def test_azure_sas_credential_updates(): """Tests AzureSasCredential updates""" sas = "original" credential = AzureSasCredential(sas) assert credential.signature == sas sas = "new" credential.update(sas) assert credential.signature == sas
async def test_client_azure_sas_credential_async( self, eventhub, eventhub_namespace, eventhub_namespace_key_name, eventhub_namespace_primary_key, eventhub_namespace_connection_string, **kwargs): # This should "just work" to validate known-good. hostname = "{}.servicebus.windows.net".format(eventhub_namespace.name) producer_client = EventHubProducerClient.from_connection_string( eventhub_namespace_connection_string, eventhub_name=eventhub.name) async with producer_client: batch = await producer_client.create_batch(partition_id='0') batch.add(EventData(body='A single message')) await producer_client.send_batch(batch) hostname = "{}.servicebus.windows.net".format(eventhub_namespace.name) auth_uri = "sb://{}/{}".format(hostname, eventhub.name) token = (await credential.get_token(auth_uri)).token producer_client = EventHubProducerClient( fully_qualified_namespace=hostname, eventhub_name=eventhub.name, credential=AzureSasCredential(token)) async with producer_client: batch = await producer_client.create_batch(partition_id='0') batch.add(EventData(body='A single message')) await producer_client.send_batch(batch)
def test_account_sas(self, datalake_storage_account_name, datalake_storage_account_key): self._setUp(datalake_storage_account_name, datalake_storage_account_key) # SAS URL is calculated from storage key, so this test runs live only file_name = self._get_file_reference() # create a file under root directory self._create_file_and_return_client(file=file_name) # generate a token with file level read permission token = generate_account_sas( self.dsc.account_name, self.dsc.credential.account_key, ResourceTypes(file_system=True, object=True), AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), ) for credential in [token, AzureSasCredential(token)]: # read the created file which is under root directory file_client = DataLakeFileClient(self.dsc.url, self.file_system_name, file_name, credential=credential) properties = file_client.get_file_properties() # make sure we can read the file properties self.assertIsNotNone(properties) # try to write to the created file with the token with self.assertRaises(HttpResponseError): file_client.append_data(b"abcd", 0, 4)
def test_account_sas(self, storage_account_name, storage_account_key): # SAS URL is calculated from storage key, so this test runs live only # Arrange qsc = QueueServiceClient( self.account_url(storage_account_name, "queue"), storage_account_key) queue_client = self._get_queue_reference(qsc) queue_client.create_queue() queue_client.send_message(u'message1') token = generate_account_sas(qsc.account_name, qsc.credential.account_key, ResourceTypes(object=True), AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), datetime.utcnow() - timedelta(minutes=5)) # Act for credential in [token, AzureSasCredential(token)]: service = QueueServiceClient( account_url=qsc.url, credential=credential, ) new_queue_client = service.get_queue_client( queue_client.queue_name) result = new_queue_client.peek_messages() # Assert self.assertIsNotNone(result) self.assertEqual(1, len(result)) message = result[0] self.assertIsNotNone(message) self.assertNotEqual('', message.id) self.assertEqual(u'message1', message.content)
def cf_table_service(cli_ctx, kwargs): from azure.data.tables._table_service_client import TableServiceClient client_kwargs = prepare_client_kwargs_track2(cli_ctx) client_kwargs = _config_location_mode(kwargs, client_kwargs) connection_string = kwargs.pop('connection_string', None) account_name = kwargs.pop('account_name', None) account_url = kwargs.pop('account_url', None) account_key = kwargs.pop('account_key', None) token_credential = kwargs.pop('token_credential', None) sas_token = kwargs.pop('sas_token', None) if connection_string: return TableServiceClient.from_connection_string( conn_str=connection_string, **client_kwargs) if not account_url: account_url = get_account_url(cli_ctx, account_name=account_name, service='table') if account_key: from azure.core.credentials import AzureNamedKeyCredential credential = AzureNamedKeyCredential(name=account_name, key=account_key) elif sas_token: from azure.core.credentials import AzureSasCredential credential = AzureSasCredential(signature=sas_token) else: credential = token_credential return TableServiceClient(endpoint=account_url, credential=credential, **client_kwargs)
def test_create_service_with_custom_account_endpoint_path(self): token = AzureSasCredential(self.generate_sas_token()) custom_account_url = "http://local-machine:11002/custom/account/path/" + token.signature for service_type in SERVICES.items(): conn_string = 'DefaultEndpointsProtocol=http;AccountName={};AccountKey={};TableEndpoint={};'.format( self.tables_storage_account_name, self.tables_primary_storage_account_key, custom_account_url) # Act service = service_type[0].from_connection_string(conn_string, table_name="foo") # Assert assert service.account_name == self.tables_storage_account_name assert service.credential.named_key.name == self.tables_storage_account_name assert service.credential.named_key.key == self.tables_primary_storage_account_key assert service._primary_hostname == 'local-machine:11002/custom/account/path' service = TableServiceClient(endpoint=custom_account_url) assert service.account_name == "custom" assert service.credential == None assert service._primary_hostname == 'local-machine:11002/custom/account/path' assert service.url.startswith('http://local-machine:11002/custom/account/path') service = TableClient(endpoint=custom_account_url, table_name="foo") assert service.account_name == "custom" assert service.table_name == "foo" assert service.credential == None assert service._primary_hostname == 'local-machine:11002/custom/account/path' assert service.url.startswith('http://local-machine:11002/custom/account/path') service = TableClient.from_table_url("http://local-machine:11002/custom/account/path/foo" + token.signature) assert service.account_name == "custom" assert service.table_name == "foo" assert service.credential == None assert service._primary_hostname == 'local-machine:11002/custom/account/path' assert service.url.startswith('http://local-machine:11002/custom/account/path')
def authentication_by_shared_access_signature(self): # Instantiate a TableServiceClient using a connection string # [START auth_from_sas] from azure.data.tables import TableServiceClient from azure.core.credentials import AzureNamedKeyCredential, AzureSasCredential # Create a SAS token to use for authentication of a client from azure.data.tables import generate_account_sas, ResourceTypes, AccountSasPermissions print("Account name: {}".format(self.account_name)) credential = AzureNamedKeyCredential(self.account_name, self.access_key) sas_token = generate_account_sas( credential, resource_types=ResourceTypes(service=True), permission=AccountSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) with TableServiceClient(endpoint=self.endpoint, credential=AzureSasCredential( sas_token)) as token_auth_table_service: properties = token_auth_table_service.get_service_properties() print("Shared Access Signature: {}".format(properties))
async def test_client_azure_sas_credential_async(live_eventhub): # This should "just work" to validate known-good. hostname = live_eventhub['hostname'] producer_client = EventHubProducerClient.from_connection_string( live_eventhub['connection_str'], eventhub_name=live_eventhub['event_hub']) async with producer_client: batch = await producer_client.create_batch(partition_id='0') batch.add(EventData(body='A single message')) await producer_client.send_batch(batch) credential = EventHubSharedKeyCredential(live_eventhub['key_name'], live_eventhub['access_key']) auth_uri = "sb://{}/{}".format(hostname, live_eventhub['event_hub']) token = (await credential.get_token(auth_uri)).token.decode() producer_client = EventHubProducerClient( fully_qualified_namespace=hostname, eventhub_name=live_eventhub['event_hub'], credential=AzureSasCredential(token)) async with producer_client: batch = await producer_client.create_batch(partition_id='0') batch.add(EventData(body='A single message')) await producer_client.send_batch(batch)
def test_create_service_with_token(self): url = self.account_url(self.tables_storage_account_name, "table") suffix = '.table.core.windows.net' self.token_credential = AzureSasCredential("fake_sas_credential") service = TableClient(url, credential=self.token_credential, table_name='foo') # Assert assert service is not None assert service.account_name == self.tables_storage_account_name assert service.url.startswith('https://' + self.tables_storage_account_name + suffix) assert service.credential == self.token_credential assert not hasattr(service.credential, 'account_key') service = TableServiceClient(url, credential=self.token_credential, table_name='foo') # Assert assert service is not None assert service.account_name == self.tables_storage_account_name assert service.url.startswith('https://' + self.tables_storage_account_name + suffix) assert service.credential == self.token_credential assert not hasattr(service.credential, 'account_key')
async def test_create_service_with_token_and_http(self): self.token_credential = self.generate_fake_token() for service_type in SERVICES: # Act with pytest.raises(ValueError): url = self.account_url(self.tables_cosmos_account_name, "cosmos").replace('https', 'http') service_type(url, credential=AzureSasCredential("fake_sas_credential"), table_name='foo')
def test_account_sas_raises_if_sas_already_in_uri(self, storage_account_name, storage_account_key): with self.assertRaises(ValueError): QueueServiceClient( self.account_url(storage_account_name, "queue") + "?sig=foo", credential=AzureSasCredential("?foo=bar"))
async def test_batch_sas_auth(self, tables_cosmos_account_name, tables_primary_cosmos_account_key): # this can be reverted to set_bodiless_matcher() after tests are re-recorded and don't contain these headers set_custom_default_matcher( compare_bodies=False, excluded_headers= "Authorization,Content-Length,x-ms-client-request-id,x-ms-request-id" ) # Arrange await self._set_up(tables_cosmos_account_name, tables_primary_cosmos_account_key, url="cosmos") try: token = self.generate_sas( generate_table_sas, tables_primary_cosmos_account_key, self.table_name, permission=TableSasPermissions(add=True, read=True, update=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) token = AzureSasCredential(token) # Act service = TableServiceClient( self.account_url(tables_cosmos_account_name, "cosmos"), credential=token, ) table = service.get_table_client(self.table_name) entity = TableEntity() entity['PartitionKey'] = 'batch_inserts' entity['test'] = EntityProperty(True, EdmType.BOOLEAN) entity['test2'] = 'value' entity['test3'] = 3 entity['test4'] = EntityProperty(1234567890, EdmType.INT32) batch = [] transaction_count = 0 for i in range(10): entity['RowKey'] = str(i) batch.append(('create', entity.copy())) transaction_count += 1 transaction_result = await table.submit_transaction(batch) assert transaction_result is not None total_entities = 0 async for e in table.list_entities(): total_entities += 1 assert total_entities == transaction_count finally: await self._tear_down()
def test_account_sas_raises_if_sas_already_in_uri( self, datalake_storage_account_name, datalake_storage_account_key): self._setUp(datalake_storage_account_name, datalake_storage_account_key) with self.assertRaises(ValueError): DataLakeFileClient(self.dsc.url + "?sig=foo", self.file_system_name, "foo", credential=AzureSasCredential("?foo=bar"))
def test_create_service_with_sas_credential_url_raises_if_sas_is_in_uri_async(self, resource_group, location, storage_account, storage_account_key): # Arrange sas_credential = AzureSasCredential(self.sas_token) for service_type in SERVICES: # Act with self.assertRaises(ValueError): service = service_type( self.account_url(storage_account, "blob") + "?sig=foo", credential=sas_credential, container_name='foo', blob_name='bar')
def test_create_service_with_token_and_http(self): for service_type in SERVICES: with pytest.raises(ValueError): url = self.account_url(self.tables_storage_account_name, "table").replace('https', 'http') service_type( url, credential=AzureSasCredential("fake_sas_credential"), table_name='foo')
async def publish(): credential = AzureSasCredential(sas) client = EventGridPublisherClient(endpoint, credential) async with client: await client.send([ EventGridEvent(event_type="Contoso.Items.ItemReceived", data={"itemSku": "Contoso Item SKU #1"}, subject="Door1", data_version="2.0") ])
def test_azure_sas_credential_policy(sas, url, expected_url): """Tests to see if we can create an AzureSasCredentialPolicy""" def verify_authorization(request): assert request.url == expected_url transport = Mock(send=verify_authorization) credential = AzureSasCredential(sas) credential_policy = AzureSasCredentialPolicy(credential=credential) pipeline = Pipeline(transport=transport, policies=[credential_policy]) pipeline.run(HttpRequest("GET", url))
def test_batch_sas_auth(self, tables_storage_account_name, tables_primary_storage_account_key): set_bodiless_matcher() # Arrange self._set_up(tables_storage_account_name, tables_primary_storage_account_key) try: token = self.generate_sas( generate_table_sas, tables_primary_storage_account_key, self.table_name, permission=TableSasPermissions(add=True, read=True, update=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) token = AzureSasCredential(token) # Act service = TableServiceClient( self.account_url(tables_storage_account_name, "table"), credential=token, ) table = service.get_table_client(self.table_name) entity = TableEntity() entity['PartitionKey'] = 'batch_inserts' entity['test'] = EntityProperty(True, EdmType.BOOLEAN) entity['test2'] = 'value' entity['test3'] = 3 entity['test4'] = EntityProperty(1234567890, EdmType.INT32) batch = [] transaction_count = 0 for i in range(10): entity['RowKey'] = str(i) batch.append(('create', entity.copy())) transaction_count += 1 transaction_result = table.submit_transaction(batch) assert transaction_result total_entities = 0 for e in table.list_entities(): total_entities += 1 assert total_entities == transaction_count finally: self._tear_down()
def test_send_signature_credential(self, variables, eventgrid_topic_key, eventgrid_topic_endpoint): expiration_date_utc = dt.datetime.now(UTC()) + timedelta(hours=1) signature = generate_sas(eventgrid_topic_endpoint, eventgrid_topic_key, expiration_date_utc) credential = AzureSasCredential(signature) client = EventGridPublisherClient(eventgrid_topic_endpoint, credential) eg_event = EventGridEvent(subject="sample", data={"sample": "eventgridevent"}, event_type="Sample.EventGrid.Event", data_version="2.0") client.send(eg_event)
async def test_batch_sas_auth(self, tables_storage_account_name, tables_primary_storage_account_key): # Arrange await self._set_up(tables_storage_account_name, tables_primary_storage_account_key) try: token = generate_table_sas( tables_storage_account_name, tables_primary_storage_account_key, self.table_name, permission=TableSasPermissions(add=True, read=True, update=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) token = AzureSasCredential(token) # Act service = TableServiceClient( self.account_url(tables_storage_account_name, "table"), credential=token, ) table = service.get_table_client(self.table_name) entity = TableEntity() entity.PartitionKey = 'batch_inserts' entity.test = EntityProperty(True) entity.test2 = 'value' entity.test3 = 3 entity.test4 = EntityProperty(1234567890) batch = table.create_batch() transaction_count = 0 for i in range(10): entity.RowKey = str(i) batch.create_entity(entity) transaction_count += 1 transaction_result = await table.send_batch(batch) assert transaction_result is not None total_entities = 0 async for e in table.list_entities(): total_entities += 1 assert total_entities == transaction_count finally: await self._tear_down()
async def test_create_service_with_token_async(self): url = self.account_url(self.tables_cosmos_account_name, "cosmos") suffix = '.table.cosmos.azure.com' self.token_credential = AzureSasCredential("fake_sas_credential") for service_type in SERVICES: # Act service = service_type(url, credential=self.token_credential, table_name='foo') # Assert assert service is not None assert service.account_name == self.tables_cosmos_account_name assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix) assert service.credential == self.token_credential assert not hasattr(service.credential, 'account_key')
async def test_create_service_with_connection_string_sas_async(self): # Arrange token = AzureSasCredential(self.generate_sas_token()) conn_string = 'AccountName={};SharedAccessSignature={};'.format(self.tables_storage_account_name, token.signature) for service_type in SERVICES: # Act service = service_type.from_connection_string(conn_string, table_name='foo') # Assert assert service is not None assert service.account_name == self.tables_storage_account_name assert service.url.startswith('https://' + self.tables_storage_account_name + '.table.core.windows.net') assert isinstance(service.credential , AzureSasCredential)
async def test_send_signature_credential(self, resource_group, eventgrid_topic, eventgrid_topic_primary_key, eventgrid_topic_endpoint): expiration_date_utc = dt.datetime.now(UTC()) + timedelta(hours=1) signature = generate_shared_access_signature( eventgrid_topic_endpoint, eventgrid_topic_primary_key, expiration_date_utc) credential = AzureSasCredential(signature) client = EventGridPublisherClient(eventgrid_topic_endpoint, credential) eg_event = EventGridEvent(subject="sample", data={"sample": "eventgridevent"}, event_type="Sample.EventGrid.Event", data_version="2.0") await client.send_events(eg_event)
def test_create_service_with_sas_credential_async(self, resource_group, location, storage_account, storage_account_key): # Arrange sas_credential = AzureSasCredential(self.sas_token) for service_type in SERVICES: # Act service = service_type( self.account_url(storage_account, "blob"), credential=sas_credential, container_name='foo', blob_name='bar') # Assert self.assertIsNotNone(service) self.assertEqual(service.account_name, storage_account.name) self.assertTrue(service.url.startswith('https://' + storage_account.name + '.blob.core.windows.net')) self.assertFalse(service.url.endswith(self.sas_token)) self.assertEqual(service.credential, sas_credential)
async def test_create_service_with_sas(self): # Arrange url = self.account_url(self.tables_storage_account_name, "table") suffix = '.table.core.windows.net' token = AzureSasCredential(self.generate_sas_token()) for service_type in SERVICES: # Act service = service_type( self.account_url(self.tables_storage_account_name, "table"), credential=token, table_name='foo') # Assert assert service is not None assert service.account_name == self.tables_storage_account_name assert service.url.startswith('https://' + self.tables_storage_account_name + suffix) assert isinstance(service.credential, AzureSasCredential)
def test_create_service_with_token(self): url = self.account_url(self.tables_cosmos_account_name, "cosmos") suffix = '.table.cosmos.azure.com' for service_type in SERVICES: # Act service = service_type( endpoint=self._account_url(self.tables_cosmos_account_name), credential=AzureSasCredential("fake_sas_credential"), table_name="foo") # Assert assert service is not None assert service.account_name == self.tables_cosmos_account_name assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix) assert not hasattr(service, 'account_key')
def parse_connection_str(conn_str, credential, keyword_args): conn_settings = parse_connection_string(conn_str) primary = None secondary = None if not credential: try: credential = AzureNamedKeyCredential( name=conn_settings["accountname"], key=conn_settings["accountkey"]) except KeyError: credential = conn_settings.get("sharedaccesssignature", None) if not credential: raise ValueError( "Connection string missing required connection details.") credential = AzureSasCredential(credential) primary = conn_settings.get("tableendpoint") secondary = conn_settings.get("tablesecondaryendpoint") if not primary: if secondary: raise ValueError( "Connection string specifies only secondary endpoint.") try: primary = "{}://{}.table.{}".format( conn_settings["defaultendpointsprotocol"], conn_settings["accountname"], conn_settings["endpointsuffix"], ) secondary = "{}-secondary.table.{}".format( conn_settings["accountname"], conn_settings["endpointsuffix"]) except KeyError: pass if not primary: try: primary = "https://{}.table.{}".format( conn_settings["accountname"], conn_settings.get("endpointsuffix", SERVICE_HOST_BASE), ) except KeyError: raise ValueError( "Connection string missing required connection details.") if "secondary_hostname" not in keyword_args: keyword_args["secondary_hostname"] = secondary return primary, credential
async def test_account_sas(self, tables_storage_account_name, tables_primary_storage_account_key): account_url = self.account_url(tables_storage_account_name, "table") tsc = TableServiceClient(credential=tables_primary_storage_account_key, endpoint=account_url) table = await self._create_table(tsc) try: entity = { 'PartitionKey': 'test', 'RowKey': 'test1', 'text': 'hello', } await table.upsert_entity(entity=entity) entity['RowKey'] = 'test2' await table.upsert_entity(entity=entity) token = self.generate_sas( generate_account_sas, tables_primary_storage_account_key, resource_types=ResourceTypes(object=True), permission=AccountSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) token = AzureSasCredential(token) account_url = self.account_url(tables_storage_account_name, "table") service = TableServiceClient(credential=token, endpoint=account_url) # Act sas_table = service.get_table_client(table.table_name) entities = [] async for e in sas_table.list_entities(): entities.append(e) # Assert assert len(entities) == 2 assert entities[0]['text'] == u'hello' assert entities[1]['text'] == u'hello' finally: await tsc.delete_table(table.table_name)
def test_client_azure_named_key_credential( self, servicebus_queue, servicebus_namespace, servicebus_namespace_key_name, servicebus_namespace_primary_key, servicebus_namespace_connection_string, **kwargs): # This should "just work" to validate known-good. credential = ServiceBusSharedKeyCredential( servicebus_namespace_key_name, servicebus_namespace_primary_key) hostname = "{}.servicebus.windows.net".format( servicebus_namespace.name) auth_uri = "sb://{}/{}".format(hostname, servicebus_queue.name) token = credential.get_token(auth_uri).token.decode() # Finally let's do it with AzureSasCredential credential = AzureSasCredential(token) client = ServiceBusClient(hostname, credential) with client: assert len(client._handlers) == 0
def test_create_service_with_sas(self): # Arrange url = self.account_url(self.tables_cosmos_account_name, "cosmos") suffix = '.table.cosmos.azure.com' self.sas_token = self.generate_sas_token() self.sas_token = AzureSasCredential(self.sas_token) for service_type in SERVICES: # Act service = service_type( endpoint=self._account_url(self.tables_cosmos_account_name), credential=self.sas_token, table_name="foo") # Assert assert service is not None assert service.account_name == self.tables_cosmos_account_name assert service.url.startswith('https://' + self.tables_cosmos_account_name + suffix) assert isinstance(service.credential, AzureSasCredential)