#define parameter
Param(
    [Parameter(Mandatory=$True)]
    [string]$AzureAutomationAccount,

    [Parameter(Mandatory=$True)]
    [string]$FileWebUrl,

    [Parameter(Mandatory=$True)]
    [string]$StorageAccountName,

    [Parameter(Mandatory=$True)]
    [string]$StorageResourceGroup,

    [Parameter(Mandatory=$True)]
    [string]$StorageContainerName,

    [Parameter(Mandatory=$True)]
    [string]$BlobName,

    [Parameter(Mandatory=$false)]
    [ValidateSet("r","rw","rcw","rwcd")] 
    [string]$AccessRights = "r",
    
    [Parameter(Mandatory=$false)]
    [int]$TokenLifeTime = 2
)

#get credentials from Azure Automation vault
$myCredential = Get-AutomationPSCredential -Name $AzureAutomationAccount

#sign in to AzureRM
Login-AzureRmAccount -Credential $myCredential

#get current utc time for sas token starttime and expiration
$TokenStartTime = Get-Date
$TokenStartTime = $TokenStartTime.ToUniversalTime()
$TokenEndTime = $TokenStartTime.AddHours($TokenLifeTime)

#get storageaccount key, set context to container and request adhoc SAS token
$StorageAccountKey = (Get-AzureRmStorageAccountKey -ResourceGroupName $StorageResourceGroup -AccountName $StorageAccountName).Value[0]
$StorageContext = New-AzureStorageContext $StorageAccountName -StorageAccountKey $StorageAccountKey
$SASKey = New-AzureStorageBlobSASToken -Protocol HttpsOnly -Container $StorageContainerName -Blob $BlobName -Context $StorageContext -Permission $AccessRights -StartTime $TokenStartTime -ExpiryTime $TokenEndTime

#join file-uri and SAS token to full download uri
$FullUri = "$FileWebUrl$SASKey"