def create_blob_container_saskey(
storage_settings, container, kind, create_container=False):
# type: (StorageCredentialsSettings, str, str, bool) -> str
"""Create a saskey for a blob container with a 7day expiry time
:param StorageCredentialsSettings storage_settings: storage settings
:param str container: container
:param str kind: ingress or egress
:param bool create_container: create container
:rtype: str
:return: saskey
"""
blob_client = azureblob.BlockBlobService(
account_name=storage_settings.account,
account_key=storage_settings.account_key,
endpoint_suffix=storage_settings.endpoint)
if create_container:
blob_client.create_container(container, fail_on_exist=False)
if kind == 'ingress':
perm = azureblob.ContainerPermissions(read=True, list=True)
elif kind == 'egress':
perm = azureblob.ContainerPermissions(
read=True, write=True, delete=True, list=True)
else:
raise ValueError('{} type of transfer not supported'.format(kind))
return blob_client.generate_container_shared_access_signature(
container, perm,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(days=_DEFAULT_SAS_EXPIRY_DAYS)
)
def create_sas_token(
blob_client: azureblob.BlockBlobService,
container_name: str,
permissions: Optional[List[str]] = None,
expire_in: Optional[datetime.timedelta] = None,
) -> str:
"""
Create SAS token
:param blob_client: Blob client
:param container_name: Storage container name
:param permissions: list of required permissions (available: "read", "list", "write", "delete")
:param expire_in: In how long should the token expire (datetime.timedelta, default = 1 day)
:return: SAS token, str
"""
permissions = permissions or ["read"]
expire_in = expire_in or datetime.timedelta(days=1)
return blob_client.generate_container_shared_access_signature(
container_name=container_name,
permission=azureblob.ContainerPermissions(**{opt: True for opt in permissions}),
expiry=datetime.datetime.utcnow() + expire_in
)
def create_saskey(
storage_settings, path, file, create, list_perm, read, write, delete,
expiry_days=None):
# type: (settings.StorageCredentialsSettings, str, bool, bool, bool, bool,
# bool, bool, int) -> None
"""Create an object-level sas key
:param settings.StorageCredentialsSetting storage_settings:
storage settings
:param str path: path
:param bool file: file sas
:param bool create: create perm
:param bool list_perm: list perm
:param bool read: read perm
:param bool write: write perm
:param bool delete: delete perm
:param int expiry_days: expiry in days
:rtype: str
:return: sas token
"""
if expiry_days is None:
expiry_days = _DEFAULT_SAS_EXPIRY_DAYS
if file:
client = azurefile.FileService(
account_name=storage_settings.account,
account_key=storage_settings.account_key,
endpoint_suffix=storage_settings.endpoint)
tmp = path.split('/')
if len(tmp) < 1:
raise ValueError('path is invalid: {}'.format(path))
share_name = tmp[0]
if len(tmp) == 1:
perm = azurefile.SharePermissions(
read=read, write=write, delete=delete, list=list_perm)
sas = client.generate_share_shared_access_signature(
share_name=share_name, permission=perm,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(days=expiry_days)
)
else:
if len(tmp) == 2:
directory_name = ''
file_name = tmp[1]
else:
directory_name = tmp[1]
file_name = '/'.join(tmp[2:])
perm = azurefile.FilePermissions(
read=read, create=create, write=write, delete=delete)
sas = client.generate_file_shared_access_signature(
share_name=share_name, directory_name=directory_name,
file_name=file_name, permission=perm,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(days=expiry_days)
)
else:
client = azureblob.BlockBlobService(
account_name=storage_settings.account,
account_key=storage_settings.account_key,
endpoint_suffix=storage_settings.endpoint)
tmp = path.split('/')
if len(tmp) < 1:
raise ValueError('path is invalid: {}'.format(path))
container_name = tmp[0]
if len(tmp) == 1:
perm = azureblob.ContainerPermissions(
read=read, write=write, delete=delete, list=list_perm)
sas = client.generate_container_shared_access_signature(
container_name=container_name, permission=perm,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(days=expiry_days)
)
else:
blob_name = '/'.join(tmp[1:])
perm = azureblob.BlobPermissions(
read=read, create=create, write=write, delete=delete)
sas = client.generate_blob_shared_access_signature(
container_name=container_name, blob_name=blob_name,
permission=perm,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(days=expiry_days)
)
return sas
def get_SAS_for_container(block_blob_service, container_name):
permission = azureblob.ContainerPermissions(read=False, write=True)
sas_token = block_blob_service.generate_container_shared_access_signature(
container_name, permission,
datetime.now(timezone.utc) + timedelta(hours=4))
return sas_token
print("\nStarting project [{0:}]".format(project_id))
# Generate blob client
block_blob_client = azureblob.BlockBlobService(
account_name=storage_account_name,
account_key=storage_account_key,
endpoint_suffix=storage_account_suffix)
# Create a blob container for this project
block_blob_client.create_container(project_id, fail_on_exist=False)
# Generate a SAS token to pass results back to the container
container_sas_token = block_blob_client.generate_container_shared_access_signature(
project_id,
permission=azureblob.ContainerPermissions(read=True, write=True),
expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=24),
)
print("\nUploading resource files ...")
# Upload the context surfaces file
surfaces_sas_url = common.helpers.upload_blob_and_create_sas(
block_blob_client, project_id, "surfaces.json", surfaces_path,
datetime.datetime.utcnow() + datetime.timedelta(days=7))
print("{0:} uploaded to {1:}/{2:}".format(os.path.basename(surfaces_path),
project_id, "surfaces.json"))
# Upload the sky matrix file
sky_mtx_sas_url = common.helpers.upload_blob_and_create_sas(
block_blob_client, project_id, "sky_mtx.json", sky_matrix_path,