def container_acl(self):
container_name = self._create_container()
# Create a READ level access policy and set it on the container
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id': access_policy}
self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(
container_name) # {id: AccessPolicy()}
# Replaces values, does not merge
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id2': access_policy}
self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(
container_name) # {id2: AccessPolicy()}
# Clear
self.service.set_container_acl(container_name)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(container_name) # {}
self.service.delete_container(container_name)
def share_acl(self):
share_name = self._create_share()
# Basic
access_policy = AccessPolicy(permission=SharePermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id': access_policy}
self.service.set_share_acl(share_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_share_acl(share_name) # {id: AccessPolicy()}
# Replaces values, does not merge
access_policy = AccessPolicy(permission=SharePermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id2': access_policy}
self.service.set_share_acl(share_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_share_acl(share_name) # {id2: AccessPolicy()}
# Clear
self.service.set_share_acl(share_name)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_share_acl(share_name) # {}
self.service.delete_share(share_name)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
blob_name = self._create_block_blob()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = BlobPermissions.READ
identifiers = {'testid': access_policy}
resp = self.bs.set_container_acl(self.container_name, identifiers)
token = self.bs.generate_blob_shared_access_signature(
self.container_name, blob_name, id='testid')
# Act
service = BlockBlobService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_test_proxy(service, self.settings)
result = service.get_blob_to_bytes(self.container_name, blob_name)
# Assert
self.assertEqual(self.byte_data, result.content)
def sas_with_signed_identifiers(self):
table_name = self._create_table()
entity = {
'PartitionKey': 'test',
'RowKey': 'test1',
'text': 'hello world',
}
self.service.insert_entity(table_name, entity)
# Set access policy on table
access_policy = AccessPolicy(permission=TablePermissions.QUERY,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_table_acl(table_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the table
token = self.service.generate_table_shared_access_signature(table_name,
id='id')
# Create a service and use the SAS
sas_service = TableService(
account_name=self.account.account_name,
sas_token=token,
)
entities = list(sas_service.query_entities(table_name))
for entity in entities:
print(entity.text) # hello world
self.service.delete_table(table_name)
def sas_with_signed_identifiers(self):
share_name = self._create_share()
self.service.create_directory(share_name, 'dir1')
self.service.create_file_from_text(share_name, 'dir1', 'file1',
b'hello world')
# Set access policy on share
access_policy = AccessPolicy(permission=SharePermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_share_acl(share_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the share
token = self.service.generate_share_shared_access_signature(share_name,
id='id')
# Create a service and use the SAS
sas_service = FileService(
account_name=self.account.account_name,
sas_token=token,
)
file = sas_service.get_file_to_text(share_name, 'dir1', 'file1')
content = file.content # hello world
self.service.delete_share(share_name)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
file_name = self._create_file()
access_policy = AccessPolicy()
access_policy.start = datetime.utcnow() - timedelta(hours=1)
access_policy.expiry = datetime.utcnow() + timedelta(hours=1)
access_policy.permission = FilePermissions.READ
identifiers = {'testid': access_policy}
resp = self.fs.set_share_acl(self.share_name, identifiers)
token = self.fs.generate_file_shared_access_signature(self.share_name,
None,
file_name,
id='testid')
# Act
service = FileService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_test_proxy(service, self.settings)
result = service.get_file_to_bytes(self.share_name, None, file_name)
# Assert
self.assertEqual(self.short_byte_data, result.content)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
entity = self._insert_random_entity()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = TablePermissions.QUERY
identifiers = {'testid': access_policy}
entities = self.ts.set_table_acl(self.table_name, identifiers)
token = self.ts.generate_table_shared_access_signature(
self.table_name,
id='testid',
)
# Act
service = TableService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_test_proxy(service, self.settings)
entities = list(
self.ts.query_entities(self.table_name,
filter="PartitionKey eq '{}'".format(
entity.PartitionKey)))
# Assert
self.assertEqual(len(entities), 1)
self._assert_default_entity(entities[0])
def sas_with_signed_identifiers(self):
container_name = self._create_container()
self.service.create_blob_from_text(container_name, 'blob1',
b'hello world')
# Set access policy on container
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() +
timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the container
token = self.service.generate_container_shared_access_signature(
container_name, id='id')
# Create a service and use the SAS
sas_service = BlockBlobService(
account_name=self.account.account_name,
sas_token=token,
)
blob = sas_service.get_blob_to_text(container_name, 'blob1')
content = blob.content # hello world
self.service.delete_container(container_name)
def queue_acl_operations(self, queue_service):
queue_name = 'aclqueue' + self.random_data.get_random_name(6)
try:
print('1. Create a queue with name - ' + queue_name)
queue_service.create_queue(queue_name)
print('2. Set access policy for queue')
access_policy = AccessPolicy(permission=QueuePermissions.READ,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(hours=1))
identifiers = {'id': access_policy}
queue_service.set_queue_acl(queue_name, identifiers)
print('3. Get access policy from queue')
acl = queue_service.get_queue_acl(queue_name)
print('4. Clear access policy in queue')
# Clear
queue_service.set_queue_acl(queue_name)
finally:
print('5. Delete queue')
if queue_service.exists(queue_name):
queue_service.delete_queue(queue_name)
print("Queue ACL operations sample completed")
def sas_with_signed_identifiers(self):
queue_name = self._create_queue()
self.service.put_message(queue_name, u'message1')
# Set access policy on queue
access_policy = AccessPolicy(permission=QueuePermissions.PROCESS,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_queue_acl(queue_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the queue
token = self.service.generate_queue_shared_access_signature(
queue_name,
id='id'
)
# Create a service and use the SAS
sas_service = QueueService(
account_name=self.account.account_name,
sas_token=token,
)
messages = sas_service.get_messages(queue_name)
for message in messages:
print(message.content) # message1
self.service.delete_queue(queue_name)
def test_set_container_acl_too_many_ids(self):
# Arrange
container_name = self._create_container()
# Act
identifiers = dict()
for i in range(0, 6):
identifiers['id{}'.format(i)] = AccessPolicy()
# Assert
with self.assertRaisesRegexp(AzureException, 'Too many access policies provided. The server does not support setting more than 5 access policies on a single resource.'):
self.bs.set_container_acl(container_name, identifiers)
def test_set_table_acl_with_empty_signed_identifier(self):
# Arrange
table_name = self._create_table()
# Act
self.ts.set_table_acl(table_name, {'empty': AccessPolicy()})
# Assert
acl = self.ts.get_table_acl(table_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertIsNotNone(acl['empty'])
self.assertIsNone(acl['empty'].permission)
self.assertIsNone(acl['empty'].expiry)
self.assertIsNone(acl['empty'].start)
def test_set_container_acl_with_empty_signed_identifier(self):
# Arrange
container_name = self._create_container()
# Act
self.bs.set_container_acl(container_name, {'empty': AccessPolicy()})
# Assert
acl = self.bs.get_container_acl(container_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertIsNotNone(acl['empty'])
self.assertIsNone(acl['empty'].permission)
self.assertIsNone(acl['empty'].expiry)
self.assertIsNone(acl['empty'].start)
self.assertIsNone(acl.public_access)
def test_set_table_acl_with_signed_identifiers(self):
# Arrange
table_name = self._create_table()
# Act
identifiers = dict()
identifiers['testid'] = AccessPolicy(start='2011-10-11',
expiry='2011-10-12',
permission=TablePermissions.QUERY)
self.ts.set_table_acl(table_name, identifiers)
# Assert
acl = self.ts.get_table_acl(table_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertTrue('testid' in acl)
def test_set_queue_acl_with_signed_identifiers(self):
# Arrange
queue_name = self._create_queue()
# Act
access_policy = AccessPolicy(permission=QueuePermissions.READ,
expiry='2011-10-12',
start='2011-10-11')
identifiers = {'testid': access_policy}
resp = self.qs.set_queue_acl(queue_name, identifiers)
# Assert
self.assertIsNone(resp)
acl = self.qs.get_queue_acl(queue_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertTrue('testid' in acl)
def test_set_container_acl_with_signed_identifiers(self):
# Arrange
container_name = self._create_container()
# Act
identifiers = dict()
identifiers['testid'] = AccessPolicy(
permission=ContainerPermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
self.bs.set_container_acl(container_name, identifiers)
# Assert
acl = self.bs.get_container_acl(container_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertTrue('testid' in acl)
self.assertIsNone(acl.public_access)
def test_set_share_acl_with_signed_identifiers(self):
# Arrange
share_name = self._create_share()
# Act
identifiers = dict()
identifiers['testid'] = AccessPolicy(
permission=SharePermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
resp = self.fs.set_share_acl(share_name, identifiers)
# Assert
self.assertIsNone(resp)
acl = self.fs.get_share_acl(share_name)
self.assertIsNotNone(acl)
self.assertEqual(len(acl), 1)
self.assertTrue('testid' in acl)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = QueuePermissions.READ
identifiers = {'testid': access_policy}
queue_name = self._create_queue()
resp = self.qs.set_queue_acl(queue_name, identifiers)
self.qs.put_message(queue_name, u'message1')
token = self.qs.generate_queue_shared_access_signature(
queue_name,
id='testid'
)
# Act
service = QueueService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_test_proxy(service, self.settings)
result = service.peek_messages(queue_name)
# Assert
self.assertIsNotNone(result)
self.assertEqual(1, len(result))
message = result[0]
self.assertIsNotNone(message)
self.assertNotEqual('', message.id)
self.assertEqual(u'message1', message.content)