def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
blob_name = self._create_block_blob()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = BlobPermissions.READ
identifiers = {'testid': access_policy}
resp = self.bs.set_container_acl(self.container_name, identifiers)
token = self.bs.generate_blob_shared_access_signature(
self.container_name,
blob_name,
id='testid'
)
# Act
service = BlockBlobService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_test_proxy(service, self.settings)
result = service.get_blob_to_bytes(self.container_name, blob_name)
# Assert
self.assertEqual(self.byte_data, result.content)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recordingfile(self.test_mode):
return
# Arrange
blob_name = self._create_block_blob()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = BlobPermissions.READ
identifiers = {'testid': access_policy}
resp = self.bs.set_container_acl(self.container_name, identifiers)
token = self.bs.generate_blob_shared_access_signature(
self.container_name,
blob_name,
id='testid'
)
# Act
service = BlockBlobService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_service_options(service, self.settings)
result = service.get_blob_to_bytes(self.container_name, blob_name)
# Assert
self.assertEqual(self.byte_data, result.content)
def test_sign_request(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
permission = Permission()
permission.path = '/images/pic1.png'
permission.query_string = qry_str
self.sas.permission_set = [permission]
web_rsrc = WebResource()
web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
web_rsrc.path = '/images/pic1.png?comp=metadata'
web_rsrc.request_url = '/images/pic1.png?comp=metadata'
web_rsrc = self.sas.sign_request(web_rsrc)
self.assertEqual(web_rsrc.request_url,
'/images/pic1.png?comp=metadata&' +
self.sas._convert_query_string(qry_str))
def test_sign_request(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
permission = Permission()
permission.path = '/images/pic1.png'
permission.query_string = qry_str
self.sas.permission_set = [permission]
web_rsrc = WebResource()
web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
web_rsrc.path = '/images/pic1.png?comp=metadata'
web_rsrc.request_url = '/images/pic1.png?comp=metadata'
web_rsrc = self.sas.sign_request(web_rsrc)
self.assertEqual(web_rsrc.request_url,
'/images/pic1.png?comp=metadata&' +
self.sas._convert_query_string(qry_str))
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(
query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
entity = self._insert_random_entity()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = TablePermissions.QUERY
identifiers = {'testid': access_policy}
entities = self.ts.set_table_acl(self.table_name, identifiers)
token = self.ts.generate_table_shared_access_signature(
self.table_name,
id='testid',
)
# Act
service = TableService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
entities = list(
self.ts.query_entities(self.table_name,
filter="PartitionKey eq '{}'".format(
entity.PartitionKey)))
# Assert
self.assertEqual(len(entities), 1)
self._assert_default_entity(entities[0])
def url(self, name):
if hasattr(self.connection, 'make_blob_url'):
if self.auto_sign:
access_policy = AccessPolicy()
access_policy.start = (
datetime.utcnow() +
timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.expiry = (datetime.utcnow() + timedelta(
seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.permission = self.azure_access_policy_permission
sap = SharedAccessPolicy(access_policy)
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=sap,
)
else:
sas_token = None
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token,
)
else:
return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container,
name)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
entity = self._insert_random_entity()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = TablePermissions.QUERY
identifiers = {'testid': access_policy}
entities = self.ts.set_table_acl(self.table_name, identifiers)
token = self.ts.generate_table_shared_access_signature(
self.table_name,
id='testid',
)
# Act
service = TableService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
entities = list(self.ts.query_entities(self.table_name, filter="PartitionKey eq '{}'".format(entity.PartitionKey)))
# Assert
self.assertEqual(len(entities), 1)
self._assert_default_entity(entities[0])
def url(self, name):
"""
Override this method so that we can add SAS authorization tokens
"""
sas_token = None
if self.url_expiry_secs:
now = datetime.utcnow().replace(tzinfo=pytz.utc)
expire_at = now + timedelta(seconds=self.url_expiry_secs)
policy = AccessPolicy()
# generate an ISO8601 time string and use split() to remove the sub-second
# components as Azure will reject them. Plus add the timezone at the end.
policy.expiry = expire_at.isoformat().split('.')[0] + 'Z'
policy.permission = 'r'
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=SharedAccessPolicy(access_policy=policy),
)
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token)
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
RESOURCE_BLOB, sap)
self.assertEqual(signature,
'7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images', sap, X_MS_VERSION,
None, None, None, None, None)
self.assertEqual(signature,
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images', RESOURCE_CONTAINER,
sap)
self.assertEqual(signature,
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
sap,
X_MS_VERSION)
self.assertEqual(signature,
'1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
sap,
X_MS_VERSION)
self.assertEqual(signature,
'ju4tX0G79vPxMOkBb7UfNVEgrj9+ZnSMutpUemVYHLY=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(signature,
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(signature,
'7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png', sap,
X_MS_VERSION, None,
'file; attachment', None,
None, 'binary')
self.assertEqual(signature,
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
sap,
X_MS_VERSION,
None, None, None, None, None)
self.assertEqual(signature,
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string(
'images/pic1.png', RESOURCE_BLOB, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string(
'images/pic1.png', RESOURCE_BLOB, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'8I8E8TImfR2TIAcMDq8rF+IhhYyvowXpxSfF1kxnWLQ=')
def test_generate_signed_query_dict_container_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = "2011-10-11"
accss_plcy.expiry = "2011-10-12"
accss_plcy.permission = "r"
query = self.sas._generate_signed_query_dict(
"images", ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy)
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "r")
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=")
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = "2011-10-11"
accss_plcy.expiry = "2011-10-12"
accss_plcy.permission = "w"
query = self.sas._generate_signed_query_dict(
"images/pic1.png", ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy)
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "w")
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=")
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string(
'images', RESOURCE_CONTAINER, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string(
'images', RESOURCE_CONTAINER, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
sap,
X_MS_VERSION,
None,
'file; attachment',
None,
None,
'binary')
self.assertEqual(signature,
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signed_query_dict_container_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images',
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=')
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def url(self, name):
"""
Returns the URL where the contents of the file referenced by name can
be accessed.
"""
try:
m = hashlib.sha1()
m.update(self.container)
m.update(name)
cache_key = m.hexdigest()
val = cache.get(cache_key)
if val is None:
logger.info("trying to generate shared access url for %s" %
name)
accss_plcy = AccessPolicy()
now = datetime.datetime.now()
today = now.strftime('%Y-%m-%d')
tomorrow_datetime = now + datetime.timedelta(days=1)
tomorrow = tomorrow_datetime.strftime('%Y-%m-%d')
accss_plcy.start = today
accss_plcy.expiry = tomorrow
accss_plcy.permission = 'r'
signed_identifier = None
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
logger.info("shared access policy created")
signer = SharedAccessSignature(account_name=self.account_name,
account_key=self.account_key)
logger.info("signed created")
qry_str = signer.generate_signed_query_string(
"%s/%s" % (self.container, name), 'b', sap)
logger.info("signed query string created")
val = '%s/%s?%s' % (self._get_container_url(), name,
signer._convert_query_string(qry_str))
# cache for 23 hours
timeout = 60 * 60 * 23
cache.set(cache_key, val, timeout)
return val
else:
logger.info("url cache hit for %s" % name)
return val
except Exception as ex:
logger.error("shared access error %s" % ex)
return None
def sasUrl(account, key, container, permission):
start = datetime.utcnow()
expiry = start + timedelta(hours=24)
accss_plcy = AccessPolicy()
accss_plcy.start = start.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.expiry = expiry.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.permission = permission
sas = SharedAccessSignature(account_name=account, account_key=key)
query = sas.generate_signed_query_string(
container,
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
return query
def sasUrl(account, key, container, permission):
start = datetime.utcnow()
expiry = start + timedelta(hours = 24)
accss_plcy = AccessPolicy()
accss_plcy.start = start.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.expiry = expiry.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.permission = permission
sas = SharedAccessSignature(account_name=account, account_key=key)
query = sas.generate_signed_query_string(
container,
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
return query
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION], 'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE], 'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = QueuePermissions.READ
identifiers = {'testid': access_policy}
queue_name = self._create_queue()
resp = self.qs.set_queue_acl(queue_name, identifiers)
self.qs.put_message(queue_name, u'message1')
token = self.qs.generate_queue_shared_access_signature(
queue_name,
id='testid'
)
# Act
service = QueueService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_test_proxy(service, self.settings)
result = service.peek_messages(queue_name)
# Assert
self.assertIsNotNone(result)
self.assertEqual(1, len(result))
message = result[0]
self.assertIsNotNone(message)
self.assertNotEqual('', message.id)
self.assertEqual(u'message1', message.content)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = QueuePermissions.READ
identifiers = {'testid': access_policy}
queue_name = self._create_queue()
resp = self.qs.set_queue_acl(queue_name, identifiers)
self.qs.put_message(queue_name, u'message1')
token = self.qs.generate_queue_shared_access_signature(
queue_name,
id='testid'
)
# Act
service = QueueService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
result = service.peek_messages(queue_name)
# Assert
self.assertIsNotNone(result)
self.assertEqual(1, len(result))
message = result[0]
self.assertIsNotNone(message)
self.assertNotEqual('', message.id)
self.assertEqual(u'message1', message.content)
def url(self, name):
if hasattr(self.connection, 'make_blob_url'):
if self.auto_sign:
access_policy = AccessPolicy()
access_policy.start = (datetime.utcnow() + timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.expiry = (datetime.utcnow() + timedelta(seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.permission = self.azure_access_policy_permission
sap = SharedAccessPolicy(access_policy)
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=sap,
)
else:
sas_token = None
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token
)
else:
return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container, name)
