def container_access_policy(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recording_file(self.test_mode): return # Instantiate a BlobServiceClient using a connection string from azure.storage.blob import BlobServiceClient blob_service_client = BlobServiceClient.from_connection_string( self.connection_string) # Instantiate a ContainerClient container_client = blob_service_client.get_container_client( "myaccesscontainer") try: # Create new Container container_client.create_container() # [START set_container_access_policy] # Create access policy from azure.storage.blob import AccessPolicy, ContainerSasPermissions access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'test': access_policy} # Set the access policy on the container container_client.set_container_access_policy( signed_identifiers=identifiers) # [END set_container_access_policy] # [START get_container_access_policy] policy = container_client.get_container_access_policy() # [END get_container_access_policy] # [START generate_sas_token] # Use access policy to generate a sas token from azure.storage.blob import generate_container_sas sas_token = generate_container_sas( container_client.account_name, container_client.container_name, account_key=container_client.credential.account_key, policy_id='my-access-policy-id') # [END generate_sas_token] # Use the sas token to authenticate a new client # [START create_container_client_sastoken] from azure.storage.blob import ContainerClient container = ContainerClient.from_container_url( container_url= "https://account.blob.core.windows.net/mycontainer", credential=sas_token) # [END create_container_client_sastoken] finally: # Delete container container_client.delete_container()
async def container_access_policy_async(self): # Instantiate a BlobServiceClient using a connection string from azure.storage.blob.aio import BlobServiceClient blob_service_client = BlobServiceClient.from_connection_string( self.connection_string) async with blob_service_client: # Instantiate a ContainerClient container_client = blob_service_client.get_container_client( "myaccesscontainerasync") try: # Create new Container await container_client.create_container() # [START set_container_access_policy] # Create access policy from azure.storage.blob import AccessPolicy, ContainerSasPermissions access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'my-access-policy-id': access_policy} # Set the access policy on the container await container_client.set_container_access_policy( signed_identifiers=identifiers) # [END set_container_access_policy] # [START get_container_access_policy] policy = await container_client.get_container_access_policy() # [END get_container_access_policy] # [START generate_sas_token] # Use access policy to generate a sas token from azure.storage.blob import generate_container_sas sas_token = generate_container_sas( container_client.account_name, container_client.container_name, account_key=container_client.credential.account_key, policy_id='my-access-policy-id') # [END generate_sas_token] # Use the sas token to authenticate a new client # [START create_container_client_sastoken] from azure.storage.blob.aio import ContainerClient container = ContainerClient.from_container_url( container_url= "https://account.blob.core.windows.net/mycontainerasync", credential=sas_token, ) # [END create_container_client_sastoken] finally: # Delete container await container_client.delete_container()
def test_set_container_acl_with_one_signed_identifier(self): # Arrange container = self._create_container() # Act access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifiers = {'testid': access_policy} response = container.set_container_access_policy(signed_identifiers) # Assert self.assertIsNotNone(response.get('etag')) self.assertIsNotNone(response.get('last_modified'))
def test_set_container_acl_too_many_ids(self): # Arrange container_name = self._create_container() # Act identifiers = dict() for i in range(0, 6): identifiers['id{}'.format(i)] = AccessPolicy() # Assert with self.assertRaises(ValueError) as e: container_name.set_container_access_policy(identifiers) self.assertEqual( str(e.exception), 'Too many access policies provided. The server does not support setting more than 5 access policies on a single resource.' )
def test_set_container_acl_with_signed_identifiers(self): # Arrange container = self._create_container() # Act access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'testid': access_policy} container.set_container_access_policy(identifiers) # Assert acl = container.get_container_access_policy() self.assertIsNotNone(acl) self.assertEqual('testid', acl.get('signed_identifiers')[0].id) self.assertIsNone(acl.get('public_access'))
def test_set_container_acl_with_three_identifiers(self): # Arrange container = self._create_container() access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {i: access_policy for i in range(3)} # Act container.set_container_access_policy(identifiers) # Assert acl = container.get_container_access_policy() self.assertEqual(3, len(acl.get('signed_identifiers'))) self.assertEqual('0', acl.get('signed_identifiers')[0].id) self.assertIsNotNone(acl.get('signed_identifiers')[0].access_policy) self.assertIsNone(acl.get('public_access'))
def test_set_container_acl_with_lease_id(self): # Arrange container = self._create_container() lease_id = container.acquire_lease() # Act access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifiers = {'testid': access_policy} container.set_container_access_policy(signed_identifiers, lease=lease_id) # Assert acl = container.get_container_access_policy() self.assertIsNotNone(acl) self.assertIsNone(acl.get('public_access'))
def test_set_container_acl(self): # Arrange container = self._create_container() # Act access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifier = {'testid': access_policy} response = container.set_container_access_policy(signed_identifier) self.assertIsNotNone(response.get('etag')) self.assertIsNotNone(response.get('last_modified')) # Assert acl = container.get_container_access_policy() self.assertIsNotNone(acl) self.assertEqual(len(acl.get('signed_identifiers')), 1) self.assertIsNone(acl.get('public_access'))
async def get_and_set_container_access_policy(): service_client = BlobServiceClient.from_connection_string( CONNECTION_STRING) container_client = service_client.get_container_client("mynewcontainer") async with service_client: print("\n..Creating container") try: await container_client.create_container() except ResourceExistsError: pass # Create access policy access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True, write=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'read': access_policy} # Specifies full public read access for container and blob data. public_access = PublicAccess.Container # Set the access policy on the container await container_client.set_container_access_policy( signed_identifiers=identifiers, public_access=public_access) for identifier_name, access_policy in identifiers.items(): print( "Created container has identifier '{}' with permissions '{}', start date '{}', and expiry date '{}'." .format(identifier_name, access_policy.permission, access_policy.start, access_policy.expiry)) # Get the access policy on the container print("\n..Getting container access policy") access_policy = await container_client.get_container_access_policy() print(f"Blob Access Type: {access_policy['public_access']}") for identifier in access_policy['signed_identifiers']: print( f"Identifier '{identifier.id}' has permissions '{identifier.access_policy.permission}''" )
def test_list_containers_with_public_access(self): # Arrange container = self._create_container() access_policy = AccessPolicy( permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifiers = {'testid': access_policy} resp = container.set_container_access_policy( signed_identifiers, public_access=PublicAccess.Blob) # Act containers = list( self.bsc.list_containers( name_starts_with=container.container_name)) # Assert self.assertIsNotNone(containers) self.assertGreaterEqual(len(containers), 1) self.assertIsNotNone(containers[0]) self.assertNamedItemInContainer(containers, container.container_name) self.assertEqual(containers[0].public_access, PublicAccess.Blob)