def test_azure_sas_credential_updates():
"""Tests AzureSasCredential updates"""
sas = "original"
credential = AzureSasCredential(sas)
assert credential.signature == sas
sas = "new"
credential.update(sas)
assert credential.signature == sas
async def test_client_azure_sas_credential_async(
self, eventhub, eventhub_namespace, eventhub_namespace_key_name,
eventhub_namespace_primary_key,
eventhub_namespace_connection_string, **kwargs):
# This should "just work" to validate known-good.
hostname = "{}.servicebus.windows.net".format(eventhub_namespace.name)
producer_client = EventHubProducerClient.from_connection_string(
eventhub_namespace_connection_string, eventhub_name=eventhub.name)
async with producer_client:
batch = await producer_client.create_batch(partition_id='0')
batch.add(EventData(body='A single message'))
await producer_client.send_batch(batch)
hostname = "{}.servicebus.windows.net".format(eventhub_namespace.name)
auth_uri = "sb://{}/{}".format(hostname, eventhub.name)
token = (await credential.get_token(auth_uri)).token
producer_client = EventHubProducerClient(
fully_qualified_namespace=hostname,
eventhub_name=eventhub.name,
credential=AzureSasCredential(token))
async with producer_client:
batch = await producer_client.create_batch(partition_id='0')
batch.add(EventData(body='A single message'))
await producer_client.send_batch(batch)
def test_account_sas(self, datalake_storage_account_name,
datalake_storage_account_key):
self._setUp(datalake_storage_account_name,
datalake_storage_account_key)
# SAS URL is calculated from storage key, so this test runs live only
file_name = self._get_file_reference()
# create a file under root directory
self._create_file_and_return_client(file=file_name)
# generate a token with file level read permission
token = generate_account_sas(
self.dsc.account_name,
self.dsc.credential.account_key,
ResourceTypes(file_system=True, object=True),
AccountSasPermissions(read=True),
datetime.utcnow() + timedelta(hours=1),
)
for credential in [token, AzureSasCredential(token)]:
# read the created file which is under root directory
file_client = DataLakeFileClient(self.dsc.url,
self.file_system_name,
file_name,
credential=credential)
properties = file_client.get_file_properties()
# make sure we can read the file properties
self.assertIsNotNone(properties)
# try to write to the created file with the token
with self.assertRaises(HttpResponseError):
file_client.append_data(b"abcd", 0, 4)
def test_account_sas(self, storage_account_name, storage_account_key):
# SAS URL is calculated from storage key, so this test runs live only
# Arrange
qsc = QueueServiceClient(
self.account_url(storage_account_name, "queue"),
storage_account_key)
queue_client = self._get_queue_reference(qsc)
queue_client.create_queue()
queue_client.send_message(u'message1')
token = generate_account_sas(qsc.account_name,
qsc.credential.account_key,
ResourceTypes(object=True),
AccountSasPermissions(read=True),
datetime.utcnow() + timedelta(hours=1),
datetime.utcnow() - timedelta(minutes=5))
# Act
for credential in [token, AzureSasCredential(token)]:
service = QueueServiceClient(
account_url=qsc.url,
credential=credential,
)
new_queue_client = service.get_queue_client(
queue_client.queue_name)
result = new_queue_client.peek_messages()
# Assert
self.assertIsNotNone(result)
self.assertEqual(1, len(result))
message = result[0]
self.assertIsNotNone(message)
self.assertNotEqual('', message.id)
self.assertEqual(u'message1', message.content)
def cf_table_service(cli_ctx, kwargs):
from azure.data.tables._table_service_client import TableServiceClient
client_kwargs = prepare_client_kwargs_track2(cli_ctx)
client_kwargs = _config_location_mode(kwargs, client_kwargs)
connection_string = kwargs.pop('connection_string', None)
account_name = kwargs.pop('account_name', None)
account_url = kwargs.pop('account_url', None)
account_key = kwargs.pop('account_key', None)
token_credential = kwargs.pop('token_credential', None)
sas_token = kwargs.pop('sas_token', None)
if connection_string:
return TableServiceClient.from_connection_string(
conn_str=connection_string, **client_kwargs)
if not account_url:
account_url = get_account_url(cli_ctx,
account_name=account_name,
service='table')
if account_key:
from azure.core.credentials import AzureNamedKeyCredential
credential = AzureNamedKeyCredential(name=account_name,
key=account_key)
elif sas_token:
from azure.core.credentials import AzureSasCredential
credential = AzureSasCredential(signature=sas_token)
else:
credential = token_credential
return TableServiceClient(endpoint=account_url,
credential=credential,
**client_kwargs)
def test_create_service_with_custom_account_endpoint_path(self):
token = AzureSasCredential(self.generate_sas_token())
custom_account_url = "http://local-machine:11002/custom/account/path/" + token.signature
for service_type in SERVICES.items():
conn_string = 'DefaultEndpointsProtocol=http;AccountName={};AccountKey={};TableEndpoint={};'.format(
self.tables_storage_account_name, self.tables_primary_storage_account_key, custom_account_url)
# Act
service = service_type[0].from_connection_string(conn_string, table_name="foo")
# Assert
assert service.account_name == self.tables_storage_account_name
assert service.credential.named_key.name == self.tables_storage_account_name
assert service.credential.named_key.key == self.tables_primary_storage_account_key
assert service._primary_hostname == 'local-machine:11002/custom/account/path'
service = TableServiceClient(endpoint=custom_account_url)
assert service.account_name == "custom"
assert service.credential == None
assert service._primary_hostname == 'local-machine:11002/custom/account/path'
assert service.url.startswith('http://local-machine:11002/custom/account/path')
service = TableClient(endpoint=custom_account_url, table_name="foo")
assert service.account_name == "custom"
assert service.table_name == "foo"
assert service.credential == None
assert service._primary_hostname == 'local-machine:11002/custom/account/path'
assert service.url.startswith('http://local-machine:11002/custom/account/path')
service = TableClient.from_table_url("http://local-machine:11002/custom/account/path/foo" + token.signature)
assert service.account_name == "custom"
assert service.table_name == "foo"
assert service.credential == None
assert service._primary_hostname == 'local-machine:11002/custom/account/path'
assert service.url.startswith('http://local-machine:11002/custom/account/path')
def authentication_by_shared_access_signature(self):
# Instantiate a TableServiceClient using a connection string
# [START auth_from_sas]
from azure.data.tables import TableServiceClient
from azure.core.credentials import AzureNamedKeyCredential, AzureSasCredential
# Create a SAS token to use for authentication of a client
from azure.data.tables import generate_account_sas, ResourceTypes, AccountSasPermissions
print("Account name: {}".format(self.account_name))
credential = AzureNamedKeyCredential(self.account_name,
self.access_key)
sas_token = generate_account_sas(
credential,
resource_types=ResourceTypes(service=True),
permission=AccountSasPermissions(read=True),
expiry=datetime.utcnow() + timedelta(hours=1),
)
with TableServiceClient(endpoint=self.endpoint,
credential=AzureSasCredential(
sas_token)) as token_auth_table_service:
properties = token_auth_table_service.get_service_properties()
print("Shared Access Signature: {}".format(properties))
async def test_client_azure_sas_credential_async(live_eventhub):
# This should "just work" to validate known-good.
hostname = live_eventhub['hostname']
producer_client = EventHubProducerClient.from_connection_string(
live_eventhub['connection_str'],
eventhub_name=live_eventhub['event_hub'])
async with producer_client:
batch = await producer_client.create_batch(partition_id='0')
batch.add(EventData(body='A single message'))
await producer_client.send_batch(batch)
credential = EventHubSharedKeyCredential(live_eventhub['key_name'],
live_eventhub['access_key'])
auth_uri = "sb://{}/{}".format(hostname, live_eventhub['event_hub'])
token = (await credential.get_token(auth_uri)).token.decode()
producer_client = EventHubProducerClient(
fully_qualified_namespace=hostname,
eventhub_name=live_eventhub['event_hub'],
credential=AzureSasCredential(token))
async with producer_client:
batch = await producer_client.create_batch(partition_id='0')
batch.add(EventData(body='A single message'))
await producer_client.send_batch(batch)
def test_create_service_with_token(self):
url = self.account_url(self.tables_storage_account_name, "table")
suffix = '.table.core.windows.net'
self.token_credential = AzureSasCredential("fake_sas_credential")
service = TableClient(url,
credential=self.token_credential,
table_name='foo')
# Assert
assert service is not None
assert service.account_name == self.tables_storage_account_name
assert service.url.startswith('https://' +
self.tables_storage_account_name +
suffix)
assert service.credential == self.token_credential
assert not hasattr(service.credential, 'account_key')
service = TableServiceClient(url,
credential=self.token_credential,
table_name='foo')
# Assert
assert service is not None
assert service.account_name == self.tables_storage_account_name
assert service.url.startswith('https://' +
self.tables_storage_account_name +
suffix)
assert service.credential == self.token_credential
assert not hasattr(service.credential, 'account_key')
async def test_create_service_with_token_and_http(self):
self.token_credential = self.generate_fake_token()
for service_type in SERVICES:
# Act
with pytest.raises(ValueError):
url = self.account_url(self.tables_cosmos_account_name, "cosmos").replace('https', 'http')
service_type(url, credential=AzureSasCredential("fake_sas_credential"), table_name='foo')
def test_account_sas_raises_if_sas_already_in_uri(self,
storage_account_name,
storage_account_key):
with self.assertRaises(ValueError):
QueueServiceClient(
self.account_url(storage_account_name, "queue") + "?sig=foo",
credential=AzureSasCredential("?foo=bar"))
async def test_batch_sas_auth(self, tables_cosmos_account_name,
tables_primary_cosmos_account_key):
# this can be reverted to set_bodiless_matcher() after tests are re-recorded and don't contain these headers
set_custom_default_matcher(
compare_bodies=False,
excluded_headers=
"Authorization,Content-Length,x-ms-client-request-id,x-ms-request-id"
)
# Arrange
await self._set_up(tables_cosmos_account_name,
tables_primary_cosmos_account_key,
url="cosmos")
try:
token = self.generate_sas(
generate_table_sas,
tables_primary_cosmos_account_key,
self.table_name,
permission=TableSasPermissions(add=True,
read=True,
update=True,
delete=True),
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
token = AzureSasCredential(token)
# Act
service = TableServiceClient(
self.account_url(tables_cosmos_account_name, "cosmos"),
credential=token,
)
table = service.get_table_client(self.table_name)
entity = TableEntity()
entity['PartitionKey'] = 'batch_inserts'
entity['test'] = EntityProperty(True, EdmType.BOOLEAN)
entity['test2'] = 'value'
entity['test3'] = 3
entity['test4'] = EntityProperty(1234567890, EdmType.INT32)
batch = []
transaction_count = 0
for i in range(10):
entity['RowKey'] = str(i)
batch.append(('create', entity.copy()))
transaction_count += 1
transaction_result = await table.submit_transaction(batch)
assert transaction_result is not None
total_entities = 0
async for e in table.list_entities():
total_entities += 1
assert total_entities == transaction_count
finally:
await self._tear_down()
def test_account_sas_raises_if_sas_already_in_uri(
self, datalake_storage_account_name, datalake_storage_account_key):
self._setUp(datalake_storage_account_name,
datalake_storage_account_key)
with self.assertRaises(ValueError):
DataLakeFileClient(self.dsc.url + "?sig=foo",
self.file_system_name,
"foo",
credential=AzureSasCredential("?foo=bar"))
def test_create_service_with_sas_credential_url_raises_if_sas_is_in_uri_async(self, resource_group, location, storage_account, storage_account_key):
# Arrange
sas_credential = AzureSasCredential(self.sas_token)
for service_type in SERVICES:
# Act
with self.assertRaises(ValueError):
service = service_type(
self.account_url(storage_account, "blob") + "?sig=foo", credential=sas_credential, container_name='foo', blob_name='bar')
def test_create_service_with_token_and_http(self):
for service_type in SERVICES:
with pytest.raises(ValueError):
url = self.account_url(self.tables_storage_account_name,
"table").replace('https', 'http')
service_type(
url,
credential=AzureSasCredential("fake_sas_credential"),
table_name='foo')
async def publish():
credential = AzureSasCredential(sas)
client = EventGridPublisherClient(endpoint, credential)
async with client:
await client.send([
EventGridEvent(event_type="Contoso.Items.ItemReceived",
data={"itemSku": "Contoso Item SKU #1"},
subject="Door1",
data_version="2.0")
])
def test_azure_sas_credential_policy(sas, url, expected_url):
"""Tests to see if we can create an AzureSasCredentialPolicy"""
def verify_authorization(request):
assert request.url == expected_url
transport = Mock(send=verify_authorization)
credential = AzureSasCredential(sas)
credential_policy = AzureSasCredentialPolicy(credential=credential)
pipeline = Pipeline(transport=transport, policies=[credential_policy])
pipeline.run(HttpRequest("GET", url))
def test_batch_sas_auth(self, tables_storage_account_name,
tables_primary_storage_account_key):
set_bodiless_matcher()
# Arrange
self._set_up(tables_storage_account_name,
tables_primary_storage_account_key)
try:
token = self.generate_sas(
generate_table_sas,
tables_primary_storage_account_key,
self.table_name,
permission=TableSasPermissions(add=True,
read=True,
update=True,
delete=True),
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
token = AzureSasCredential(token)
# Act
service = TableServiceClient(
self.account_url(tables_storage_account_name, "table"),
credential=token,
)
table = service.get_table_client(self.table_name)
entity = TableEntity()
entity['PartitionKey'] = 'batch_inserts'
entity['test'] = EntityProperty(True, EdmType.BOOLEAN)
entity['test2'] = 'value'
entity['test3'] = 3
entity['test4'] = EntityProperty(1234567890, EdmType.INT32)
batch = []
transaction_count = 0
for i in range(10):
entity['RowKey'] = str(i)
batch.append(('create', entity.copy()))
transaction_count += 1
transaction_result = table.submit_transaction(batch)
assert transaction_result
total_entities = 0
for e in table.list_entities():
total_entities += 1
assert total_entities == transaction_count
finally:
self._tear_down()
def test_send_signature_credential(self, variables, eventgrid_topic_key,
eventgrid_topic_endpoint):
expiration_date_utc = dt.datetime.now(UTC()) + timedelta(hours=1)
signature = generate_sas(eventgrid_topic_endpoint, eventgrid_topic_key,
expiration_date_utc)
credential = AzureSasCredential(signature)
client = EventGridPublisherClient(eventgrid_topic_endpoint, credential)
eg_event = EventGridEvent(subject="sample",
data={"sample": "eventgridevent"},
event_type="Sample.EventGrid.Event",
data_version="2.0")
client.send(eg_event)
async def test_batch_sas_auth(self, tables_storage_account_name,
tables_primary_storage_account_key):
# Arrange
await self._set_up(tables_storage_account_name,
tables_primary_storage_account_key)
try:
token = generate_table_sas(
tables_storage_account_name,
tables_primary_storage_account_key,
self.table_name,
permission=TableSasPermissions(add=True,
read=True,
update=True,
delete=True),
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
token = AzureSasCredential(token)
# Act
service = TableServiceClient(
self.account_url(tables_storage_account_name, "table"),
credential=token,
)
table = service.get_table_client(self.table_name)
entity = TableEntity()
entity.PartitionKey = 'batch_inserts'
entity.test = EntityProperty(True)
entity.test2 = 'value'
entity.test3 = 3
entity.test4 = EntityProperty(1234567890)
batch = table.create_batch()
transaction_count = 0
for i in range(10):
entity.RowKey = str(i)
batch.create_entity(entity)
transaction_count += 1
transaction_result = await table.send_batch(batch)
assert transaction_result is not None
total_entities = 0
async for e in table.list_entities():
total_entities += 1
assert total_entities == transaction_count
finally:
await self._tear_down()
async def test_create_service_with_token_async(self):
url = self.account_url(self.tables_cosmos_account_name, "cosmos")
suffix = '.table.cosmos.azure.com'
self.token_credential = AzureSasCredential("fake_sas_credential")
for service_type in SERVICES:
# Act
service = service_type(url, credential=self.token_credential, table_name='foo')
# Assert
assert service is not None
assert service.account_name == self.tables_cosmos_account_name
assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix)
assert service.credential == self.token_credential
assert not hasattr(service.credential, 'account_key')
async def test_create_service_with_connection_string_sas_async(self):
# Arrange
token = AzureSasCredential(self.generate_sas_token())
conn_string = 'AccountName={};SharedAccessSignature={};'.format(self.tables_storage_account_name, token.signature)
for service_type in SERVICES:
# Act
service = service_type.from_connection_string(conn_string, table_name='foo')
# Assert
assert service is not None
assert service.account_name == self.tables_storage_account_name
assert service.url.startswith('https://' + self.tables_storage_account_name + '.table.core.windows.net')
assert isinstance(service.credential , AzureSasCredential)
async def test_send_signature_credential(self, resource_group,
eventgrid_topic,
eventgrid_topic_primary_key,
eventgrid_topic_endpoint):
expiration_date_utc = dt.datetime.now(UTC()) + timedelta(hours=1)
signature = generate_shared_access_signature(
eventgrid_topic_endpoint, eventgrid_topic_primary_key,
expiration_date_utc)
credential = AzureSasCredential(signature)
client = EventGridPublisherClient(eventgrid_topic_endpoint, credential)
eg_event = EventGridEvent(subject="sample",
data={"sample": "eventgridevent"},
event_type="Sample.EventGrid.Event",
data_version="2.0")
await client.send_events(eg_event)
def test_create_service_with_sas_credential_async(self, resource_group, location, storage_account, storage_account_key):
# Arrange
sas_credential = AzureSasCredential(self.sas_token)
for service_type in SERVICES:
# Act
service = service_type(
self.account_url(storage_account, "blob"), credential=sas_credential, container_name='foo', blob_name='bar')
# Assert
self.assertIsNotNone(service)
self.assertEqual(service.account_name, storage_account.name)
self.assertTrue(service.url.startswith('https://' + storage_account.name + '.blob.core.windows.net'))
self.assertFalse(service.url.endswith(self.sas_token))
self.assertEqual(service.credential, sas_credential)
async def test_create_service_with_sas(self):
# Arrange
url = self.account_url(self.tables_storage_account_name, "table")
suffix = '.table.core.windows.net'
token = AzureSasCredential(self.generate_sas_token())
for service_type in SERVICES:
# Act
service = service_type(
self.account_url(self.tables_storage_account_name, "table"), credential=token, table_name='foo')
# Assert
assert service is not None
assert service.account_name == self.tables_storage_account_name
assert service.url.startswith('https://' + self.tables_storage_account_name + suffix)
assert isinstance(service.credential, AzureSasCredential)
def test_create_service_with_token(self):
url = self.account_url(self.tables_cosmos_account_name, "cosmos")
suffix = '.table.cosmos.azure.com'
for service_type in SERVICES:
# Act
service = service_type(
endpoint=self._account_url(self.tables_cosmos_account_name),
credential=AzureSasCredential("fake_sas_credential"),
table_name="foo")
# Assert
assert service is not None
assert service.account_name == self.tables_cosmos_account_name
assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix)
assert not hasattr(service, 'account_key')
def parse_connection_str(conn_str, credential, keyword_args):
conn_settings = parse_connection_string(conn_str)
primary = None
secondary = None
if not credential:
try:
credential = AzureNamedKeyCredential(
name=conn_settings["accountname"],
key=conn_settings["accountkey"])
except KeyError:
credential = conn_settings.get("sharedaccesssignature", None)
if not credential:
raise ValueError(
"Connection string missing required connection details.")
credential = AzureSasCredential(credential)
primary = conn_settings.get("tableendpoint")
secondary = conn_settings.get("tablesecondaryendpoint")
if not primary:
if secondary:
raise ValueError(
"Connection string specifies only secondary endpoint.")
try:
primary = "{}://{}.table.{}".format(
conn_settings["defaultendpointsprotocol"],
conn_settings["accountname"],
conn_settings["endpointsuffix"],
)
secondary = "{}-secondary.table.{}".format(
conn_settings["accountname"], conn_settings["endpointsuffix"])
except KeyError:
pass
if not primary:
try:
primary = "https://{}.table.{}".format(
conn_settings["accountname"],
conn_settings.get("endpointsuffix", SERVICE_HOST_BASE),
)
except KeyError:
raise ValueError(
"Connection string missing required connection details.")
if "secondary_hostname" not in keyword_args:
keyword_args["secondary_hostname"] = secondary
return primary, credential
async def test_account_sas(self, tables_storage_account_name,
tables_primary_storage_account_key):
account_url = self.account_url(tables_storage_account_name, "table")
tsc = TableServiceClient(credential=tables_primary_storage_account_key,
endpoint=account_url)
table = await self._create_table(tsc)
try:
entity = {
'PartitionKey': 'test',
'RowKey': 'test1',
'text': 'hello',
}
await table.upsert_entity(entity=entity)
entity['RowKey'] = 'test2'
await table.upsert_entity(entity=entity)
token = self.generate_sas(
generate_account_sas,
tables_primary_storage_account_key,
resource_types=ResourceTypes(object=True),
permission=AccountSasPermissions(read=True),
expiry=datetime.utcnow() + timedelta(hours=1),
start=datetime.utcnow() - timedelta(minutes=1),
)
token = AzureSasCredential(token)
account_url = self.account_url(tables_storage_account_name,
"table")
service = TableServiceClient(credential=token,
endpoint=account_url)
# Act
sas_table = service.get_table_client(table.table_name)
entities = []
async for e in sas_table.list_entities():
entities.append(e)
# Assert
assert len(entities) == 2
assert entities[0]['text'] == u'hello'
assert entities[1]['text'] == u'hello'
finally:
await tsc.delete_table(table.table_name)
def test_client_azure_named_key_credential(
self, servicebus_queue, servicebus_namespace,
servicebus_namespace_key_name, servicebus_namespace_primary_key,
servicebus_namespace_connection_string, **kwargs):
# This should "just work" to validate known-good.
credential = ServiceBusSharedKeyCredential(
servicebus_namespace_key_name, servicebus_namespace_primary_key)
hostname = "{}.servicebus.windows.net".format(
servicebus_namespace.name)
auth_uri = "sb://{}/{}".format(hostname, servicebus_queue.name)
token = credential.get_token(auth_uri).token.decode()
# Finally let's do it with AzureSasCredential
credential = AzureSasCredential(token)
client = ServiceBusClient(hostname, credential)
with client:
assert len(client._handlers) == 0
def test_create_service_with_sas(self):
# Arrange
url = self.account_url(self.tables_cosmos_account_name, "cosmos")
suffix = '.table.cosmos.azure.com'
self.sas_token = self.generate_sas_token()
self.sas_token = AzureSasCredential(self.sas_token)
for service_type in SERVICES:
# Act
service = service_type(
endpoint=self._account_url(self.tables_cosmos_account_name),
credential=self.sas_token,
table_name="foo")
# Assert
assert service is not None
assert service.account_name == self.tables_cosmos_account_name
assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix)
assert isinstance(service.credential, AzureSasCredential)
