReadSeeker, h BlobHTTPHeaders, metadata Metadata, ac BlobAccessConditions) (*BlockBlobUploadResponse, error) {
-	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.HTTPAccessConditions.pointers()
-	return bb.bbClient.Upload(ctx, body, validateSeekableStreamAt0AndGetCount(body), nil,
+	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.ModifiedAccessConditions.pointers()
+	count, err := validateSeekableStreamAt0AndGetCount(body)
+	if err != nil {
+		return nil, err
+	}
+	return bb.bbClient.Upload(ctx, body, count, nil,
 		&h.ContentType, &h.ContentEncoding, &h.ContentLanguage, h.ContentMD5,
 		&h.CacheControl, metadata, ac.LeaseAccessConditions.pointers(),
 		&h.ContentDisposition, ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag,
@@ -70,16 +71,20 @@ func (bb BlockBlobURL) Upload(ctx context.Context, body io.ReadSeeker, h BlobHTT
 // StageBlock uploads the specified block to the block blob's "staging area" to be later committed by a call to CommitBlockList.
 // Note that the http client closes the body stream after the request is sent to the service.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/put-block.
-func (bb BlockBlobURL) StageBlock(ctx context.Context, base64BlockID string, body io.ReadSeeker, ac LeaseAccessConditions) (*BlockBlobStageBlockResponse, error) {
-	return bb.bbClient.StageBlock(ctx, base64BlockID, validateSeekableStreamAt0AndGetCount(body), body, nil, ac.pointers(), nil)
+func (bb BlockBlobURL) StageBlock(ctx context.Context, base64BlockID string, body io.ReadSeeker, ac LeaseAccessConditions, transactionalMD5 []byte) (*BlockBlobStageBlockResponse, error) {
+	count, err := validateSeekableStreamAt0AndGetCount(body)
+	if err != nil {
+		return nil, err
+	}
+	return bb.bbClient.StageBlock(ctx, base64BlockID, count, body, transactionalMD5, nil, ac.pointers(), nil)
 }
 
 // StageBlockFromURL copies the specified block from a source URL to the block blob's "staging area" to be later committed by a call to CommitBlockList.
 // If count is CountToEnd (0), then data is read from specified offset to the end.
 // For more information, see https://docs.microsoft.com/en-us/rest/api/storageservices/put-block-from-url.
-func (bb BlockBlobURL) StageBlockFromURL(ctx context.Context, base64BlockID string, sourceURL url.URL, offset int64, count int64, ac LeaseAccessConditions) (*BlockBlobStageBlockFromURLResponse, error) {
-	sourceURLStr := sourceURL.String()
-	return bb.bbClient.StageBlockFromURL(ctx, base64BlockID, 0, &sourceURLStr, httpRange{offset: offset, count: count}.pointers(), nil, nil, ac.pointers(), nil)
+func (bb BlockBlobURL) StageBlockFromURL(ctx context.Context, base64BlockID string, sourceURL url.URL, offset int64, count int64, destinationAccessConditions LeaseAccessConditions, sourceAccessConditions ModifiedAccessConditions) (*BlockBlobStageBlockFromURLResponse, error) {
+	sourceIfModifiedSince, sourceIfUnmodifiedSince, sourceIfMatchETag, sourceIfNoneMatchETag := sourceAccessConditions.pointers()
+	return bb.bbClient.StageBlockFromURL(ctx, base64BlockID, 0, sourceURL.String(), httpRange{offset: offset, count: count}.pointers(), nil, nil, destinationAccessConditions.pointers(), sourceIfModifiedSince, sourceIfUnmodifiedSince, sourceIfMatchETag, sourceIfNoneMatchETag, nil)
 }
 
 // CommitBlockList writes a blob by specifying the list of block IDs that make up the blob.
@@ -90,7 +95,7 @@ func (bb BlockBlobURL) StageBlockFromURL(ctx context.Context, base64BlockID stri
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/put-block-list.
 func (bb BlockBlobURL) CommitBlockList(ctx context.Context, base64BlockIDs []string, h BlobHTTPHeaders,
 	metadata Metadata, ac BlobAccessConditions) (*BlockBlobCommitBlockListResponse, error) {
-	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.HTTPAccessConditions.pointers()
+	ifModifiedSince, ifUnmodifiedSince, ifMatchETag, ifNoneMatchETag := ac.ModifiedAccessConditions.pointers()
 	return bb.bbClient.CommitBlockList(ctx, BlockLookupList{Latest: base64BlockIDs}, nil,
 		&h.CacheControl, &h.ContentType, &h.ContentEncoding, &h.ContentLanguage, h.ContentMD5,
 		metadata, ac.LeaseAccessConditions.pointers(), &h.ContentDisposition,

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/url_container.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/url_container.go

@@ -3,6 +3,7 @@ package azblob
 import (
 	"bytes"
 	"context"
+	"errors"
 	"fmt"
 	"net/url"
 
@@ -16,9 +17,6 @@ type ContainerURL struct {
 
 // NewContainerURL creates a ContainerURL object using the specified URL and request policy pipeline.
 func NewContainerURL(url url.URL, p pipeline.Pipeline) ContainerURL {
-	if p == nil {
-		panic("p can't be nil")
-	}
 	client := newContainerClient(url, p)
 	return ContainerURL{client: client}
 }
@@ -89,10 +87,10 @@ func (c ContainerURL) Create(ctx context.Context, metadata Metadata, publicAcces
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/delete-container.
 func (c ContainerURL) Delete(ctx context.Context, ac ContainerAccessConditions) (*ContainerDeleteResponse, error) {
 	if ac.IfMatch != ETagNone || ac.IfNoneMatch != ETagNone {
-		panic("the IfMatch and IfNoneMatch access conditions must have their default values because they are ignored by the service")
+		return nil, errors.New("the IfMatch and IfNoneMatch access conditions must have their default values because they are ignored by the service")
 	}
 
-	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.HTTPAccessConditions.pointers()
+	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.ModifiedAccessConditions.pointers()
 	return c.client.Delete(ctx, nil, ac.LeaseAccessConditions.pointers(),
 		ifModifiedSince, ifUnmodifiedSince, nil)
 }
@@ -109,9 +107,9 @@ func (c ContainerURL) GetProperties(ctx context.Context, ac LeaseAccessCondition
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/set-container-metadata.
 func (c ContainerURL) SetMetadata(ctx context.Context, metadata Metadata, ac ContainerAccessConditions) (*ContainerSetMetadataResponse, error) {
 	if !ac.IfUnmodifiedSince.IsZero() || ac.IfMatch != ETagNone || ac.IfNoneMatch != ETagNone {
-		panic("the IfUnmodifiedSince, IfMatch, and IfNoneMatch must have their default values because they are ignored by the blob service")
+		return nil, errors.New("the IfUnmodifiedSince, IfMatch, and IfNoneMatch must have their default values because they are ignored by the blob service")
 	}
-	ifModifiedSince, _, _, _ := ac.HTTPAccessConditions.pointers()
+	ifModifiedSince, _, _, _ := ac.ModifiedAccessConditions.pointers()
 	return c.client.SetMetadata(ctx, nil, ac.LeaseAccessConditions.pointers(), metadata, ifModifiedSince, nil)
 }
 
@@ -181,16 +179,16 @@ func (p *AccessPolicyPermission) Parse(s string) error {
 func (c ContainerURL) SetAccessPolicy(ctx context.Context, accessType PublicAccessType, si []SignedIdentifier,
 	ac ContainerAccessConditions) (*ContainerSetAccessPolicyResponse, error) {
 	if ac.IfMatch != ETagNone || ac.IfNoneMatch != ETagNone {
-		panic("the IfMatch and IfNoneMatch access conditions must have their default values because they are ignored by the service")
+		return nil, errors.New("the IfMatch and IfNoneMatch access conditions must have their default values because they are ignored by the service")
 	}
-	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.HTTPAccessConditions.pointers()
+	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.ModifiedAccessConditions.pointers()
 	return c.client.SetAccessPolicy(ctx, si, nil, ac.LeaseAccessConditions.pointers(),
 		accessType, ifModifiedSince, ifUnmodifiedSince, nil)
 }
 
 // AcquireLease acquires a lease on the container for delete operations. The lease duration must be between 15 to 60 seconds, or infinite (-1).
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/lease-container.
-func (c ContainerURL) AcquireLease(ctx context.Context, proposedID string, duration int32, ac HTTPAccessConditions) (*ContainerAcquireLeaseResponse, error) {
+func (c ContainerURL) AcquireLease(ctx context.Context, proposedID string, duration int32, ac ModifiedAccessConditions) (*ContainerAcquireLeaseResponse, error) {
 	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.pointers()
 	return c.client.AcquireLease(ctx, nil, &duration, &proposedID,
 		ifModifiedSince, ifUnmodifiedSince, nil)
@@ -198,28 +196,28 @@ func (c ContainerURL) AcquireLease(ctx context.Context, proposedID string, durat
 
 // RenewLease renews the container's previously-acquired lease.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/lease-container.
-func (c ContainerURL) RenewLease(ctx context.Context, leaseID string, ac HTTPAccessConditions) (*ContainerRenewLeaseResponse, error) {
+func (c ContainerURL) RenewLease(ctx context.Context, leaseID string, ac ModifiedAccessConditions) (*ContainerRenewLeaseResponse, error) {
 	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.pointers()
 	return c.client.RenewLease(ctx, leaseID, nil, ifModifiedSince, ifUnmodifiedSince, nil)
 }
 
 // ReleaseLease releases the container's previously-acquired lease.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/lease-container.
-func (c ContainerURL) ReleaseLease(ctx context.Context, leaseID string, ac HTTPAccessConditions) (*ContainerReleaseLeaseResponse, error) {
+func (c ContainerURL) ReleaseLease(ctx context.Context, leaseID string, ac ModifiedAccessConditions) (*ContainerReleaseLeaseResponse, error) {
 	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.pointers()
 	return c.client.ReleaseLease(ctx, leaseID, nil, ifModifiedSince, ifUnmodifiedSince, nil)
 }
 
 // BreakLease breaks the container's previously-acquired lease (if it exists).
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/lease-container.
-func (c ContainerURL) BreakLease(ctx context.Context, period int32, ac HTTPAccessConditions) (*ContainerBreakLeaseResponse, error) {
+func (c ContainerURL) BreakLease(ctx context.Context, period int32, ac ModifiedAccessConditions) (*ContainerBreakLeaseResponse, error) {
 	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.pointers()
 	return c.client.BreakLease(ctx, nil, leasePeriodPointer(period), ifModifiedSince, ifUnmodifiedSince, nil)
 }
 
 // ChangeLease changes the container's lease ID.
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/lease-container.
-func (c ContainerURL) ChangeLease(ctx context.Context, leaseID string, proposedID string, ac HTTPAccessConditions) (*ContainerChangeLeaseResponse, error) {
+func (c ContainerURL) ChangeLease(ctx context.Context, leaseID string, proposedID string, ac ModifiedAccessConditions) (*ContainerChangeLeaseResponse, error) {
 	ifModifiedSince, ifUnmodifiedSince, _, _ := ac.pointers()
 	return c.client.ChangeLease(ctx, leaseID, proposedID, nil, ifModifiedSince, ifUnmodifiedSince, nil)
 }
@@ -231,7 +229,7 @@ func (c ContainerURL) ChangeLease(ctx context.Context, leaseID string, proposedI
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/list-blobs.
 func (c ContainerURL) ListBlobsFlatSegment(ctx context.Context, marker Marker, o ListBlobsSegmentOptions) (*ListBlobsFlatSegmentResponse, error) {
 	prefix, include, maxResults := o.pointers()
-	return c.client.ListBlobFlatSegment(ctx, prefix, marker.val, maxResults, include, nil, nil)
+	return c.client.ListBlobFlatSegment(ctx, prefix, marker.Val, maxResults, include, nil, nil)
 }
 
 // ListBlobsHierarchySegment returns a single segment of blobs starting from the specified Marker. Use an empty
@@ -241,10 +239,10 @@ func (c ContainerURL) ListBlobsFlatSegment(ctx context.Context, marker Marker, o
 // For more information, see https://docs.microsoft.com/rest/api/storageservices/list-blobs.
 func (c ContainerURL) ListBlobsHierarchySegment(ctx context.Context, marker Marker, delimiter string, o ListBlobsSegmentOptions) (*ListBlobsHierarchySegmentResponse, error) {
 	if o.Details.Snapshots {
-		panic("snapshots are not supported in this listing operation")
+		return nil, errors.New("snapshots are not supported in this listing operation")
 	}
 	prefix, include, maxResults := o.pointers()
-	return c.client.ListBlobHierarchySegment(ctx, delimiter, prefix, marker.val, maxResults, include, nil, nil)
+	return c.client.ListBlobHierarchySegment(ctx, delimiter, prefix, marker.Val, maxResults, include, nil, nil)
 }
 
 // ListBlobsSegmentOptions defines options available when calling ListBlobs.
@@ -264,9 +262,6 @@ func (o *ListBlobsSegmentOptions) pointers() (prefix *string, include []ListBlob
 	}
 	include = o.Details.slice()
 	if o.MaxResults != 0 {
-		if o.MaxResults < 0 {
-			panic("MaxResults must be >= 0")
-		}
 		maxResults = &o.MaxResults
 	}
 	return

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/url_service.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/url_service.go

@@ -23,13 +23,21 @@ type ServiceURL struct {
 
 // NewServiceURL creates a ServiceURL object using the specified URL and request policy pipeline.
 func NewServiceURL(primaryURL url.URL, p pipeline.Pipeline) ServiceURL {
-	if p == nil {
-		panic("p can't be nil")
-	}
 	client := newServiceClient(primaryURL, p)
 	return ServiceURL{client: client}
 }
 
+//GetUserDelegationCredential obtains a UserDelegationKey object using the base ServiceURL object.
+//OAuth is required for this call, as well as any role that can delegate access to the storage account.
+func (s ServiceURL) GetUserDelegationCredential(ctx context.Context, info KeyInfo, timeout *int32, requestID *string) (UserDelegationCredential, error) {
+	sc := newServiceClient(s.client.url, s.client.p)
+	udk, err := sc.GetUserDelegationKey(ctx, info, timeout, requestID)
+	if err != nil {
+		return UserDelegationCredential{}, err
+	}
+	return NewUserDelegationCredential(strings.Split(s.client.url.Host, ".")[0], *udk), nil
+}
+
 // URL returns the URL endpoint used by the ServiceURL object.
 func (s ServiceURL) URL() url.URL {
 	return s.client.URL()
@@ -81,16 +89,16 @@ func appendToURLPath(u url.URL, name string) url.URL {
 // After getting a segment, process it, and then call ListContainersFlatSegment again (passing the the
 // previously-returned Marker) to get the next segment. For more information, see
 // https://docs.microsoft.com/rest/api/storageservices/list-containers2.
-func (s ServiceURL) ListContainersSegment(ctx context.Context, marker Marker, o ListContainersSegmentOptions) (*ListContainersResponse, error) {
+func (s ServiceURL) ListContainersSegment(ctx context.Context, marker Marker, o ListContainersSegmentOptions) (*ListContainersSegmentResponse, error) {
 	prefix, include, maxResults := o.pointers()
-	return s.client.ListContainersSegment(ctx, prefix, marker.val, maxResults, include, nil, nil)
+	return s.client.ListContainersSegment(ctx, prefix, marker.Val, maxResults, include, nil, nil)
 }
 
 // ListContainersOptions defines options available when calling ListContainers.
 type ListContainersSegmentOptions struct {
 	Detail     ListContainersDetail // No IncludeType header is produced if ""
-	Prefix     string                   // No Prefix header is produced if ""
-	MaxResults int32                    // 0 means unspecified
+	Prefix     string               // No Prefix header is produced if ""
+	MaxResults int32                // 0 means unspecified
 	// TODO: update swagger to generate this type?
 }
 
@@ -99,9 +107,6 @@ func (o *ListContainersSegmentOptions) pointers() (prefix *string, include ListC
 		prefix = &o.Prefix
 	}
 	if o.MaxResults != 0 {
-		if o.MaxResults < 0 {
-			panic("MaxResults must be >= 0")
-		}
 		maxResults = &o.MaxResults
 	}
 	include = ListContainersIncludeType(o.Detail.string())

vendor/github.com/Azure/azure-storage-blob-go/azblob/user_delegation_credential.go

+package azblob
+
+import (
+	"crypto/hmac"
+	"crypto/sha256"
+	"encoding/base64"
+)
+
+// NewUserDelegationCredential creates a new UserDelegationCredential using a Storage account's name and a user delegation key from it
+func NewUserDelegationCredential(accountName string, key UserDelegationKey) UserDelegationCredential {
+	return UserDelegationCredential{
+		accountName: accountName,
+		accountKey:  key,
+	}
+}
+
+type UserDelegationCredential struct {
+	accountName string
+	accountKey  UserDelegationKey
+}
+
+// AccountName returns the Storage account's name
+func (f UserDelegationCredential) AccountName() string {
+	return f.accountName
+}
+
+// ComputeHMAC
+func (f UserDelegationCredential) ComputeHMACSHA256(message string) (base64String string) {
+	bytes, _ := base64.StdEncoding.DecodeString(f.accountKey.Value)
+	h := hmac.New(sha256.New, bytes)
+	h.Write([]byte(message))
+	return base64.StdEncoding.EncodeToString(h.Sum(nil))
+}
+
+// Private method to return important parameters for NewSASQueryParameters
+func (f UserDelegationCredential) getUDKParams() *UserDelegationKey {
+	return &f.accountKey
+}

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/version.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/version.go

 package azblob
 
-const serviceLibVersion = "0.1"
+const serviceLibVersion = "0.7"

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_credential_shared_key.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_credential_shared_key.go

@@ -6,6 +6,7 @@ import (
 	"crypto/hmac"
 	"crypto/sha256"
 	"encoding/base64"
+	"errors"
 	"net/http"
 	"net/url"
 	"sort"
@@ -17,12 +18,12 @@ import (
 
 // NewSharedKeyCredential creates an immutable SharedKeyCredential containing the
 // storage account's name and either its primary or secondary key.
-func NewSharedKeyCredential(accountName, accountKey string) *SharedKeyCredential {
+func NewSharedKeyCredential(accountName, accountKey string) (*SharedKeyCredential, error) {
 	bytes, err := base64.StdEncoding.DecodeString(accountKey)
 	if err != nil {
-		panic(err)
+		return &SharedKeyCredential{}, err
 	}
-	return &SharedKeyCredential{accountName: accountName, accountKey: bytes}
+	return &SharedKeyCredential{accountName: accountName, accountKey: bytes}, nil
 }
 
 // SharedKeyCredential contains an account's name and its primary or secondary key.
@@ -38,6 +39,15 @@ func (f SharedKeyCredential) AccountName() string {
 	return f.accountName
 }
 
+func (f SharedKeyCredential) getAccountKey() []byte {
+	return f.accountKey
+}
+
+// noop function to satisfy StorageAccountCredential interface
+func (f SharedKeyCredential) getUDKParams() *UserDelegationKey {
+	return nil
+}
+
 // New creates a credential policy object.
 func (f *SharedKeyCredential) New(next pipeline.Policy, po *pipeline.PolicyOptions) pipeline.Policy {
 	return pipeline.PolicyFunc(func(ctx context.Context, request pipeline.Request) (pipeline.Response, error) {
@@ -45,7 +55,10 @@ func (f *SharedKeyCredential) New(next pipeline.Policy, po *pipeline.PolicyOptio
 		if d := request.Header.Get(headerXmsDate); d == "" {
 			request.Header[headerXmsDate] = []string{time.Now().UTC().Format(http.TimeFormat)}
 		}
-		stringToSign := f.buildStringToSign(request)
+		stringToSign, err := f.buildStringToSign(request)
+		if err != nil {
+			return nil, err
+		}
 		signature := f.ComputeHMACSHA256(stringToSign)
 		authHeader := strings.Join([]string{"SharedKey ", f.accountName, ":", signature}, "")
 		request.Header[headerAuthorization] = []string{authHeader}
@@ -84,13 +97,13 @@ const (
 )
 
 // ComputeHMACSHA256 generates a hash signature for an HTTP request or for a SAS.
-func (f *SharedKeyCredential) ComputeHMACSHA256(message string) (base64String string) {
+func (f SharedKeyCredential) ComputeHMACSHA256(message string) (base64String string) {
 	h := hmac.New(sha256.New, f.accountKey)
 	h.Write([]byte(message))
 	return base64.StdEncoding.EncodeToString(h.Sum(nil))
 }
 
-func (f *SharedKeyCredential) buildStringToSign(request pipeline.Request) string {
+func (f *SharedKeyCredential) buildStringToSign(request pipeline.Request) (string, error) {
 	// https://docs.microsoft.com/en-us/rest/api/storageservices/authentication-for-the-azure-storage-services
 	headers := request.Header
 	contentLength := headers.Get(headerContentLength)
@@ -98,6 +111,11 @@ func (f *SharedKeyCredential) buildStringToSign(request pipeline.Request) string
 		contentLength = ""
 	}
 
+	canonicalizedResource, err := f.buildCanonicalizedResource(request.URL)
+	if err != nil {
+		return "", err
+	}
+
 	stringToSign := strings.Join([]string{
 		request.Method,
 		headers.Get(headerContentEncoding),
@@ -112,9 +130,9 @@ func (f *SharedKeyCredential) buildStringToSign(request pipeline.Request) string
 		headers.Get(headerIfUnmodifiedSince),
 		headers.Get(headerRange),
 		buildCanonicalizedHeader(headers),
-		f.buildCanonicalizedResource(request.URL),
+		canonicalizedResource,
 	}, "\n")
-	return stringToSign
+	return stringToSign, nil
 }
 
 func buildCanonicalizedHeader(headers http.Header) string {
@@ -146,7 +164,7 @@ func buildCanonicalizedHeader(headers http.Header) string {
 	return string(ch.Bytes())
 }
 
-func (f *SharedKeyCredential) buildCanonicalizedResource(u *url.URL) string {
+func (f *SharedKeyCredential) buildCanonicalizedResource(u *url.URL) (string, error) {
 	// https://docs.microsoft.com/en-us/rest/api/storageservices/authentication-for-the-azure-storage-services
 	cr := bytes.NewBufferString("/")
 	cr.WriteString(f.accountName)
@@ -164,7 +182,7 @@ func (f *SharedKeyCredential) buildCanonicalizedResource(u *url.URL) string {
 	// params is a map[string][]string; param name is key; params values is []string
 	params, err := url.ParseQuery(u.RawQuery) // Returns URL decoded values
 	if err != nil {
-		panic(err)
+		return "", errors.New("parsing query parameters must succeed, otherwise there might be serious problems in the SDK/generated code")
 	}
 
 	if len(params) > 0 { // There is at least 1 query parameter
@@ -183,5 +201,5 @@ func (f *SharedKeyCredential) buildCanonicalizedResource(u *url.URL) string {
 			cr.WriteString("\n" + paramName + ":" + strings.Join(paramValues, ","))
 		}
 	}
-	return string(cr.Bytes())
+	return string(cr.Bytes()), nil
 }

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_credential_token.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_credential_token.go

@@ -2,6 +2,7 @@ package azblob
 
 import (
 	"context"
+	"errors"
 	"sync/atomic"
 
 	"runtime"
@@ -11,6 +12,10 @@ import (
 	"github.com/Azure/azure-pipeline-go/pipeline"
 )
 
+// TokenRefresher represents a callback method that you write; this method is called periodically
+// so you can refresh the token credential's value.
+type TokenRefresher func(credential TokenCredential) time.Duration
+
 // TokenCredential represents a token credential (which is also a pipeline.Factory).
 type TokenCredential interface {
 	Credential
@@ -20,12 +25,15 @@ type TokenCredential interface {
 
 // NewTokenCredential creates a token credential for use with role-based access control (RBAC) access to Azure Storage
 // resources. You initialize the TokenCredential with an initial token value. If you pass a non-nil value for
-// tokenRefresher, then the function you pass will be called immediately (so it can refresh and change the
-// TokenCredential's token value by calling SetToken; your tokenRefresher function must return a time.Duration
+// tokenRefresher, then the function you pass will be called immediately so it can refresh and change the
+// TokenCredential's token value by calling SetToken. Your tokenRefresher function must return a time.Duration
 // indicating how long the TokenCredential object should wait before calling your tokenRefresher function again.
-func NewTokenCredential(initialToken string, tokenRefresher func(credential TokenCredential) time.Duration) TokenCredential {
+// If your tokenRefresher callback fails to refresh the token, you can return a duration of 0 to stop your
+// TokenCredential object from ever invoking tokenRefresher again. Also, oen way to deal with failing to refresh a
+// token is to cancel a context.Context object used by requests that have the TokenCredential object in their pipeline.
+func NewTokenCredential(initialToken string, tokenRefresher TokenRefresher) TokenCredential {
 	tc := &tokenCredential{}
-	tc.SetToken(initialToken) // We dont' set it above to guarantee atomicity
+	tc.SetToken(initialToken) // We don't set it above to guarantee atomicity
 	if tokenRefresher == nil {
 		return tc // If no callback specified, return the simple tokenCredential
 	}
@@ -68,7 +76,7 @@ type tokenCredential struct {
 
 	// The members below are only used if the user specified a tokenRefresher callback function.
 	timer          *time.Timer
-	tokenRefresher func(c TokenCredential) time.Duration
+	tokenRefresher TokenRefresher
 	lock           sync.Mutex
 	stopped        bool
 }
@@ -84,7 +92,7 @@ func (f *tokenCredential) SetToken(token string) { f.token.Store(token) }
 
 // startRefresh calls refresh which immediately calls tokenRefresher
 // and then starts a timer to call tokenRefresher in the future.
-func (f *tokenCredential) startRefresh(tokenRefresher func(c TokenCredential) time.Duration) {
+func (f *tokenCredential) startRefresh(tokenRefresher TokenRefresher) {
 	f.tokenRefresher = tokenRefresher
 	f.stopped = false // In case user calls StartRefresh, StopRefresh, & then StartRefresh again
 	f.refresh()
@@ -95,11 +103,13 @@ func (f *tokenCredential) startRefresh(tokenRefresher func(c TokenCredential) ti
 // in order to refresh the token again in the future.
 func (f *tokenCredential) refresh() {
 	d := f.tokenRefresher(f) // Invoke the user's refresh callback outside of the lock
-	f.lock.Lock()
-	if !f.stopped {
-		f.timer = time.AfterFunc(d, f.refresh)
+	if d > 0 {               // If duration is 0 or negative, refresher wants to not be called again
+		f.lock.Lock()
+		if !f.stopped {
+			f.timer = time.AfterFunc(d, f.refresh)
+		}
+		f.lock.Unlock()
 	}
-	f.lock.Unlock()
 }
 
 // stopRefresh stops any pending timer and sets stopped field to true to prevent
@@ -118,7 +128,8 @@ func (f *tokenCredential) stopRefresh() {
 func (f *tokenCredential) New(next pipeline.Policy, po *pipeline.PolicyOptions) pipeline.Policy {
 	return pipeline.PolicyFunc(func(ctx context.Context, request pipeline.Request) (pipeline.Response, error) {
 		if request.URL.Scheme != "https" {
-			panic("Token credentials require a URL using the https protocol scheme.")
+			// HTTPS must be used, otherwise the tokens are at the risk of being exposed
+			return nil, errors.New("token credentials require a URL using the https protocol scheme")
 		}
 		request.Header[headerAuthorization] = []string{"Bearer " + f.Token()}
 		return next.Do(ctx, request)

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_mmf_unix.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_mmf_unix.go

-// +build linux darwin freebsd
+// +build linux darwin freebsd openbsd netbsd dragonfly
 
 package azblob
 
@@ -22,6 +22,6 @@ func (m *mmf) unmap() {
 	err := syscall.Munmap(*m)
 	*m = nil
 	if err != nil {
-		panic(err)
+		panic("if we are unable to unmap the memory-mapped file, there is serious concern for memory corruption")
 	}
 }

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_mmf_windows.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_mmf_windows.go

@@ -33,6 +33,6 @@ func (m *mmf) unmap() {
 	*m = mmf{}
 	err := syscall.UnmapViewOfFile(addr)
 	if err != nil {
-		panic(err)
+		panic("if we are unable to unmap the memory-mapped file, there is serious concern for memory corruption")
 	}
 }

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_pipeline.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_pipeline.go

@@ -17,14 +17,13 @@ type PipelineOptions struct {
 
 	// Telemetry configures the built-in telemetry policy behavior.
 	Telemetry TelemetryOptions
+
+	// HTTPSender configures the sender of HTTP requests
+	HTTPSender pipeline.Factory
 }
 
 // NewPipeline creates a Pipeline using the specified credentials and options.
 func NewPipeline(c Credential, o PipelineOptions) pipeline.Pipeline {
-	if c == nil {
-		panic("c can't be nil")
-	}
-
 	// Closest to API goes first; closest to the wire goes last
 	f := []pipeline.Factory{
 		NewTelemetryPolicyFactory(o.Telemetry),
@@ -39,8 +38,9 @@ func NewPipeline(c Credential, o PipelineOptions) pipeline.Pipeline {
 		f = append(f, c)
 	}
 	f = append(f,
-		pipeline.MethodFactoryMarker(), // indicates at what stage in the pipeline the method factory is invoked
-		NewRequestLogPolicyFactory(o.RequestLog))
+		NewRequestLogPolicyFactory(o.RequestLog),
+		pipeline.MethodFactoryMarker()) // indicates at what stage in the pipeline the method factory is invoked
+
 
-	return pipeline.NewPipeline(f, pipeline.Options{HTTPSender: nil, Log: o.Log})
+	return pipeline.NewPipeline(f, pipeline.Options{HTTPSender: o.HTTPSender, Log: o.Log})
 }

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_policy_request_log.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_policy_request_log.go

@@ -109,7 +109,8 @@ func NewRequestLogPolicyFactory(o RequestLogOptions) pipeline.Factory {
 	})
 }
 
-func redactSigQueryParam(rawQuery string) (bool, string) {
+// RedactSigQueryParam redacts the 'sig' query parameter in URL's raw query to protect secret.
+func RedactSigQueryParam(rawQuery string) (bool, string) {
 	rawQuery = strings.ToLower(rawQuery) // lowercase the string so we can look for ?sig= and &sig=
 	sigFound := strings.Contains(rawQuery, "?sig=")
 	if !sigFound {
@@ -130,12 +131,13 @@ func redactSigQueryParam(rawQuery string) (bool, string) {
 
 func prepareRequestForLogging(request pipeline.Request) *http.Request {
 	req := request
-	if sigFound, rawQuery := redactSigQueryParam(req.URL.RawQuery); sigFound {
+	if sigFound, rawQuery := RedactSigQueryParam(req.URL.RawQuery); sigFound {
 		// Make copy so we don't destroy the query parameters we actually need to send in the request
 		req = request.Copy()
 		req.Request.URL.RawQuery = rawQuery
 	}
-	return req.Request
+
+	return prepareRequestForServiceLogging(req)
 }
 
 func stack() []byte {
@@ -148,3 +150,33 @@ func stack() []byte {
 		buf = make([]byte, 2*len(buf))
 	}
 }
+
+///////////////////////////////////////////////////////////////////////////////////////
+// Redact phase useful for blob and file service only. For other services,
+// this method can directly return request.Request.
+///////////////////////////////////////////////////////////////////////////////////////
+func prepareRequestForServiceLogging(request pipeline.Request) *http.Request {
+	req := request
+	if exist, key := doesHeaderExistCaseInsensitive(req.Header, xMsCopySourceHeader); exist {
+		req = request.Copy()
+		url, err := url.Parse(req.Header.Get(key))
+		if err == nil {
+			if sigFound, rawQuery := RedactSigQueryParam(url.RawQuery); sigFound {
+				url.RawQuery = rawQuery
+				req.Header.Set(xMsCopySourceHeader, url.String())
+			}
+		}
+	}
+	return req.Request
+}
+
+const xMsCopySourceHeader = "x-ms-copy-source"
+
+func doesHeaderExistCaseInsensitive(header http.Header, key string) (bool, string) {
+	for keyInHeader := range header {
+		if strings.EqualFold(keyInHeader, key) {
+			return true, keyInHeader
+		}
+	}
+	return false, ""
+}

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_retry_reader.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_retry_reader.go

@@ -5,6 +5,8 @@ import (
 	"io"
 	"net"
 	"net/http"
+	"strings"
+	"sync"
 )
 
 const CountToEnd = 0
@@ -28,6 +30,9 @@ type HTTPGetterInfo struct {
 	ETag ETag
 }
 
+// FailedReadNotifier is a function type that represents the notification function called when a read fails
+type FailedReadNotifier func(failureCount int, lastError error, offset int64, count int64, willRetry bool)
+
 // RetryReaderOptions contains properties which can help to decide when to do retry.
 type RetryReaderOptions struct {
 	// MaxRetryRequests specifies the maximum number of HTTP GET requests that will be made
@@ -36,6 +41,20 @@ type RetryReaderOptions struct {
 	MaxRetryRequests   int
 	doInjectError      bool
 	doInjectErrorRound int
+
+	// NotifyFailedRead is called, if non-nil, after any failure to read. Expected usage is diagnostic logging.
+	NotifyFailedRead FailedReadNotifier
+
+	// TreatEarlyCloseAsError can be set to true to prevent retries after "read on closed response body". By default,
+	// retryReader has the following special behaviour: closing the response body before it is all read is treated as a
+	// retryable error. This is to allow callers to force a retry by closing the body from another goroutine (e.g. if the =
+	// read is too slow, caller may want to force a retry in the hope that the retry will be quicker).  If
+	// TreatEarlyCloseAsError is true, then retryReader's special behaviour is suppressed, and "read on closed body" is instead
+	// treated as a fatal (non-retryable) error.
+	// Note that setting TreatEarlyCloseAsError only guarantees that Closing will produce a fatal error if the Close happens
+	// from the same "thread" (goroutine) as Read.  Concurrent Close calls from other goroutines may instead produce network errors
+	// which will be retried.
+	TreatEarlyCloseAsError bool
 }
 
 // retryReader implements io.ReaderCloser methods.
@@ -45,26 +64,33 @@ type RetryReaderOptions struct {
 // through reading from the new response.
 type retryReader struct {
 	ctx             context.Context
-	response        *http.Response
 	info            HTTPGetterInfo
 	countWasBounded bool
 	o               RetryReaderOptions
 	getter          HTTPGetter
+
+	// we support Close-ing during Reads (from other goroutines), so we protect the shared state, which is response
+	responseMu *sync.Mutex
+	response   *http.Response
 }
 
 // NewRetryReader creates a retry reader.
 func NewRetryReader(ctx context.Context, initialResponse *http.Response,
 	info HTTPGetterInfo, o RetryReaderOptions, getter HTTPGetter) io.ReadCloser {
-	if getter == nil {
-		panic("getter must not be nil")
-	}
-	if info.Count < 0 {
-		panic("info.Count must be >= 0")
-	}
-	if o.MaxRetryRequests < 0 {
-		panic("o.MaxRetryRequests must be >= 0")
-	}
-	return &retryReader{ctx: ctx, getter: getter, info: info, countWasBounded: info.Count != CountToEnd, response: initialResponse, o: o}
+	return &retryReader{
+		ctx:             ctx,
+		getter:          getter,
+		info:            info,
+		countWasBounded: info.Count != CountToEnd,
+		response:        initialResponse,
+		responseMu:      &sync.Mutex{},
+		o:               o}
+}
+
+func (s *retryReader) setResponse(r *http.Response) {
+	s.responseMu.Lock()
+	defer s.responseMu.Unlock()
+	s.response = r
 }
 
 func (s *retryReader) Read(p []byte) (n int, err error) {
@@ -75,15 +101,19 @@ func (s *retryReader) Read(p []byte) (n int, err error) {
 			return 0, io.EOF
 		}
 
-		if s.response == nil { // We don't have a response stream to read from, try to get one.
-			response, err := s.getter(s.ctx, s.info)
+		s.responseMu.Lock()
+		resp := s.response
+		s.responseMu.Unlock()
+		if resp == nil { // We don't have a response stream to read from, try to get one.
+			newResponse, err := s.getter(s.ctx, s.info)
 			if err != nil {
 				return 0, err
 			}
 			// Successful GET; this is the network stream we'll read from.
-			s.response = response
+			s.setResponse(newResponse)
+			resp = newResponse
 		}
-		n, err := s.response.Body.Read(p) // Read from the stream
+		n, err := resp.Body.Read(p) // Read from the stream (this will return non-nil err if forceRetry is called, from another goroutine, while it is running)
 
 		// Injection mechanism for testing.
 		if s.o.doInjectError && try == s.o.doInjectErrorRound {
@@ -98,23 +128,49 @@ func (s *retryReader) Read(p []byte) (n int, err error) {
 			}
 			return n, err // Return the return to the caller
 		}
-		s.Close()        // Error, close stream
-		s.response = nil // Our stream is no longer good
+		s.Close()          // Error, close stream
+		s.setResponse(nil) // Our stream is no longer good
 
 		// Check the retry count and error code, and decide whether to retry.
-		if try >= s.o.MaxRetryRequests {
-			return n, err // All retries exhausted
+		retriesExhausted := try >= s.o.MaxRetryRequests
+		_, isNetError := err.(net.Error)
+		willRetry := (isNetError || s.wasRetryableEarlyClose(err)) && !retriesExhausted
+
+		// Notify, for logging purposes, of any failures
+		if s.o.NotifyFailedRead != nil {
+			failureCount := try + 1 // because try is zero-based
+			s.o.NotifyFailedRead(failureCount, err, s.info.Offset, s.info.Count, willRetry)
 		}
 
-		if netErr, ok := err.(net.Error); ok && (netErr.Timeout() || netErr.Temporary()) {
+		if willRetry {
 			continue
 			// Loop around and try to get and read from new stream.
 		}
-		return n, err // Not retryable, just return
+		return n, err // Not retryable, or retries exhausted, so just return
+	}
+}
+
+// By default, we allow early Closing, from another concurrent goroutine, to be used to force a retry
+// Is this safe, to close early from another goroutine?  Early close ultimately ends up calling
+// net.Conn.Close, and that is documented as "Any blocked Read or Write operations will be unblocked and return errors"
+// which is exactly the behaviour we want.
+// NOTE: that if caller has forced an early Close from a separate goroutine (separate from the Read)
+// then there are two different types of error that may happen - either the one one we check for here,
+// or a net.Error (due to closure of connection). Which one happens depends on timing. We only need this routine
+// to check for one, since the other is a net.Error, which our main Read retry loop is already handing.
+func (s *retryReader) wasRetryableEarlyClose(err error) bool {
+	if s.o.TreatEarlyCloseAsError {
+		return false // user wants all early closes to be errors, and so not retryable
 	}
+	// unfortunately, http.errReadOnClosedResBody is private, so the best we can do here is to check for its text
+	return strings.HasSuffix(err.Error(), ReadOnClosedBodyMessage)
 }
 
+const ReadOnClosedBodyMessage = "read on closed response body"
+
 func (s *retryReader) Close() error {
+	s.responseMu.Lock()
+	defer s.responseMu.Unlock()
 	if s.response != nil && s.response.Body != nil {
 		return s.response.Body.Close()
 	}

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_sas_account.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_sas_account.go

@@ -2,6 +2,7 @@ package azblob
 
 import (
 	"bytes"
+	"errors"
 	"fmt"
 	"strings"
 	"time"
@@ -22,21 +23,21 @@ type AccountSASSignatureValues struct {
 
 // NewSASQueryParameters uses an account's shared key credential to sign this signature values to produce
 // the proper SAS query parameters.
-func (v AccountSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *SharedKeyCredential) SASQueryParameters {
+func (v AccountSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *SharedKeyCredential) (SASQueryParameters, error) {
 	// https://docs.microsoft.com/en-us/rest/api/storageservices/Constructing-an-Account-SAS
 	if v.ExpiryTime.IsZero() || v.Permissions == "" || v.ResourceTypes == "" || v.Services == "" {
-		panic("Account SAS is missing at least one of these: ExpiryTime, Permissions, Service, or ResourceType")
+		return SASQueryParameters{}, errors.New("account SAS is missing at least one of these: ExpiryTime, Permissions, Service, or ResourceType")
 	}
 	if v.Version == "" {
 		v.Version = SASVersion
 	}
 	perms := &AccountSASPermissions{}
 	if err := perms.Parse(v.Permissions); err != nil {
-		panic(err)
+		return SASQueryParameters{}, err
 	}
 	v.Permissions = perms.String()
 
-	startTime, expiryTime := FormatTimesForSASSigning(v.StartTime, v.ExpiryTime)
+	startTime, expiryTime, _ := FormatTimesForSASSigning(v.StartTime, v.ExpiryTime, time.Time{})
 
 	stringToSign := strings.Join([]string{
 		sharedKeyCredential.AccountName(),
@@ -68,7 +69,8 @@ func (v AccountSASSignatureValues) NewSASQueryParameters(sharedKeyCredential *Sh
 		// Calculated SAS signature
 		signature: signature,
 	}
-	return p
+
+	return p, nil
 }
 
 // The AccountSASPermissions type simplifies creating the permissions string for an Azure Storage Account SAS.
@@ -205,7 +207,7 @@ func (rt *AccountSASResourceTypes) Parse(s string) error {
 		switch r {
 		case 's':
 			rt.Service = true
-		case 'q':
+		case 'c':
 			rt.Container = true
 		case 'o':
 			rt.Object = true

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_sas_query_params.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_sas_query_params.go

@@ -22,7 +22,7 @@ const (
 
 // FormatTimesForSASSigning converts a time.Time to a snapshotTimeFormat string suitable for a
 // SASField's StartTime or ExpiryTime fields. Returns "" if value.IsZero().
-func FormatTimesForSASSigning(startTime, expiryTime time.Time) (string, string) {
+func FormatTimesForSASSigning(startTime, expiryTime, snapshotTime time.Time) (string, string, string) {
 	ss := ""
 	if !startTime.IsZero() {
 		ss = startTime.Format(SASTimeFormat) // "yyyy-MM-ddTHH:mm:ssZ"
@@ -31,7 +31,11 @@ func FormatTimesForSASSigning(startTime, expiryTime time.Time) (string, string)
 	if !expiryTime.IsZero() {
 		se = expiryTime.Format(SASTimeFormat) // "yyyy-MM-ddTHH:mm:ssZ"
 	}
-	return ss, se
+	sh := ""
+	if !snapshotTime.IsZero() {
+		sh = snapshotTime.Format(SnapshotTimeFormat)
+	}
+	return ss, se, sh
 }
 
 // SASTimeFormat represents the format of a SAS start or expiry time. Use it when formatting/parsing a time.Time.
@@ -47,17 +51,57 @@ const SASTimeFormat = "2006-01-02T15:04:05Z" //"2017-07-27T00:00:00Z" // ISO 860
 // This type defines the components used by all Azure Storage resources (Containers, Blobs, Files, & Queues).
 type SASQueryParameters struct {
 	// All members are immutable or values so copies of this struct are goroutine-safe.
-	version       string      `param:"sv"`
-	services      string      `param:"ss"`
-	resourceTypes string      `param:"srt"`
-	protocol      SASProtocol `param:"spr"`
-	startTime     time.Time   `param:"st"`
-	expiryTime    time.Time   `param:"se"`
-	ipRange       IPRange     `param:"sip"`
-	identifier    string      `param:"si"`
-	resource      string      `param:"sr"`
-	permissions   string      `param:"sp"`
-	signature     string      `param:"sig"`
+	version            string      `param:"sv"`
+	services           string      `param:"ss"`
+	resourceTypes      string      `param:"srt"`
+	protocol           SASProtocol `param:"spr"`
+	startTime          time.Time   `param:"st"`
+	expiryTime         time.Time   `param:"se"`
+	snapshotTime       time.Time   `param:"snapshot"`
+	ipRange            IPRange     `param:"sip"`
+	identifier         string      `param:"si"`
+	resource           string      `param:"sr"`
+	permissions        string      `param:"sp"`
+	signature          string      `param:"sig"`
+	cacheControl       string      `param:"rscc"`
+	contentDisposition string      `param:"rscd"`
+	contentEncoding    string      `param:"rsce"`
+	contentLanguage    string      `param:"rscl"`
+	contentType        string      `param:"rsct"`
+	signedOid          string      `param:"skoid"`
+	signedTid          string      `param:"sktid"`
+	signedStart        time.Time   `param:"skt"`
+	signedExpiry       time.Time   `param:"ske"`
+	signedService      string      `param:"sks"`
+	signedVersion      string      `param:"skv"`
+}
+
+func (p *SASQueryParameters) SignedOid() string {
+	return p.signedOid
+}
+
+func (p *SASQueryParameters) SignedTid() string {
+	return p.signedTid
+}
+
+func (p *SASQueryParameters) SignedStart() time.Time {
+	return p.signedStart
+}
+
+func (p *SASQueryParameters) SignedExpiry() time.Time {
+	return p.signedExpiry
+}
+
+func (p *SASQueryParameters) SignedService() string {
+	return p.signedService
+}
+
+func (p *SASQueryParameters) SignedVersion() string {
+	return p.signedVersion
+}
+
+func (p *SASQueryParameters) SnapshotTime() time.Time {
+	return p.snapshotTime
 }
 
 func (p *SASQueryParameters) Version() string {
@@ -99,6 +143,26 @@ func (p *SASQueryParameters) Signature() string {
 	return p.signature
 }
 
+func (p *SASQueryParameters) CacheControl() string {
+	return p.cacheControl
+}
+
+func (p *SASQueryParameters) ContentDisposition() string {
+	return p.contentDisposition
+}
+
+func (p *SASQueryParameters) ContentEncoding() string {
+	return p.contentEncoding
+}
+
+func (p *SASQueryParameters) ContentLanguage() string {
+	return p.contentLanguage
+}
+
+func (p *SASQueryParameters) ContentType() string {
+	return p.contentType
+}
+
 // IPRange represents a SAS IP range's start IP and (optionally) end IP.
 type IPRange struct {
 	Start net.IP // Not specified if length = 0
@@ -135,6 +199,8 @@ func newSASQueryParameters(values url.Values, deleteSASParametersFromValues bool
 			p.resourceTypes = val
 		case "spr":
 			p.protocol = SASProtocol(val)
+		case "snapshot":
+			p.snapshotTime, _ = time.Parse(SnapshotTimeFormat, val)
 		case "st":
 			p.startTime, _ = time.Parse(SASTimeFormat, val)
 		case "se":
@@ -155,6 +221,28 @@ func newSASQueryParameters(values url.Values, deleteSASParametersFromValues bool
 			p.permissions = val
 		case "sig":
 			p.signature = val
+		case "rscc":
+			p.cacheControl = val
+		case "rscd":
+			p.contentDisposition = val
+		case "rsce":
+			p.contentEncoding = val
+		case "rscl":
+			p.contentLanguage = val
+		case "rsct":
+			p.contentType = val
+		case "skoid":
+			p.signedOid = val
+		case "sktid":
+			p.signedTid = val
+		case "skt":
+			p.signedStart, _ = time.Parse(SASTimeFormat, val)
+		case "ske":
+			p.signedExpiry, _ = time.Parse(SASTimeFormat, val)
+		case "sks":
+			p.signedService = val
+		case "skv":
+			p.signedVersion = val
 		default:
 			isSASKey = false // We didn't recognize the query parameter
 		}
@@ -197,9 +285,32 @@ func (p *SASQueryParameters) addToValues(v url.Values) url.Values {
 	if p.permissions != "" {
 		v.Add("sp", p.permissions)
 	}
+	if p.signedOid != "" {
+		v.Add("skoid", p.signedOid)
+		v.Add("sktid", p.signedTid)
+		v.Add("skt", p.signedStart.Format(SASTimeFormat))
+		v.Add("ske", p.signedExpiry.Format(SASTimeFormat))
+		v.Add("sks", p.signedService)
+		v.Add("skv", p.signedVersion)
+	}
 	if p.signature != "" {
 		v.Add("sig", p.signature)
 	}
+	if p.cacheControl != "" {
+		v.Add("rscc", p.cacheControl)
+	}
+	if p.contentDisposition != "" {
+		v.Add("rscd", p.contentDisposition)
+	}
+	if p.contentEncoding != "" {
+		v.Add("rsce", p.contentEncoding)
+	}
+	if p.contentLanguage != "" {
+		v.Add("rscl", p.contentLanguage)
+	}
+	if p.contentType != "" {
+		v.Add("rsct", p.contentType)
+	}
 	return v
 }
 

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_storage_error.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_storage_error.go

@@ -43,11 +43,14 @@ func newStorageError(cause error, response *http.Response, description string) e
 			response:    response,
 			description: description,
 		},
+		serviceCode: ServiceCodeType(response.Header.Get("x-ms-error-code")),
 	}
 }
 
 // ServiceCode returns service-error information. The caller may examine these values but should not modify any of them.
-func (e *storageError) ServiceCode() ServiceCodeType { return e.serviceCode }
+func (e *storageError) ServiceCode() ServiceCodeType {
+	return e.serviceCode
+}
 
 // Error implements the error interface's Error method to return a string representation of the error.
 func (e *storageError) Error() string {
@@ -94,8 +97,6 @@ func (e *storageError) UnmarshalXML(d *xml.Decoder, start xml.StartElement) (err
 			break
 		case xml.CharData:
 			switch tokName {
-			case "Code":
-				e.serviceCode = ServiceCodeType(tt)
 			case "Message":
 				e.description = string(tt)
 			default:

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_util_validate.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_util_validate.go

@@ -16,16 +16,10 @@ type httpRange struct {
 }
 
 func (r httpRange) pointers() *string {
-	if r.offset == 0 && r.count == 0 { // Do common case first for performance
-		return nil	// No specified range
+	if r.offset == 0 && r.count == CountToEnd { // Do common case first for performance
+		return nil // No specified range
 	}
-	if r.offset < 0 {
-		panic("The range offset must be >= 0")
-	}
-	if r.count < 0 {
-		panic("The range count must be >= 0")
-	}
-	endOffset := "" // if count == 0
+	endOffset := "" // if count == CountToEnd (0)
 	if r.count > 0 {
 		endOffset = strconv.FormatInt((r.offset+r.count)-1, 10)
 	}
@@ -35,27 +29,36 @@ func (r httpRange) pointers() *string {
 
 ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
 
-func validateSeekableStreamAt0AndGetCount(body io.ReadSeeker) int64 {
+func validateSeekableStreamAt0AndGetCount(body io.ReadSeeker) (int64, error) {
 	if body == nil { // nil body's are "logically" seekable to 0 and are 0 bytes long
-		return 0
+		return 0, nil
 	}
-	validateSeekableStreamAt0(body)
+
+	err := validateSeekableStreamAt0(body)
+	if err != nil {
+		return 0, err
+	}
+
 	count, err := body.Seek(0, io.SeekEnd)
 	if err != nil {
-		panic("failed to seek stream")
+		return 0, errors.New("body stream must be seekable")
 	}
+
 	body.Seek(0, io.SeekStart)
-	return count
+	return count, nil
 }
 
-func validateSeekableStreamAt0(body io.ReadSeeker) {
+// return an error if body is not a valid seekable stream at 0
+func validateSeekableStreamAt0(body io.ReadSeeker) error {
 	if body == nil { // nil body's are "logically" seekable to 0
-		return
+		return nil
 	}
 	if pos, err := body.Seek(0, io.SeekCurrent); pos != 0 || err != nil {
+		// Help detect programmer error
 		if err != nil {
-			panic(err)
+			return errors.New("body stream must be seekable")
 		}
-		panic(errors.New("stream must be set to position 0"))
+		return errors.New("body stream must be set to position 0")
 	}
+	return nil
 }

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zc_uuid.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zc_uuid.go

@@ -21,10 +21,7 @@ type uuid [16]byte
 func newUUID() (u uuid) {
 	u = uuid{}
 	// Set all bits to randomly (or pseudo-randomly) chosen values.
-	_, err := rand.Read(u[:])
-	if err != nil {
-		panic("ran.Read failed")
-	}
+	rand.Read(u[:])
 	u[8] = (u[8] | reservedRFC4122) & 0x7F // u.setVariant(ReservedRFC4122)
 
 	var version byte = 4

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zz_generated_client.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zz_generated_client.go

@@ -10,7 +10,7 @@ import (
 
 const (
 	// ServiceVersion specifies the version of the operations used in this package.
-	ServiceVersion = "2018-03-28"
+	ServiceVersion = "2018-11-09"
 )
 
 // managementClient is the base client for Azblob.

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zz_generated_responder_policy.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zz_generated_responder_policy.go

@@ -55,7 +55,7 @@ func validateResponse(resp pipeline.Response, successStatusCodes ...int) error {
 	defer resp.Response().Body.Close()
 	b, err := ioutil.ReadAll(resp.Response().Body)
 	if err != nil {
-		return NewResponseError(err, resp.Response(), "failed to read response body")
+		return err
 	}
 	// the service code, description and details will be populated during unmarshalling
 	responseError := NewResponseError(nil, resp.Response(), resp.Response().Status)

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zz_generated_service.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zz_generated_service.go

@@ -25,6 +25,44 @@ func newServiceClient(url url.URL, p pipeline.Pipeline) serviceClient {
 	return serviceClient{newManagementClient(url, p)}
 }
 
+// GetAccountInfo returns the sku name and account kind
+func (client serviceClient) GetAccountInfo(ctx context.Context) (*ServiceGetAccountInfoResponse, error) {
+	req, err := client.getAccountInfoPreparer()
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.Pipeline().Do(ctx, responderPolicyFactory{responder: client.getAccountInfoResponder}, req)
+	if err != nil {
+		return nil, err
+	}
+	return resp.(*ServiceGetAccountInfoResponse), err
+}
+
+// getAccountInfoPreparer prepares the GetAccountInfo request.
+func (client serviceClient) getAccountInfoPreparer() (pipeline.Request, error) {
+	req, err := pipeline.NewRequest("GET", client.url, nil)
+	if err != nil {
+		return req, pipeline.NewError(err, "failed to create request")
+	}
+	params := req.URL.Query()
+	params.Set("restype", "account")
+	params.Set("comp", "properties")
+	req.URL.RawQuery = params.Encode()
+	req.Header.Set("x-ms-version", ServiceVersion)
+	return req, nil
+}
+
+// getAccountInfoResponder handles the response to the GetAccountInfo request.
+func (client serviceClient) getAccountInfoResponder(resp pipeline.Response) (pipeline.Response, error) {
+	err := validateResponse(resp, http.StatusOK)
+	if resp == nil {
+		return nil, err
+	}
+	io.Copy(ioutil.Discard, resp.Response().Body)
+	resp.Response().Body.Close()
+	return &ServiceGetAccountInfoResponse{rawResponse: resp.Response()}, err
+}
+
 // GetProperties gets the properties of a storage account's Blob service, including properties for Storage Analytics
 // and CORS (Cross-Origin Resource Sharing) rules.
 //
@@ -83,7 +121,7 @@ func (client serviceClient) getPropertiesResponder(resp pipeline.Response) (pipe
 	defer resp.Response().Body.Close()
 	b, err := ioutil.ReadAll(resp.Response().Body)
 	if err != nil {
-		return result, NewResponseError(err, resp.Response(), "failed to read response body")
+		return result, err
 	}
 	if len(b) > 0 {
 		b = removeBOM(b)
@@ -153,7 +191,86 @@ func (client serviceClient) getStatisticsResponder(resp pipeline.Response) (pipe
 	defer resp.Response().Body.Close()
 	b, err := ioutil.ReadAll(resp.Response().Body)
 	if err != nil {
-		return result, NewResponseError(err, resp.Response(), "failed to read response body")
+		return result, err
+	}
+	if len(b) > 0 {
+		b = removeBOM(b)
+		err = xml.Unmarshal(b, result)
+		if err != nil {
+			return result, NewResponseError(err, resp.Response(), "failed to unmarshal response body")
+		}
+	}
+	return result, nil
+}
+
+// GetUserDelegationKey retrieves a user delgation key for the Blob service. This is only a valid operation when using
+// bearer token authentication.
+//
+// timeout is the timeout parameter is expressed in seconds. For more information, see <a
+// href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/setting-timeouts-for-blob-service-operations">Setting
+// Timeouts for Blob Service Operations.</a> requestID is provides a client-generated, opaque value with a 1 KB
+// character limit that is recorded in the analytics logs when storage analytics logging is enabled.
+func (client serviceClient) GetUserDelegationKey(ctx context.Context, keyInfo KeyInfo, timeout *int32, requestID *string) (*UserDelegationKey, error) {
+	if err := validate([]validation{
+		{targetValue: timeout,
+			constraints: []constraint{{target: "timeout", name: null, rule: false,
+				chain: []constraint{{target: "timeout", name: inclusiveMinimum, rule: 0, chain: nil}}}}}}); err != nil {
+		return nil, err
+	}
+	req, err := client.getUserDelegationKeyPreparer(keyInfo, timeout, requestID)
+	if err != nil {
+		return nil, err
+	}
+	resp, err := client.Pipeline().Do(ctx, responderPolicyFactory{responder: client.getUserDelegationKeyResponder}, req)
+	if err != nil {
+		return nil, err
+	}
+	return resp.(*UserDelegationKey), err
+}
+
+// getUserDelegationKeyPreparer prepares the GetUserDelegationKey request.
+func (client serviceClient) getUserDelegationKeyPreparer(keyInfo KeyInfo, timeout *int32, requestID *string) (pipeline.Request, error) {
+	req, err := pipeline.NewRequest("POST", client.url, nil)
+	if err != nil {
+		return req, pipeline.NewError(err, "failed to create request")
+	}
+	params := req.URL.Query()
+	if timeout != nil {
+		params.Set("timeout", strconv.FormatInt(int64(*timeout), 10))
+	}
+	params.Set("restype", "service")
+	params.Set("comp", "userdelegationkey")
+	req.URL.RawQuery = params.Encode()
+	req.Header.Set("x-ms-version", ServiceVersion)
+	if requestID != nil {
+		req.Header.Set("x-ms-client-request-id", *requestID)
+	}
+	b, err := xml.Marshal(keyInfo)
+	if err != nil {
+		return req, pipeline.NewError(err, "failed to marshal request body")
+	}
+	req.Header.Set("Content-Type", "application/xml")
+	err = req.SetBody(bytes.NewReader(b))
+	if err != nil {
+		return req, pipeline.NewError(err, "failed to set request body")
+	}
+	return req, nil
+}
+
+// getUserDelegationKeyResponder handles the response to the GetUserDelegationKey request.
+func (client serviceClient) getUserDelegationKeyResponder(resp pipeline.Response) (pipeline.Response, error) {
+	err := validateResponse(resp, http.StatusOK)
+	if resp == nil {
+		return nil, err
+	}
+	result := &UserDelegationKey{rawResponse: resp.Response()}
+	if err != nil {
+		return result, err
+	}
+	defer resp.Response().Body.Close()
+	b, err := ioutil.ReadAll(resp.Response().Body)
+	if err != nil {
+		return result, err
 	}
 	if len(b) > 0 {
 		b = removeBOM(b)
@@ -183,7 +300,7 @@ func (client serviceClient) getStatisticsResponder(resp pipeline.Response) (pipe
 // href="https://docs.microsoft.com/en-us/rest/api/storageservices/fileservices/setting-timeouts-for-blob-service-operations">Setting
 // Timeouts for Blob Service Operations.</a> requestID is provides a client-generated, opaque value with a 1 KB
 // character limit that is recorded in the analytics logs when storage analytics logging is enabled.
-func (client serviceClient) ListContainersSegment(ctx context.Context, prefix *string, marker *string, maxresults *int32, include ListContainersIncludeType, timeout *int32, requestID *string) (*ListContainersResponse, error) {
+func (client serviceClient) ListContainersSegment(ctx context.Context, prefix *string, marker *string, maxresults *int32, include ListContainersIncludeType, timeout *int32, requestID *string) (*ListContainersSegmentResponse, error) {
 	if err := validate([]validation{
 		{targetValue: maxresults,
 			constraints: []constraint{{target: "maxresults", name: null, rule: false,
@@ -201,7 +318,7 @@ func (client serviceClient) ListContainersSegment(ctx context.Context, prefix *s
 	if err != nil {
 		return nil, err
 	}
-	return resp.(*ListContainersResponse), err
+	return resp.(*ListContainersSegmentResponse), err
 }
 
 // listContainersSegmentPreparer prepares the ListContainersSegment request.
@@ -241,14 +358,14 @@ func (client serviceClient) listContainersSegmentResponder(resp pipeline.Respons
 	if resp == nil {
 		return nil, err
 	}
-	result := &ListContainersResponse{rawResponse: resp.Response()}
+	result := &ListContainersSegmentResponse{rawResponse: resp.Response()}
 	if err != nil {
 		return result, err
 	}
 	defer resp.Response().Body.Close()
 	b, err := ioutil.ReadAll(resp.Response().Body)
 	if err != nil {
-		return result, NewResponseError(err, resp.Response(), "failed to read response body")
+		return result, err
 	}
 	if len(b) > 0 {
 		b = removeBOM(b)

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zz_generated_version.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zz_generated_version.go

@@ -5,7 +5,7 @@ package azblob
 
 // UserAgent returns the UserAgent string to use when sending http.Requests.
 func UserAgent() string {
-	return "Azure-SDK-For-Go/0.0.0 azblob/2018-03-28"
+	return "Azure-SDK-For-Go/0.0.0 azblob/2018-11-09"
 }
 
 // Version returns the semantic version (see http://semver.org) of the client.

vendor/github.com/Azure/azure-storage-blob-go/2018-03-28/azblob/zz_response_helpers.go → vendor/github.com/Azure/azure-storage-blob-go/azblob/zz_response_helpers.go

@@ -65,7 +65,7 @@ func (r *DownloadResponse) Body(o RetryReaderOptions) io.ReadCloser {
 		func(ctx context.Context, getInfo HTTPGetterInfo) (*http.Response, error) {
 			resp, err := r.b.Download(ctx, getInfo.Offset, getInfo.Count,
 				BlobAccessConditions{
-					HTTPAccessConditions: HTTPAccessConditions{IfMatch: getInfo.ETag},
+					ModifiedAccessConditions: ModifiedAccessConditions{IfMatch: getInfo.ETag},
 				},
 				false)
 			if err != nil {

vendor/github.com/mattn/go-colorable/colorable_appengine.go

+// +build appengine
+
+package colorable
+
+import (
+	"io"
+	"os"
+
+	_ "github.com/mattn/go-isatty"
+)
+
+// NewColorable return new instance of Writer which handle escape sequence.
+func NewColorable(file *os.File) io.Writer {
+	if file == nil {
+		panic("nil passed instead of *os.File to NewColorable()")
+	}
+
+	return file
+}
+
+// NewColorableStdout return new instance of Writer which handle escape sequence for stdout.
+func NewColorableStdout() io.Writer {
+	return os.Stdout
+}
+
+// NewColorableStderr return new instance of Writer which handle escape sequence for stderr.
+func NewColorableStderr() io.Writer {
+	return os.Stderr
+}

vendor/github.com/mattn/go-ieproxy/GetProxyFunc.go

+package ieproxy
+
+import (
+	"net/http"
+	"net/url"
+)
+
+// GetProxyFunc is a forwarder for the OS-Exclusive proxyMiddleman_os.go files
+func GetProxyFunc() func(*http.Request) (*url.URL, error) {
+	return proxyMiddleman()
+}

vendor/github.com/mattn/go-ieproxy/LICENSE

+MIT License
+
+Copyright (c) 2014 mattn
+Copyright (c) 2017 oliverpool
+Copyright (c) 2019 Adele Reed
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

vendor/github.com/mattn/go-ieproxy/README.md

+# ieproxy
+
+Go package to detect the proxy settings on Windows platform.
+
+The settings are initially attempted to be read from the [`WinHttpGetIEProxyConfigForCurrentUser` DLL call](https://docs.microsoft.com/en-us/windows/desktop/api/winhttp/nf-winhttp-winhttpgetieproxyconfigforcurrentuser), but falls back to the registry (`CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings`) in the event the DLL call fails.
+
+For more information, take a look at the [documentation](https://godoc.org/github.com/mattn/go-ieproxy)
+
+## Methods
+
+You can either obtain a `net/http` compatible proxy function using `ieproxy.GetProxyFunc()`, set environment variables using `ieproxy.OverrideEnvWithStaticProxy()` (though no automatic configuration is available this way), or obtain the proxy settings via `ieproxy.GetConf()`.
+
+| Method                                 | Supported configuration options:              |
+|----------------------------------------|-----------------------------------------------|
+| `ieproxy.GetProxyFunc()`               | Static, Specified script, and fully automatic |
+| `ieproxy.OverrideEnvWithStaticProxy()` | Static                                        |
+| `ieproxy.GetConf()`                    | Depends on how you use it                     |
+
+## Examples
+
+### Using GetProxyFunc():
+
+```go
+func init() {
+	http.DefaultTransport.(*http.Transport).Proxy = ieproxy.GetProxyFunc()
+}
+```
+
+GetProxyFunc acts as a middleman between `net/http` and `mattn/go-ieproxy` in order to select the correct proxy configuration based off the details supplied in the config.
+
+### Using OverrideEnvWithStaticProxy():
+
+```go
+func init() {
+	ieproxy.OverrideEnvWithStaticProxy()
+	http.DefaultTransport.(*http.Transport).Proxy = http.ProxyFromEnvironment
+}
+```
+
+OverrideEnvWithStaticProxy overrides the relevant environment variables (`HTTP_PROXY`, `HTTPS_PROXY`, `NO_PROXY`) with the **static, manually configured** proxy details typically found in the registry.
+
+### Using GetConf():
+
+```go
+func main() {
+	conf := ieproxy.GetConf()
+	//Handle proxies how you want to.
+}
+```

vendor/github.com/mattn/go-ieproxy/ieproxy_unix.go

+// +build !windows
+
+package ieproxy
+
+func getConf() ProxyConf {
+	return ProxyConf{}
+}
+
+func overrideEnvWithStaticProxy(pc ProxyConf, setenv envSetter) {
+}

vendor/github.com/mattn/go-ieproxy/kernel32_data_windows.go

+package ieproxy
+
+import (
+	"golang.org/x/sys/windows"
+	"unsafe"
+)
+
+var kernel32 = windows.NewLazySystemDLL("kernel32.dll")
+var globalFree = kernel32.NewProc("GlobalFree")
+
+func globalFreeWrapper(ptr *uint16) {
+	if ptr != nil {
+		_, _, _ = globalFree.Call(uintptr(unsafe.Pointer(ptr)))
+	}
+}

vendor/github.com/mattn/go-ieproxy/pac_unix.go

+// +build !windows
+
+package ieproxy
+
+func (psc *ProxyScriptConf) findProxyForURL(URL string) string {
+	return ""
+}