Storage/STG91 Move audience out of models namespace and add help function for audience (#5026)

* move audience out of models namespace

* Update sdk/storage/azure-storage-queues/inc/azure/storage/queues/queue_options.hpp

Co-authored-by: JinmingHu <jinmhu@microsoft.com>

* Update sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_options.hpp

Co-authored-by: JinmingHu <jinmhu@microsoft.com>

* Update sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_options.hpp

Co-authored-by: JinmingHu <jinmhu@microsoft.com>

* add help func

---------

Co-authored-by: JinmingHu <jinmhu@microsoft.com>

sdk/storage/assets.json

@@ -2,5 +2,5 @@
   "AssetsRepo": "Azure/azure-sdk-assets",
   "AssetsRepoPrefixPath": "cpp",
   "TagPrefix": "cpp/storage",
-  "Tag": "cpp/storage_1d2fb95162"
+  "Tag": "cpp/storage_f9007be11f"
 }

sdk/storage/azure-storage-blobs/inc/azure/storage/blobs/blob_options.hpp

@@ -21,34 +21,42 @@
 
 namespace Azure { namespace Storage { namespace Blobs {
 
-  namespace Models {
+  /**
+   * @brief Audiences available for blob service
+   *
+   */
+  class BlobAudience final : public Azure::Core::_internal::ExtendableEnumeration<BlobAudience> {
+  public:
+    /**
+     * @brief Construct a new BlobAudience object
+     *
+     * @param blobAudience The Azure Active Directory audience to use when forming authorization
+     * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
+     * cloud where the resource is located. For more information: See
+     * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
+     */
+    explicit BlobAudience(std::string blobAudience) : ExtendableEnumeration(std::move(blobAudience))
+    {
+    }
 
     /**
-     * @brief Audiences available for Blobs
+     * @brief The service endpoint for a given storage account. Use this method to acquire a token
+     * for authorizing requests to that specific Azure Storage account and service only.
      *
+     * @param storageAccountName he storage account name used to populate the service endpoint.
+     * @return The service endpoint for a given storage account.
      */
-    class BlobAudience final : public Azure::Core::_internal::ExtendableEnumeration<BlobAudience> {
-    public:
-      /**
-       * @brief Construct a new BlobAudience object
-       *
-       * @param blobAudience The Azure Active Directory audience to use when forming authorization
-       * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
-       * cloud where the resource is located. For more information: See
-       * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
-       */
-      explicit BlobAudience(std::string blobAudience)
-          : ExtendableEnumeration(std::move(blobAudience))
-      {
-      }
+    static BlobAudience CreateBlobServiceAccountAudience(const std::string& storageAccountName)
+    {
+      return BlobAudience("https://" + storageAccountName + ".blob.core.windows.net/");
+    }
 
-      /**
-       * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
-       * Storage account.
-       */
-      AZ_STORAGE_BLOBS_DLLEXPORT const static BlobAudience DefaultAudience;
-    };
-  } // namespace Models
+    /**
+     * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
+     * Storage account.
+     */
+    AZ_STORAGE_BLOBS_DLLEXPORT const static BlobAudience DefaultAudience;
+  };
 
   /**
    * @brief Specifies access conditions for a container.
@@ -198,10 +206,10 @@ namespace Azure { namespace Storage { namespace Blobs {
 
     /**
      * The Audience to use for authentication with Azure Active Directory (AAD).
-     * #Azure::Storage::Blobs::Models::BlobAudience::DefaultAudience will be assumed if Audience is
+     * #Azure::Storage::Blobs::BlobAudience::DefaultAudience will be assumed if Audience is
      * not set.
      */
-    Azure::Nullable<Models::BlobAudience> Audience;
+    Azure::Nullable<BlobAudience> Audience;
   };
 
   /**

sdk/storage/azure-storage-blobs/src/blob_options.cpp

@@ -5,9 +5,7 @@
 
 namespace Azure { namespace Storage { namespace Blobs {
 
-  namespace Models {
-    const BlobAudience BlobAudience::DefaultAudience(_internal::StorageDefaultAudience);
-  } // namespace Models
+  const BlobAudience BlobAudience::DefaultAudience(_internal::StorageDefaultAudience);
 
   BlobQueryInputTextOptions BlobQueryInputTextOptions::CreateCsvTextOptions(
       const std::string& recordSeparator,

sdk/storage/azure-storage-blobs/test/ut/bearer_token_test.cpp

@@ -51,8 +51,7 @@ namespace Azure { namespace Storage { namespace Test {
 
     // With custom audience
     auto blobUrl = Azure::Core::Url(m_blockBlobClient->GetUrl());
-    clientOptions.Audience
-        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
+    clientOptions.Audience = Blobs::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
     blobClient = Blobs::BlobClient(
         m_blockBlobClient->GetUrl(),
         std::make_shared<Azure::Identity::ClientSecretCredential>(

sdk/storage/azure-storage-blobs/test/ut/blob_container_client_test.cpp

@@ -1457,13 +1457,13 @@ namespace Azure { namespace Storage { namespace Test {
     // custom audience
     auto containerUrl = Azure::Core::Url(containerClient.GetUrl());
     clientOptions.Audience
-        = Blobs::Models::BlobAudience(containerUrl.GetScheme() + "://" + containerUrl.GetHost());
+        = Blobs::BlobAudience(containerUrl.GetScheme() + "://" + containerUrl.GetHost());
     containerClient
         = Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(containerClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Blobs::BlobAudience("https://disk.compute.azure.com");
     containerClient
         = Blobs::BlobContainerClient(m_blobContainerClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(containerClient.GetProperties(), StorageException);

sdk/storage/azure-storage-blobs/test/ut/blob_service_client_test.cpp

@@ -515,13 +515,13 @@ namespace Azure { namespace Storage { namespace Test {
     // custom audience
     auto serviceUrl = Azure::Core::Url(serviceClient.GetUrl());
     clientOptions.Audience
-        = Blobs::Models::BlobAudience(serviceUrl.GetScheme() + "://" + serviceUrl.GetHost());
+        = Blobs::BlobAudience(serviceUrl.GetScheme() + "://" + serviceUrl.GetHost());
     serviceClient
         = Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(serviceClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Blobs::BlobAudience("https://disk.compute.azure.com");
     serviceClient
         = Blobs::BlobServiceClient(m_blobServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(serviceClient.GetProperties(), StorageException);

sdk/storage/azure-storage-blobs/test/ut/block_blob_client_test.cpp

@@ -2041,26 +2041,35 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
 
     // default audience
-    clientOptions.Audience = Blobs::Models::BlobAudience::DefaultAudience;
+    clientOptions.Audience = Blobs::BlobAudience::DefaultAudience;
+    blockBlobClient
+        = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(blockBlobClient.GetProperties());
+
+    // service audience
+
+    auto keyCredential
+        = _internal::ParseConnectionString(StandardStorageConnectionString()).KeyCredential;
+    auto accountName = keyCredential->AccountName;
+    clientOptions.Audience = Blobs::BlobAudience::CreateBlobServiceAccountAudience(accountName);
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
 
     // custom audience
     auto blobUrl = Azure::Core::Url(blockBlobClient.GetUrl());
-    clientOptions.Audience
-        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
+    clientOptions.Audience = Blobs::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost());
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
     clientOptions.Audience
-        = Blobs::Models::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/");
+        = Blobs::BlobAudience(blobUrl.GetScheme() + "://" + blobUrl.GetHost() + "/");
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(blockBlobClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Blobs::Models::BlobAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Blobs::BlobAudience("https://disk.compute.azure.com");
     blockBlobClient
         = Blobs::BlockBlobClient(m_blockBlobClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(blockBlobClient.GetProperties(), StorageException);

sdk/storage/azure-storage-files-datalake/inc/azure/storage/files/datalake/datalake_options.hpp

@@ -78,33 +78,6 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
        */
       static std::string SerializeAcls(const std::vector<Acl>& aclsArray);
     };
-
-    /**
-     * @brief Audiences available for Blobs
-     *
-     */
-    class DataLakeAudience final
-        : public Azure::Core::_internal::ExtendableEnumeration<DataLakeAudience> {
-    public:
-      /**
-       * @brief Construct a new DataLakeAudience object
-       *
-       * @param dataLakeAudience The Azure Active Directory audience to use when forming
-       * authorization scopes. For the Language service, this value corresponds to a URL that
-       * identifies the Azure cloud where the resource is located. For more information: See
-       * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
-       */
-      explicit DataLakeAudience(std::string dataLakeAudience)
-          : ExtendableEnumeration(std::move(dataLakeAudience))
-      {
-      }
-
-      /**
-       * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
-       * Storage account.
-       */
-      AZ_STORAGE_FILES_DATALAKE_DLLEXPORT const static DataLakeAudience DefaultAudience;
-    };
   } // namespace Models
 
   using DownloadFileToOptions = Blobs::DownloadBlobToOptions;
@@ -140,6 +113,46 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
     };
   } // namespace _detail
 
+  /**
+   * @brief Audiences available for data lake service
+   *
+   */
+  class DataLakeAudience final
+      : public Azure::Core::_internal::ExtendableEnumeration<DataLakeAudience> {
+  public:
+    /**
+     * @brief Construct a new DataLakeAudience object
+     *
+     * @param dataLakeAudience The Azure Active Directory audience to use when forming
+     * authorization scopes. For the Language service, this value corresponds to a URL that
+     * identifies the Azure cloud where the resource is located. For more information: See
+     * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
+     */
+    explicit DataLakeAudience(std::string dataLakeAudience)
+        : ExtendableEnumeration(std::move(dataLakeAudience))
+    {
+    }
+
+    /**
+     * @brief The service endpoint for a given storage account. Use this method to acquire a token
+     * for authorizing requests to that specific Azure Storage account and service only.
+     *
+     * @param storageAccountName he storage account name used to populate the service endpoint.
+     * @return The service endpoint for a given storage account.
+     */
+    static DataLakeAudience CreateDataLakeServiceAccountAudience(
+        const std::string& storageAccountName)
+    {
+      return DataLakeAudience("https://" + storageAccountName + ".blob.core.windows.net/");
+    }
+
+    /**
+     * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
+     * Storage account.
+     */
+    AZ_STORAGE_FILES_DATALAKE_DLLEXPORT const static DataLakeAudience DefaultAudience;
+  };
+
   /**
    * @brief Client options used to initialize all DataLake clients.
    */
@@ -173,10 +186,10 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake {
 
     /**
      * The Audience to use for authentication with Azure Active Directory (AAD).
-     * #Azure::Storage::Files::DataLake::Models::DataLakeAudience::DefaultAudience will be assumed
+     * #Azure::Storage::Files::DataLake::DataLakeAudience::DefaultAudience will be assumed
      * if Audience is not set.
      */
-    Azure::Nullable<Models::DataLakeAudience> Audience;
+    Azure::Nullable<DataLakeAudience> Audience;
   };
 
   /**

sdk/storage/azure-storage-files-datalake/src/datalake_options.cpp

@@ -3,8 +3,8 @@
 
 #include "azure/storage/files/datalake/datalake_options.hpp"
 
-namespace Azure { namespace Storage { namespace Files { namespace DataLake { namespace Models {
+namespace Azure { namespace Storage { namespace Files { namespace DataLake {
 
   const DataLakeAudience DataLakeAudience::DefaultAudience(_internal::StorageDefaultAudience);
 
-}}}}} // namespace Azure::Storage::Files::DataLake::Models
+}}}} // namespace Azure::Storage::Files::DataLake

sdk/storage/azure-storage-files-datalake/src/datalake_utilities.cpp

@@ -100,7 +100,7 @@ namespace Azure { namespace Storage { namespace Files { namespace DataLake { nam
     blobOptions.EnableTenantDiscovery = options.EnableTenantDiscovery;
     if (options.Audience.HasValue())
     {
-      blobOptions.Audience = Blobs::Models::BlobAudience(options.Audience.Value().ToString());
+      blobOptions.Audience = Blobs::BlobAudience(options.Audience.Value().ToString());
     }
     return blobOptions;
   }

sdk/storage/azure-storage-files-datalake/test/ut/datalake_file_system_client_test.cpp

@@ -923,15 +923,14 @@ namespace Azure { namespace Storage { namespace Test {
 
     // custom audience
     auto fileSystemUrl = Azure::Core::Url(fileSystemClient.GetUrl());
-    clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
+    clientOptions.Audience = Files::DataLake::DataLakeAudience(
         fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost());
     fileSystemClient = Files::DataLake::DataLakeFileSystemClient(
         m_fileSystemClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(fileSystemClient.GetProperties());
 
     // error audience
-    clientOptions.Audience
-        = Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::DataLake::DataLakeAudience("https://disk.compute.azure.com");
     fileSystemClient = Files::DataLake::DataLakeFileSystemClient(
         m_fileSystemClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(fileSystemClient.GetProperties(), StorageException);

sdk/storage/azure-storage-files-datalake/test/ut/datalake_path_client_test.cpp

@@ -495,22 +495,30 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(pathClient.GetProperties());
 
     // default audience
-    clientOptions.Audience = Files::DataLake::Models::DataLakeAudience::DefaultAudience;
+    clientOptions.Audience = Files::DataLake::DataLakeAudience::DefaultAudience;
+    pathClient
+        = Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(pathClient.GetProperties());
+
+    // service audience
+    auto keyCredential = _internal::ParseConnectionString(AdlsGen2ConnectionString()).KeyCredential;
+    auto accountName = keyCredential->AccountName;
+    clientOptions.Audience
+        = Files::DataLake::DataLakeAudience::CreateDataLakeServiceAccountAudience(accountName);
     pathClient
         = Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(pathClient.GetProperties());
 
     // custom audience
     auto pathUrl = Azure::Core::Url(pathClient.GetUrl());
-    clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
-        pathUrl.GetScheme() + "://" + pathUrl.GetHost());
+    clientOptions.Audience
+        = Files::DataLake::DataLakeAudience(pathUrl.GetScheme() + "://" + pathUrl.GetHost());
     pathClient
         = Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(pathClient.GetProperties());
 
     // error audience
-    clientOptions.Audience
-        = Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::DataLake::DataLakeAudience("https://disk.compute.azure.com");
     pathClient
         = Files::DataLake::DataLakePathClient(m_pathClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(pathClient.GetProperties(), StorageException);

sdk/storage/azure-storage-files-datalake/test/ut/datalake_service_client_test.cpp

@@ -359,15 +359,14 @@ namespace Azure { namespace Storage { namespace Test {
 
     // custom audience
     auto fileSystemUrl = Azure::Core::Url(serviceClient.GetUrl());
-    clientOptions.Audience = Files::DataLake::Models::DataLakeAudience(
+    clientOptions.Audience = Files::DataLake::DataLakeAudience(
         fileSystemUrl.GetScheme() + "://" + fileSystemUrl.GetHost());
     serviceClient = Files::DataLake::DataLakeServiceClient(
         m_dataLakeServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(serviceClient.GetProperties());
 
     // error audience
-    clientOptions.Audience
-        = Files::DataLake::Models::DataLakeAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::DataLake::DataLakeAudience("https://disk.compute.azure.com");
     serviceClient = Files::DataLake::DataLakeServiceClient(
         m_dataLakeServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(serviceClient.GetProperties(), StorageException);

sdk/storage/azure-storage-files-shares/inc/azure/storage/files/shares/share_options.hpp

@@ -18,35 +18,43 @@
 
 namespace Azure { namespace Storage { namespace Files { namespace Shares {
 
-  namespace Models {
+  /**
+   * @brief Audiences available for share service
+   *
+   */
+  class ShareAudience final : public Azure::Core::_internal::ExtendableEnumeration<ShareAudience> {
+  public:
+    /**
+     * @brief Construct a new ShareAudience object
+     *
+     * @param shareAudience The Azure Active Directory audience to use when forming authorization
+     * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
+     * cloud where the resource is located. For more information: See
+     * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
+     */
+    explicit ShareAudience(std::string shareAudience)
+        : ExtendableEnumeration(std::move(shareAudience))
+    {
+    }
 
     /**
-     * @brief Audiences available for Blobs
+     * @brief The service endpoint for a given storage account. Use this method to acquire a token
+     * for authorizing requests to that specific Azure Storage account and service only.
      *
+     * @param storageAccountName he storage account name used to populate the service endpoint.
+     * @return The service endpoint for a given storage account.
      */
-    class ShareAudience final
-        : public Azure::Core::_internal::ExtendableEnumeration<ShareAudience> {
-    public:
-      /**
-       * @brief Construct a new ShareAudience object
-       *
-       * @param shareAudience The Azure Active Directory audience to use when forming authorization
-       * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
-       * cloud where the resource is located. For more information: See
-       * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
-       */
-      explicit ShareAudience(std::string shareAudience)
-          : ExtendableEnumeration(std::move(shareAudience))
-      {
-      }
+    static ShareAudience CreateShareServiceAccountAudience(const std::string& storageAccountName)
+    {
+      return ShareAudience("https://" + storageAccountName + ".file.core.windows.net/");
+    }
 
-      /**
-       * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
-       * Storage account.
-       */
-      AZ_STORAGE_FILES_SHARES_DLLEXPORT const static ShareAudience DefaultAudience;
-    };
-  } // namespace Models
+    /**
+     * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
+     * Storage account.
+     */
+    AZ_STORAGE_FILES_SHARES_DLLEXPORT const static ShareAudience DefaultAudience;
+  };
 
   /**
    * @brief Client options used to initialize share clients.
@@ -80,10 +88,10 @@ namespace Azure { namespace Storage { namespace Files { namespace Shares {
 
     /**
      * The Audience to use for authentication with Azure Active Directory (AAD).
-     * #Azure::Storage::Files::Shares::Models::ShareAudience::DefaultAudience will be assumed if
+     * #Azure::Storage::Files::Shares::ShareAudience::DefaultAudience will be assumed if
      * Audience is not set.
      */
-    Azure::Nullable<Models::ShareAudience> Audience;
+    Azure::Nullable<ShareAudience> Audience;
   };
 
   /**

sdk/storage/azure-storage-files-shares/src/share_options.cpp

@@ -3,8 +3,8 @@
 
 #include "azure/storage/files/shares/share_options.hpp"
 
-namespace Azure { namespace Storage { namespace Files { namespace Shares { namespace Models {
+namespace Azure { namespace Storage { namespace Files { namespace Shares {
 
   const ShareAudience ShareAudience::DefaultAudience(_internal::StorageDefaultAudience);
 
-}}}}} // namespace Azure::Storage::Files::Shares::Models
+}}}} // namespace Azure::Storage::Files::Shares

sdk/storage/azure-storage-files-shares/test/ut/share_client_test.cpp

@@ -720,12 +720,12 @@ namespace Azure { namespace Storage { namespace Test {
     // custom audience
     auto shareUrl = Azure::Core::Url(shareClient.GetUrl());
     clientOptions.Audience
-        = Files::Shares::Models::ShareAudience(shareUrl.GetScheme() + "://" + shareUrl.GetHost());
+        = Files::Shares::ShareAudience(shareUrl.GetScheme() + "://" + shareUrl.GetHost());
     shareClient = Files::Shares::ShareClient(m_shareClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(shareClient.GetPermission(created.FilePermissionKey));
 
     // error audience
-    clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::Shares::ShareAudience("https://disk.compute.azure.com");
     shareClient = Files::Shares::ShareClient(m_shareClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(shareClient.GetPermission(created.FilePermissionKey), StorageException);
   }

sdk/storage/azure-storage-files-shares/test/ut/share_directory_client_test.cpp

@@ -1223,14 +1223,14 @@ namespace Azure { namespace Storage { namespace Test {
 
     // custom audience
     auto directoryUrl = Azure::Core::Url(directoryClient.GetUrl());
-    clientOptions.Audience = Files::Shares::Models::ShareAudience(
-        directoryUrl.GetScheme() + "://" + directoryUrl.GetHost());
+    clientOptions.Audience
+        = Files::Shares::ShareAudience(directoryUrl.GetScheme() + "://" + directoryUrl.GetHost());
     directoryClient = Files::Shares::ShareDirectoryClient(
         m_fileShareDirectoryClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(directoryClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::Shares::ShareAudience("https://disk.compute.azure.com");
     directoryClient = Files::Shares::ShareDirectoryClient(
         m_fileShareDirectoryClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(directoryClient.GetProperties(), StorageException);

sdk/storage/azure-storage-files-shares/test/ut/share_file_client_test.cpp

@@ -1708,14 +1708,23 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(fileClient.GetProperties());
 
     // default audience
-    clientOptions.Audience = Files::Shares::Models::ShareAudience::DefaultAudience;
+    clientOptions.Audience = Files::Shares::ShareAudience::DefaultAudience;
+    fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(fileClient.GetProperties());
+
+    // service audience
+    auto keyCredential
+        = _internal::ParseConnectionString(StandardStorageConnectionString()).KeyCredential;
+    auto accountName = keyCredential->AccountName;
+    clientOptions.Audience
+        = Files::Shares::ShareAudience::CreateShareServiceAccountAudience(accountName);
     fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(fileClient.GetProperties());
 
     // custom audience
     auto fileUrl = Azure::Core::Url(fileClient.GetUrl());
     clientOptions.Audience
-        = Files::Shares::Models::ShareAudience(fileUrl.GetScheme() + "://" + fileUrl.GetHost());
+        = Files::Shares::ShareAudience(fileUrl.GetScheme() + "://" + fileUrl.GetHost());
     fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(fileClient.GetProperties());
 
@@ -1728,7 +1737,7 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(fileClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Files::Shares::Models::ShareAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Files::Shares::ShareAudience("https://disk.compute.azure.com");
     fileClient = Files::Shares::ShareFileClient(m_fileClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(fileClient.GetProperties(), StorageException);
 

sdk/storage/azure-storage-queues/inc/azure/storage/queues/queue_options.hpp

@@ -18,35 +18,44 @@
 #include <string>
 
 namespace Azure { namespace Storage { namespace Queues {
-  namespace Models {
+
+  /**
+   * @brief Audiences available for queue service
+   *
+   */
+  class QueueAudience final : public Azure::Core::_internal::ExtendableEnumeration<QueueAudience> {
+  public:
+    /**
+     * @brief Construct a new QueueAudience object
+     *
+     * @param queueAudience The Azure Active Directory audience to use when forming authorization
+     * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
+     * cloud where the resource is located. For more information: See
+     * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
+     */
+    explicit QueueAudience(std::string queueAudience)
+        : ExtendableEnumeration(std::move(queueAudience))
+    {
+    }
 
     /**
-     * @brief Audiences available for Blobs
+     * @brief The service endpoint for a given storage account. Use this method to acquire a token
+     * for authorizing requests to that specific Azure Storage account and service only.
      *
+     * @param storageAccountName he storage account name used to populate the service endpoint.
+     * @return The service endpoint for a given storage account.
      */
-    class QueueAudience final
-        : public Azure::Core::_internal::ExtendableEnumeration<QueueAudience> {
-    public:
-      /**
-       * @brief Construct a new QueueAudience object
-       *
-       * @param queueAudience The Azure Active Directory audience to use when forming authorization
-       * scopes. For the Language service, this value corresponds to a URL that identifies the Azure
-       * cloud where the resource is located. For more information: See
-       * https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory
-       */
-      explicit QueueAudience(std::string queueAudience)
-          : ExtendableEnumeration(std::move(queueAudience))
-      {
-      }
+    static QueueAudience CreateQueueServiceAccountAudience(const std::string& storageAccountName)
+    {
+      return QueueAudience("https://" + storageAccountName + ".queue.core.windows.net/");
+    }
 
-      /**
-       * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
-       * Storage account.
-       */
-      AZ_STORAGE_QUEUES_DLLEXPORT const static QueueAudience DefaultAudience;
-    };
-  } // namespace Models
+    /**
+     * @brief Default Audience. Use to acquire a token for authorizing requests to any Azure
+     * Storage account.
+     */
+    AZ_STORAGE_QUEUES_DLLEXPORT const static QueueAudience DefaultAudience;
+  };
 
   /**
    * @brief API version for Storage Queue service.
@@ -124,10 +133,10 @@ namespace Azure { namespace Storage { namespace Queues {
 
     /**
      * The Audience to use for authentication with Azure Active Directory (AAD).
-     * #Azure::Storage::Queues::Models::QueueAudience::DefaultAudience will be assumed if
+     * #Azure::Storage::Queues::QueueAudience::DefaultAudience will be assumed if
      * Audience is not set.
      */
-    Azure::Nullable<Models::QueueAudience> Audience;
+    Azure::Nullable<QueueAudience> Audience;
   };
 
   /**

sdk/storage/azure-storage-queues/src/queue_options.cpp

@@ -5,10 +5,7 @@
 
 namespace Azure { namespace Storage { namespace Queues {
 
-  namespace Models {
-
-    const QueueAudience QueueAudience::DefaultAudience(_internal::StorageDefaultAudience);
-  } // namespace Models
+  const QueueAudience QueueAudience::DefaultAudience(_internal::StorageDefaultAudience);
 
   const ServiceVersion ServiceVersion::V2018_03_28(std::string("2018-03-28"));
   const ServiceVersion ServiceVersion::V2019_12_12(std::string("2019-12-12"));

sdk/storage/azure-storage-queues/test/ut/queue_client_test.cpp

@@ -247,14 +247,22 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(queueClient.GetProperties());
 
     // default audience
-    clientOptions.Audience = Queues::Models::QueueAudience::DefaultAudience;
+    clientOptions.Audience = Queues::QueueAudience::DefaultAudience;
+    queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
+    EXPECT_NO_THROW(queueClient.GetProperties());
+
+    // service audience
+    auto keyCredential
+        = _internal::ParseConnectionString(StandardStorageConnectionString()).KeyCredential;
+    auto accountName = keyCredential->AccountName;
+    clientOptions.Audience = Queues::QueueAudience::CreateQueueServiceAccountAudience(accountName);
     queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(queueClient.GetProperties());
 
     // custom audience
     auto queueUrl = Azure::Core::Url(queueClient.GetUrl());
     clientOptions.Audience
-        = Queues::Models::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
+        = Queues::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
     queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(queueClient.GetProperties());
 
@@ -264,7 +272,7 @@ namespace Azure { namespace Storage { namespace Test {
     EXPECT_NO_THROW(queueClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Queues::Models::QueueAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Queues::QueueAudience("https://disk.compute.azure.com");
     queueClient = Queues::QueueClient(m_queueClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(queueClient.GetProperties(), StorageException);
 

sdk/storage/azure-storage-queues/test/ut/queue_service_client_test.cpp

@@ -331,13 +331,13 @@ namespace Azure { namespace Storage { namespace Test {
     // custom audience
     auto queueUrl = Azure::Core::Url(queueServiceClient.GetUrl());
     clientOptions.Audience
-        = Queues::Models::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
+        = Queues::QueueAudience(queueUrl.GetScheme() + "://" + queueUrl.GetHost());
     queueServiceClient
         = Queues::QueueServiceClient(m_queueServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_NO_THROW(queueServiceClient.GetProperties());
 
     // error audience
-    clientOptions.Audience = Queues::Models::QueueAudience("https://disk.compute.azure.com");
+    clientOptions.Audience = Queues::QueueAudience("https://disk.compute.azure.com");
     queueServiceClient
         = Queues::QueueServiceClient(m_queueServiceClient->GetUrl(), credential, clientOptions);
     EXPECT_THROW(queueServiceClient.GetProperties(), StorageException);