def test_sign_request(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string('images/pic1.png', RESOURCE_BLOB, sap) permission = Permission() permission.path = '/images/pic1.png' permission.query_string = qry_str self.sas.permission_set = [permission] web_rsrc = WebResource() web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r' web_rsrc.path = '/images/pic1.png?comp=metadata' web_rsrc.request_url = '/images/pic1.png?comp=metadata' web_rsrc = self.sas.sign_request(web_rsrc) self.assertEqual(web_rsrc.request_url, '/images/pic1.png?comp=metadata&' + self.sas._convert_query_string(qry_str))
def test_sas_signed_identifier(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recording_file(self.test_mode): return # Arrange file_name = self._create_file() access_policy = AccessPolicy() access_policy.start = '2011-10-11' access_policy.expiry = '2018-10-12' access_policy.permission = FilePermissions.READ identifiers = {'testid': access_policy} resp = self.fs.set_share_acl(self.share_name, identifiers) token = self.fs.generate_file_shared_access_signature(self.share_name, None, file_name, id='testid') # Act service = FileService( self.settings.STORAGE_ACCOUNT_NAME, sas_token=token, request_session=requests.Session(), ) self._set_test_proxy(service, self.settings) result = service.get_file_to_bytes(self.share_name, None, file_name) # Assert self.assertEqual(self.short_byte_data, result.content)
def url(self, name): if hasattr(self.connection, 'make_blob_url'): if self.auto_sign: access_policy = AccessPolicy() access_policy.start = ( datetime.utcnow() + timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ') access_policy.expiry = (datetime.utcnow() + timedelta( seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ') access_policy.permission = self.azure_access_policy_permission sap = SharedAccessPolicy(access_policy) sas_token = self.connection.generate_shared_access_signature( self.azure_container, blob_name=name, shared_access_policy=sap, ) else: sas_token = None return self.connection.make_blob_url( container_name=self.azure_container, blob_name=name, protocol=self.azure_protocol, sas_token=sas_token, ) else: return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container, name)
def test_sas_signed_identifier(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recording_file(self.test_mode): return # Arrange entity = self._insert_random_entity() access_policy = AccessPolicy() access_policy.start = '2011-10-11' access_policy.expiry = '2018-10-12' access_policy.permission = TablePermissions.QUERY identifiers = {'testid': access_policy} entities = self.ts.set_table_acl(self.table_name, identifiers) token = self.ts.generate_table_shared_access_signature( self.table_name, id='testid', ) # Act service = TableService( account_name=self.settings.STORAGE_ACCOUNT_NAME, sas_token=token, ) self._set_service_options(service, self.settings) entities = list(self.ts.query_entities(self.table_name, filter="PartitionKey eq '{}'".format(entity.PartitionKey))) # Assert self.assertEqual(len(entities), 1) self._assert_default_entity(entities[0])
def test_sas_signed_identifier(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recordingfile(self.test_mode): return # Arrange entity = self._insert_random_entity() access_policy = AccessPolicy() access_policy.start = '2011-10-11' access_policy.expiry = '2018-10-12' access_policy.permission = TablePermissions.QUERY identifiers = {'testid': access_policy} entities = self.ts.set_table_acl(self.table_name, identifiers) token = self.ts.generate_table_shared_access_signature( self.table_name, id='testid', ) # Act service = TableService( account_name=self.settings.STORAGE_ACCOUNT_NAME, sas_token=token, ) self._set_service_options(service, self.settings) entities = list( self.ts.query_entities(self.table_name, filter="PartitionKey eq '{}'".format( entity.PartitionKey))) # Assert self.assertEqual(len(entities), 1) self._assert_default_entity(entities[0])
def container_acl(self): container_name = self._create_container() # Create a READ level access policy and set it on the container access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} self.service.set_container_acl(container_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_container_acl(container_name) # {id: AccessPolicy()} # Replaces values, does not merge access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id2': access_policy} self.service.set_container_acl(container_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_container_acl(container_name) # {id2: AccessPolicy()} # Clear self.service.set_container_acl(container_name) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_container_acl(container_name) # {} self.service.delete_container(container_name)
def test_generate_signed_query_dict_blob_with_access_policy_and_headers( self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), content_disposition='file; attachment', content_type='binary', ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11T11:03:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12T11:53:40Z') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r') self.assertEqual( query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION], 'file; attachment') self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE], 'binary') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def table_acl(self): table_name = self._create_table() # Basic access_policy = AccessPolicy(permission=TablePermissions.QUERY, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} self.service.set_table_acl(table_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_table_acl(table_name) # {id: AccessPolicy()} # Replaces values, does not merge access_policy = AccessPolicy(permission=TablePermissions.QUERY, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id2': access_policy} self.service.set_table_acl(table_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_table_acl(table_name) # {id2: AccessPolicy()} # Clear self.service.set_table_acl(table_name) # Wait 30 seconds for acl to propagate time.sleep(30) acl = self.service.get_table_acl(table_name) # {} self.service.delete_table(table_name)
def test_sas_signed_identifier(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recordingfile(self.test_mode): return # Arrange blob_name = self._create_block_blob() access_policy = AccessPolicy() access_policy.start = '2011-10-11' access_policy.expiry = '2018-10-12' access_policy.permission = BlobPermissions.READ identifiers = {'testid': access_policy} resp = self.bs.set_container_acl(self.container_name, identifiers) token = self.bs.generate_blob_shared_access_signature( self.container_name, blob_name, id='testid' ) # Act service = BlockBlobService( self.settings.STORAGE_ACCOUNT_NAME, sas_token=token, request_session=requests.Session(), ) self._set_service_options(service, self.settings) result = service.get_blob_to_bytes(self.container_name, blob_name) # Assert self.assertEqual(self.byte_data, result.content)
def url(self, name): """ Override this method so that we can add SAS authorization tokens """ sas_token = None if self.url_expiry_secs: now = datetime.utcnow().replace(tzinfo=pytz.utc) expire_at = now + timedelta(seconds=self.url_expiry_secs) policy = AccessPolicy() # generate an ISO8601 time string and use split() to remove the sub-second # components as Azure will reject them. Plus add the timezone at the end. policy.expiry = expire_at.isoformat().split('.')[0] + 'Z' policy.permission = 'r' sas_token = self.connection.generate_shared_access_signature( self.azure_container, blob_name=name, shared_access_policy=SharedAccessPolicy(access_policy=policy), ) return self.connection.make_blob_url( container_name=self.azure_container, blob_name=name, protocol=self.azure_protocol, sas_token=sas_token)
def test_generate_signature_container(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) signature = self.sas._generate_signature('images', sap, X_MS_VERSION, None, None, None, None, None) self.assertEqual(signature, 'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_generate_signature_container(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) signature = self.sas._generate_signature('images', RESOURCE_CONTAINER, sap) self.assertEqual(signature, 'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signature_blob(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' sap = SharedAccessPolicy(accss_plcy) signature = self.sas._generate_signature('images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(signature, '7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
def test_generate_signature_container(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) signature = self.sas._generate_signature('images', sap, X_MS_VERSION) self.assertEqual(signature, '1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_generate_signature_blob(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' sap = SharedAccessPolicy(accss_plcy) signature = self.sas._generate_signature('images/pic1.png', sap, X_MS_VERSION) self.assertEqual(signature, 'ju4tX0G79vPxMOkBb7UfNVEgrj9+ZnSMutpUemVYHLY=')
def test_generate_signature_blob(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11T11:03:40Z' accss_plcy.expiry = '2011-10-12T11:53:40Z' accss_plcy.permission = 'r' sap = SharedAccessPolicy(accss_plcy) signature = self.sas._generate_signature('images/pic1.png', sap, X_MS_VERSION, None, 'file; attachment', None, None, 'binary') self.assertEqual(signature, 'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_blob_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string( 'images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB) self.assertEqual(qry_str[SIGNED_PERMISSION], 'w') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_blob_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string( 'images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB) self.assertEqual(qry_str[SIGNED_PERMISSION], 'w') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string('images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB) self.assertEqual(qry_str[SIGNED_PERMISSION], 'w') self.assertEqual(qry_str[SIGNED_SIGNATURE], '8I8E8TImfR2TIAcMDq8rF+IhhYyvowXpxSfF1kxnWLQ=')
def test_blob_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string('images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB) self.assertEqual(qry_str[SIGNED_PERMISSION], 'w') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' sap = SharedAccessPolicy(accss_plcy) qry_str = self.sas.generate_signed_query_string('images/pic1.png', RESOURCE_BLOB, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB) self.assertEqual(qry_str[SIGNED_PERMISSION], 'w') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_generate_signed_query_dict_blob_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = "2011-10-11" accss_plcy.expiry = "2011-10-12" accss_plcy.permission = "w" query = self.sas._generate_signed_query_dict( "images/pic1.png", ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy) ) self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11") self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12") self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "w") self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=")
def test_generate_signed_query_dict_container_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = "2011-10-11" accss_plcy.expiry = "2011-10-12" accss_plcy.permission = "r" query = self.sas._generate_signed_query_dict( "images", ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy) ) self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11") self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12") self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "r") self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=")
def table_acl_operations(self, table_service): table_name = 'acltable' + self.random_data.get_random_name(6) try: print('1. Create a table with name - ' + table_name) table_service.create_table(table_name) print('2. Set access policy for table') access_policy = AccessPolicy(permission=TablePermissions.QUERY, expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1)) identifiers = {'id': access_policy} table_service.set_table_acl(table_name, identifiers) print('3. Wait 30 seconds for acl to propagate') time.sleep(30) print('4. Get access policy from table') acl = table_service.get_table_acl(table_name) print('5. Clear access policy in table') table_service.set_table_acl(table_name) finally: print('5. Delete table') if(table_service.exists(table_name)): table_service.delete_table(table_name) print("Table ACL operations sample completed")
def sas_with_signed_identifiers(self): share_name = self._create_share() self.service.create_directory(share_name, 'dir1') self.service.create_file_from_text(share_name, 'dir1', 'file1', b'hello world') # Set access policy on share access_policy = AccessPolicy(permission=SharePermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} acl = self.service.set_share_acl(share_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) # Indicates to use the access policy set on the share token = self.service.generate_share_shared_access_signature( share_name, id='id' ) # Create a service and use the SAS sas_service = FileService( account_name=self.account.account_name, sas_token=token, ) file = sas_service.get_file_to_text(share_name, 'dir1', 'file1') content = file.content # hello world self.service.delete_share(share_name)
def test_container_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) qry_str = self.sas.generate_signed_query_string( 'images', RESOURCE_CONTAINER, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER) self.assertEqual(qry_str[SIGNED_PERMISSION], 'r') self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def sas_with_signed_identifiers(self): table_name = self._create_table() entity = { 'PartitionKey': 'test', 'RowKey': 'test1', 'text': 'hello world', } self.service.insert_entity(table_name, entity) # Set access policy on table access_policy = AccessPolicy(permission=TablePermissions.QUERY, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} acl = self.service.set_table_acl(table_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) # Indicates to use the access policy set on the table token = self.service.generate_table_shared_access_signature( table_name, id='id' ) # Create a service and use the SAS sas_service = TableService( account_name=self.account.account_name, sas_token=token, ) entities = list(sas_service.query_entities(table_name)) for entity in entities: print(entity.text) # hello world self.service.delete_table(table_name)
def _get_shared_access_policy(self, permission): date_format = "%Y-%m-%dT%H:%M:%SZ" start = datetime.datetime.utcnow() - datetime.timedelta(minutes=1) expiry = start + datetime.timedelta(hours=1) return SharedAccessPolicy( AccessPolicy(start.strftime(date_format), expiry.strftime(date_format), permission))
def sas_with_signed_identifiers(self): queue_name = self._create_queue() self.service.put_message(queue_name, u'message1') # Set access policy on queue access_policy = AccessPolicy(permission=QueuePermissions.PROCESS, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} acl = self.service.set_queue_acl(queue_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) # Indicates to use the access policy set on the queue token = self.service.generate_queue_shared_access_signature( queue_name, id='id' ) # Create a service and use the SAS sas_service = QueueService( account_name=self.account.account_name, sas_token=token, ) messages = sas_service.get_messages(queue_name) for message in messages: print(message.content) # message1 self.service.delete_queue(queue_name)
def container_acl_operations(self, account): container_name = 'aclblockblobcontainer' + self.random_data.get_random_name( 6) # Create a Block Blob Service object blockblob_service = account.create_block_blob_service() try: print('1. Create a container with name - ' + container_name) blockblob_service.create_container(container_name) print('2. Set access policy for container') access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1)) identifiers = {'id': access_policy} blockblob_service.set_container_acl(container_name, identifiers) print('3. Get access policy from container') acl = blockblob_service.get_container_acl(container_name) print('4. Clear access policy in container') # Clear blockblob_service.set_container_acl(container_name) finally: print('5. Delete container') blockblob_service.delete_container(container_name) print("Container ACL operations sample completed")
def test_container_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) qry_str = self.sas.generate_signed_query_string( 'images', RESOURCE_CONTAINER, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER) self.assertEqual(qry_str[SIGNED_PERMISSION], 'r') self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def make_blob_sas_url(account_name, account_key, container_name, blob_name, permission='w', duration=16): """ Generate a Blob SAS URL to allow a client to upload a file. account_name: Storage account name. account_key: Storage account key. container_name: Storage container. blob_name: Blob name. duration: A timedelta representing duration until SAS expiration. SAS start date will be utcnow() minus one minute. Expiry date is start date plus duration. Returns the SAS URL. """ sas = SharedAccessSignature(account_name, account_key) resource_path = '%s/%s' % (container_name, blob_name) date_format = "%Y-%m-%dT%H:%M:%SZ" start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5) expiry = start + datetime.timedelta(minutes=duration) sap = SharedAccessPolicy(AccessPolicy( start.strftime(date_format), expiry.strftime(date_format), permission)) sas_token = sas.generate_signed_query_string(resource_path, 'b', sap) blob_url = BlobService(account_name, account_key) url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token) return url
def queue_acl_operations(self, queue_service): queue_name = 'aclqueue' + self.random_data.get_random_name(6) try: print('1. Create a queue with name - ' + queue_name) queue_service.create_queue(queue_name) print('2. Set access policy for queue') access_policy = AccessPolicy(permission=QueuePermissions.READ, expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1)) identifiers = {'id': access_policy} queue_service.set_queue_acl(queue_name, identifiers) print('3. Get access policy from queue') acl = queue_service.get_queue_acl(queue_name) print('4. Clear access policy in queue') # Clear queue_service.set_queue_acl(queue_name) finally: print('5. Delete queue') if queue_service.exists(queue_name): queue_service.delete_queue(queue_name) print("Queue ACL operations sample completed")
def sas_with_signed_identifiers(self): container_name = self._create_container() self.service.create_blob_from_text(container_name, 'blob1', b'hello world') # Set access policy on container access_policy = AccessPolicy(permission=ContainerPermissions.READ, expiry=datetime.utcnow() + timedelta(hours=1)) identifiers = {'id': access_policy} acl = self.service.set_container_acl(container_name, identifiers) # Wait 30 seconds for acl to propagate time.sleep(30) # Indicates to use the access policy set on the container token = self.service.generate_container_shared_access_signature( container_name, id='id' ) # Create a service and use the SAS sas_service = BlockBlobService( account_name=self.account.account_name, sas_token=token, ) blob = sas_service.get_blob_to_text(container_name, 'blob1') content = blob.content # hello world self.service.delete_container(container_name)
def test_container_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) qry_str = self.sas.generate_signed_query_string('images', RESOURCE_CONTAINER, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER) self.assertEqual(qry_str[SIGNED_PERMISSION], 'r') self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==') self.assertEqual(qry_str[SIGNED_SIGNATURE], '1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_container_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) qry_str = self.sas.generate_signed_query_string('images', RESOURCE_CONTAINER, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER) self.assertEqual(qry_str[SIGNED_PERMISSION], 'r') self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_container_signed_query_string(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'r' signed_identifier = 'YWJjZGVmZw==' sap = SharedAccessPolicy(accss_plcy, signed_identifier) qry_str = self.sas.generate_signed_query_string('images', RESOURCE_CONTAINER, sap) self.assertEqual(qry_str[SIGNED_START], '2011-10-11') self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12') self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER) self.assertEqual(qry_str[SIGNED_PERMISSION], 'r') self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==') self.assertEqual(qry_str[SIGNED_SIGNATURE], 'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signed_query_dict_blob_with_access_policy(self): accss_plcy = AccessPolicy() accss_plcy.start = '2011-10-11' accss_plcy.expiry = '2011-10-12' accss_plcy.permission = 'w' query = self.sas._generate_signed_query_dict( 'images/pic1.png', ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy), ) self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11') self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12') self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB) self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w') self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], 'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def sasUrl(account, key, container, permission): start = datetime.utcnow() expiry = start + timedelta(hours = 24) accss_plcy = AccessPolicy() accss_plcy.start = start.strftime('%Y-%m-%dT%H:%M:%SZ') accss_plcy.expiry = expiry.strftime('%Y-%m-%dT%H:%M:%SZ') accss_plcy.permission = permission sas = SharedAccessSignature(account_name=account, account_key=key) query = sas.generate_signed_query_string( container, ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy), ) return query
def test_sas_signed_identifier(self): # SAS URL is calculated from storage key, so this test runs live only if TestMode.need_recording_file(self.test_mode): return # Arrange access_policy = AccessPolicy() access_policy.start = '2011-10-11' access_policy.expiry = '2018-10-12' access_policy.permission = QueuePermissions.READ identifiers = {'testid': access_policy} queue_name = self._create_queue() resp = self.qs.set_queue_acl(queue_name, identifiers) self.qs.put_message(queue_name, u'message1') token = self.qs.generate_queue_shared_access_signature( queue_name, id='testid' ) # Act service = QueueService( account_name=self.settings.STORAGE_ACCOUNT_NAME, sas_token=token, ) self._set_service_options(service, self.settings) result = service.peek_messages(queue_name) # Assert self.assertIsNotNone(result) self.assertEqual(1, len(result)) message = result[0] self.assertIsNotNone(message) self.assertNotEqual('', message.id) self.assertEqual(u'message1', message.content)
def url(self, name): if hasattr(self.connection, 'make_blob_url'): if self.auto_sign: access_policy = AccessPolicy() access_policy.start = (datetime.utcnow() + timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ') access_policy.expiry = (datetime.utcnow() + timedelta(seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ') access_policy.permission = self.azure_access_policy_permission sap = SharedAccessPolicy(access_policy) sas_token = self.connection.generate_shared_access_signature( self.azure_container, blob_name=name, shared_access_policy=sap, ) else: sas_token = None return self.connection.make_blob_url( container_name=self.azure_container, blob_name=name, protocol=self.azure_protocol, sas_token=sas_token ) else: return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container, name)