def test_sign_request(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11'
        accss_plcy.expiry = '2011-10-12'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)
        qry_str = self.sas.generate_signed_query_string('images/pic1.png',
                                                        RESOURCE_BLOB,
                                                        sap)

        permission = Permission()
        permission.path = '/images/pic1.png'
        permission.query_string = qry_str
        self.sas.permission_set = [permission]

        web_rsrc = WebResource()
        web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
        web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
        web_rsrc.path = '/images/pic1.png?comp=metadata'
        web_rsrc.request_url = '/images/pic1.png?comp=metadata'

        web_rsrc = self.sas.sign_request(web_rsrc)

        self.assertEqual(web_rsrc.request_url,
                         '/images/pic1.png?comp=metadata&' +
                         self.sas._convert_query_string(qry_str))
Exemplo n.º 2
0
    def test_sas_signed_identifier(self):
        # SAS URL is calculated from storage key, so this test runs live only
        if TestMode.need_recording_file(self.test_mode):
            return

        # Arrange
        file_name = self._create_file()

        access_policy = AccessPolicy()
        access_policy.start = '2011-10-11'
        access_policy.expiry = '2018-10-12'
        access_policy.permission = FilePermissions.READ
        identifiers = {'testid': access_policy}

        resp = self.fs.set_share_acl(self.share_name, identifiers)

        token = self.fs.generate_file_shared_access_signature(self.share_name,
                                                              None,
                                                              file_name,
                                                              id='testid')

        # Act
        service = FileService(
            self.settings.STORAGE_ACCOUNT_NAME,
            sas_token=token,
            request_session=requests.Session(),
        )
        self._set_test_proxy(service, self.settings)
        result = service.get_file_to_bytes(self.share_name, None, file_name)

        # Assert
        self.assertEqual(self.short_byte_data, result.content)
Exemplo n.º 3
0
 def url(self, name):
     if hasattr(self.connection, 'make_blob_url'):
         if self.auto_sign:
             access_policy = AccessPolicy()
             access_policy.start = (
                 datetime.utcnow() +
                 timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
             access_policy.expiry = (datetime.utcnow() + timedelta(
                 seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
             access_policy.permission = self.azure_access_policy_permission
             sap = SharedAccessPolicy(access_policy)
             sas_token = self.connection.generate_shared_access_signature(
                 self.azure_container,
                 blob_name=name,
                 shared_access_policy=sap,
             )
         else:
             sas_token = None
         return self.connection.make_blob_url(
             container_name=self.azure_container,
             blob_name=name,
             protocol=self.azure_protocol,
             sas_token=sas_token,
         )
     else:
         return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container,
                                 name)
    def test_sas_signed_identifier(self):
        # SAS URL is calculated from storage key, so this test runs live only
        if TestMode.need_recording_file(self.test_mode):
            return

        # Arrange
        entity = self._insert_random_entity()

        access_policy = AccessPolicy()
        access_policy.start = '2011-10-11'
        access_policy.expiry = '2018-10-12'
        access_policy.permission = TablePermissions.QUERY
        identifiers = {'testid': access_policy}

        entities = self.ts.set_table_acl(self.table_name, identifiers)

        token = self.ts.generate_table_shared_access_signature(
            self.table_name,
            id='testid',
        )

        # Act
        service = TableService(
            account_name=self.settings.STORAGE_ACCOUNT_NAME,
            sas_token=token,
        )
        self._set_service_options(service, self.settings)
        entities = list(self.ts.query_entities(self.table_name, filter="PartitionKey eq '{}'".format(entity.PartitionKey)))

        # Assert
        self.assertEqual(len(entities), 1)
        self._assert_default_entity(entities[0])
Exemplo n.º 5
0
    def test_sas_signed_identifier(self):
        # SAS URL is calculated from storage key, so this test runs live only
        if TestMode.need_recordingfile(self.test_mode):
            return

        # Arrange
        entity = self._insert_random_entity()

        access_policy = AccessPolicy()
        access_policy.start = '2011-10-11'
        access_policy.expiry = '2018-10-12'
        access_policy.permission = TablePermissions.QUERY
        identifiers = {'testid': access_policy}

        entities = self.ts.set_table_acl(self.table_name, identifiers)

        token = self.ts.generate_table_shared_access_signature(
            self.table_name,
            id='testid',
        )

        # Act
        service = TableService(
            account_name=self.settings.STORAGE_ACCOUNT_NAME,
            sas_token=token,
        )
        self._set_service_options(service, self.settings)
        entities = list(
            self.ts.query_entities(self.table_name,
                                   filter="PartitionKey eq '{}'".format(
                                       entity.PartitionKey)))

        # Assert
        self.assertEqual(len(entities), 1)
        self._assert_default_entity(entities[0])
Exemplo n.º 6
0
    def container_acl(self):
        container_name = self._create_container()

        # Create a READ level access policy and set it on the container
        access_policy = AccessPolicy(permission=ContainerPermissions.READ,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        self.service.set_container_acl(container_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_container_acl(container_name) # {id: AccessPolicy()}

        # Replaces values, does not merge
        access_policy = AccessPolicy(permission=ContainerPermissions.READ,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id2': access_policy}
        self.service.set_container_acl(container_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_container_acl(container_name) # {id2: AccessPolicy()}

        # Clear
        self.service.set_container_acl(container_name)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_container_acl(container_name) # {}

        self.service.delete_container(container_name)
Exemplo n.º 7
0
    def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
            self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'

        query = self.sas._generate_signed_query_dict(
            'images/pic1.png',
            ResourceType.RESOURCE_BLOB,
            SharedAccessPolicy(accss_plcy),
            content_disposition='file; attachment',
            content_type='binary',
        )

        self.assertEqual(query[QueryStringConstants.SIGNED_START],
                         '2011-10-11T11:03:40Z')
        self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
                         '2011-10-12T11:53:40Z')
        self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
                         ResourceType.RESOURCE_BLOB)
        self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
        self.assertEqual(
            query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
            'file; attachment')
        self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
                         'binary')
        self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
                         'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
Exemplo n.º 8
0
    def table_acl(self):
        table_name = self._create_table()

        # Basic
        access_policy = AccessPolicy(permission=TablePermissions.QUERY,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        self.service.set_table_acl(table_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_table_acl(table_name) # {id: AccessPolicy()}

        # Replaces values, does not merge
        access_policy = AccessPolicy(permission=TablePermissions.QUERY,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id2': access_policy}
        self.service.set_table_acl(table_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_table_acl(table_name) # {id2: AccessPolicy()}

        # Clear
        self.service.set_table_acl(table_name)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)
        acl = self.service.get_table_acl(table_name) # {}

        self.service.delete_table(table_name)
    def test_sas_signed_identifier(self):
        # SAS URL is calculated from storage key, so this test runs live only
        if TestMode.need_recordingfile(self.test_mode):
            return

        # Arrange
        blob_name = self._create_block_blob()

        access_policy = AccessPolicy()
        access_policy.start = '2011-10-11'
        access_policy.expiry = '2018-10-12'
        access_policy.permission = BlobPermissions.READ
        identifiers = {'testid': access_policy}

        resp = self.bs.set_container_acl(self.container_name, identifiers)

        token = self.bs.generate_blob_shared_access_signature(
            self.container_name,
            blob_name,
            id='testid'
            )

        # Act
        service = BlockBlobService(
            self.settings.STORAGE_ACCOUNT_NAME,
            sas_token=token,
            request_session=requests.Session(),
        )
        self._set_service_options(service, self.settings)
        result = service.get_blob_to_bytes(self.container_name, blob_name)

        # Assert
        self.assertEqual(self.byte_data, result.content)
    def test_sign_request(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11'
        accss_plcy.expiry = '2011-10-12'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)
        qry_str = self.sas.generate_signed_query_string('images/pic1.png', 
                                                   RESOURCE_BLOB, 
                                                   sap)
        
        permission = Permission()
        permission.path = '/images/pic1.png'
        permission.query_string = qry_str
        self.sas.permission_set = [permission]

        web_rsrc = WebResource()
        web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
        web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
        web_rsrc.path = '/images/pic1.png?comp=metadata'
        web_rsrc.request_url = '/images/pic1.png?comp=metadata'

        web_rsrc = self.sas.sign_request(web_rsrc)

        self.assertEqual(web_rsrc.request_url, 
                         '/images/pic1.png?comp=metadata&' + 
                         self.sas._convert_query_string(qry_str))
Exemplo n.º 11
0
    def url(self, name):
        """
        Override this method so that we can add SAS authorization tokens
        """

        sas_token = None
        if self.url_expiry_secs:
            now = datetime.utcnow().replace(tzinfo=pytz.utc)
            expire_at = now + timedelta(seconds=self.url_expiry_secs)

            policy = AccessPolicy()
            # generate an ISO8601 time string and use split() to remove the sub-second
            # components as Azure will reject them. Plus add the timezone at the end.
            policy.expiry = expire_at.isoformat().split('.')[0] + 'Z'
            policy.permission = 'r'

            sas_token = self.connection.generate_shared_access_signature(
                self.azure_container,
                blob_name=name,
                shared_access_policy=SharedAccessPolicy(access_policy=policy),
            )

        return self.connection.make_blob_url(
            container_name=self.azure_container,
            blob_name=name,
            protocol=self.azure_protocol,
            sas_token=sas_token)
    def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
            self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'

        query = self.sas._generate_signed_query_dict(
            'images/pic1.png',
            ResourceType.RESOURCE_BLOB,
            SharedAccessPolicy(accss_plcy),
            content_disposition='file; attachment',
            content_type='binary',
        )

        self.assertEqual(query[QueryStringConstants.SIGNED_START],
                         '2011-10-11T11:03:40Z')
        self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
                         '2011-10-12T11:53:40Z')
        self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
                         ResourceType.RESOURCE_BLOB)
        self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
        self.assertEqual(
            query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
            'file; attachment')
        self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
                         'binary')
        self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
                         'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
Exemplo n.º 13
0
 def test_generate_signature_container(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     signature = self.sas._generate_signature('images', sap, X_MS_VERSION,
                                              None, None, None, None, None)
     self.assertEqual(signature,
                      'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
 def test_generate_signature_container(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     signature = self.sas._generate_signature('images', RESOURCE_CONTAINER,
                                              sap)
     self.assertEqual(signature,
                      'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
    def test_generate_signature_blob(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)

        signature = self.sas._generate_signature('images/pic1.png',
                                                 RESOURCE_BLOB, sap)
        self.assertEqual(signature,
                         '7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
    def test_generate_signature_blob(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)

        signature = self.sas._generate_signature('images/pic1.png', 
                                                 RESOURCE_BLOB, 
                                                 sap)
        self.assertEqual(signature, 
                         '7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
 def test_generate_signature_container(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     signature = self.sas._generate_signature('images',
                                              sap,
                                              X_MS_VERSION)
     self.assertEqual(signature,
                      '1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
 def test_generate_signature_container(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     signature = self.sas._generate_signature('images', 
                                              RESOURCE_CONTAINER, 
                                              sap)
     self.assertEqual(signature, 
                      'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
    def test_generate_signature_blob(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)

        signature = self.sas._generate_signature('images/pic1.png',
                                                 sap,
                                                 X_MS_VERSION)
        self.assertEqual(signature,
                         'ju4tX0G79vPxMOkBb7UfNVEgrj9+ZnSMutpUemVYHLY=')
 def test_generate_signature_container(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     signature = self.sas._generate_signature('images',
                                              sap,
                                              X_MS_VERSION,
                                              None, None, None, None, None)
     self.assertEqual(signature,
                      'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
Exemplo n.º 21
0
    def test_generate_signature_blob(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)

        signature = self.sas._generate_signature('images/pic1.png', sap,
                                                 X_MS_VERSION, None,
                                                 'file; attachment', None,
                                                 None, 'binary')
        self.assertEqual(signature,
                         'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
 def test_blob_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'w'
     sap = SharedAccessPolicy(accss_plcy)
     qry_str = self.sas.generate_signed_query_string(
         'images/pic1.png', RESOURCE_BLOB, sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
Exemplo n.º 23
0
 def test_blob_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'w'
     sap = SharedAccessPolicy(accss_plcy)
     qry_str = self.sas.generate_signed_query_string(
         'images/pic1.png', RESOURCE_BLOB, sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
 def test_blob_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'w'
     sap = SharedAccessPolicy(accss_plcy)
     qry_str = self.sas.generate_signed_query_string('images/pic1.png',
                                                     RESOURCE_BLOB,
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      '8I8E8TImfR2TIAcMDq8rF+IhhYyvowXpxSfF1kxnWLQ=')
 def test_blob_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'w'
     sap = SharedAccessPolicy(accss_plcy)
     qry_str = self.sas.generate_signed_query_string('images/pic1.png',
                                                     RESOURCE_BLOB,
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
 def test_blob_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'w'
     sap = SharedAccessPolicy(accss_plcy)
     qry_str = self.sas.generate_signed_query_string('images/pic1.png',
                                                     RESOURCE_BLOB, 
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
     self.assertEqual(qry_str[SIGNED_SIGNATURE], 
                      'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
    def test_generate_signed_query_dict_blob_with_access_policy(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = "2011-10-11"
        accss_plcy.expiry = "2011-10-12"
        accss_plcy.permission = "w"

        query = self.sas._generate_signed_query_dict(
            "images/pic1.png", ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy)
        )

        self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
        self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
        self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
        self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "w")
        self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=")
    def test_generate_signed_query_dict_container_with_access_policy(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = "2011-10-11"
        accss_plcy.expiry = "2011-10-12"
        accss_plcy.permission = "r"

        query = self.sas._generate_signed_query_dict(
            "images", ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy)
        )

        self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
        self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
        self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER)
        self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "r")
        self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=")
Exemplo n.º 29
0
    def table_acl_operations(self, table_service):
        table_name = 'acltable' + self.random_data.get_random_name(6)

        try:        
            print('1. Create a table with name - ' + table_name)
            table_service.create_table(table_name)
                
            print('2. Set access policy for table')
            access_policy = AccessPolicy(permission=TablePermissions.QUERY,
                                        expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1))
            identifiers = {'id': access_policy}
            table_service.set_table_acl(table_name, identifiers)

            print('3. Wait 30 seconds for acl to propagate')
            time.sleep(30)

            print('4. Get access policy from table')
            acl = table_service.get_table_acl(table_name)

            print('5. Clear access policy in table')
            table_service.set_table_acl(table_name)

        finally:
            print('5. Delete table')
            if(table_service.exists(table_name)):
                table_service.delete_table(table_name)
            
        print("Table ACL operations sample completed")
Exemplo n.º 30
0
    def sas_with_signed_identifiers(self):
        share_name = self._create_share()
        self.service.create_directory(share_name, 'dir1')
        self.service.create_file_from_text(share_name, 'dir1', 'file1', b'hello world')

        # Set access policy on share
        access_policy = AccessPolicy(permission=SharePermissions.READ,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        acl = self.service.set_share_acl(share_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)

        # Indicates to use the access policy set on the share
        token = self.service.generate_share_shared_access_signature(
            share_name,
            id='id'
        )

        # Create a service and use the SAS
        sas_service = FileService(
            account_name=self.account.account_name,
            sas_token=token,
        )

        file = sas_service.get_file_to_text(share_name, 'dir1', 'file1')
        content = file.content # hello world
        
        self.service.delete_share(share_name)
 def test_container_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     qry_str = self.sas.generate_signed_query_string(
         'images', RESOURCE_CONTAINER, sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
     self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
Exemplo n.º 32
0
    def sas_with_signed_identifiers(self):
        table_name = self._create_table()
        entity = {
            'PartitionKey': 'test',
            'RowKey': 'test1',
            'text': 'hello world',
            }
        self.service.insert_entity(table_name, entity)

        # Set access policy on table
        access_policy = AccessPolicy(permission=TablePermissions.QUERY,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        acl = self.service.set_table_acl(table_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)

        # Indicates to use the access policy set on the table
        token = self.service.generate_table_shared_access_signature(
            table_name,
            id='id'
        )

        # Create a service and use the SAS
        sas_service = TableService(
            account_name=self.account.account_name,
            sas_token=token,
        )

        entities = list(sas_service.query_entities(table_name))
        for entity in entities:
            print(entity.text) # hello world

        self.service.delete_table(table_name)
 def _get_shared_access_policy(self, permission):
     date_format = "%Y-%m-%dT%H:%M:%SZ"
     start = datetime.datetime.utcnow() - datetime.timedelta(minutes=1)
     expiry = start + datetime.timedelta(hours=1)
     return SharedAccessPolicy(
         AccessPolicy(start.strftime(date_format),
                      expiry.strftime(date_format), permission))
Exemplo n.º 34
0
    def sas_with_signed_identifiers(self):
        queue_name = self._create_queue()
        self.service.put_message(queue_name, u'message1')

        # Set access policy on queue
        access_policy = AccessPolicy(permission=QueuePermissions.PROCESS,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        acl = self.service.set_queue_acl(queue_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)

        # Indicates to use the access policy set on the queue
        token = self.service.generate_queue_shared_access_signature(
            queue_name,
            id='id'
        )

        # Create a service and use the SAS
        sas_service = QueueService(
            account_name=self.account.account_name,
            sas_token=token,
        )

        messages = sas_service.get_messages(queue_name)
        for message in messages:
            print(message.content) # message1

        self.service.delete_queue(queue_name)
    def container_acl_operations(self, account):

        container_name = 'aclblockblobcontainer' + self.random_data.get_random_name(
            6)

        # Create a Block Blob Service object
        blockblob_service = account.create_block_blob_service()

        try:
            print('1. Create a container with name - ' + container_name)
            blockblob_service.create_container(container_name)

            print('2. Set access policy for container')
            access_policy = AccessPolicy(permission=ContainerPermissions.READ,
                                         expiry=datetime.datetime.utcnow() +
                                         datetime.timedelta(hours=1))
            identifiers = {'id': access_policy}
            blockblob_service.set_container_acl(container_name, identifiers)

            print('3. Get access policy from container')
            acl = blockblob_service.get_container_acl(container_name)

            print('4. Clear access policy in container')
            # Clear
            blockblob_service.set_container_acl(container_name)

        finally:
            print('5. Delete container')
            blockblob_service.delete_container(container_name)

        print("Container ACL operations sample completed")
Exemplo n.º 36
0
 def test_container_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     qry_str = self.sas.generate_signed_query_string(
         'images', RESOURCE_CONTAINER, sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
     self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
Exemplo n.º 37
0
def make_blob_sas_url(account_name,
                      account_key,
                      container_name,
                      blob_name,
                      permission='w',
                      duration=16):
    """
    Generate a Blob SAS URL to allow a client to upload a file.

    account_name: Storage account name.
    account_key: Storage account key.
    container_name: Storage container.
    blob_name: Blob name.
    duration: A timedelta representing duration until SAS expiration.
       SAS start date will be utcnow() minus one minute. Expiry date
       is start date plus duration.

    Returns the SAS URL.
    """
    sas = SharedAccessSignature(account_name, account_key)
    resource_path = '%s/%s' % (container_name, blob_name)
    date_format = "%Y-%m-%dT%H:%M:%SZ"
    start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
    expiry = start + datetime.timedelta(minutes=duration)
    sap = SharedAccessPolicy(AccessPolicy(
            start.strftime(date_format),
            expiry.strftime(date_format),
            permission))
    sas_token = sas.generate_signed_query_string(resource_path, 'b', sap)

    blob_url = BlobService(account_name, account_key)

    url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token)

    return url
    def queue_acl_operations(self, queue_service):
        queue_name = 'aclqueue' + self.random_data.get_random_name(6)

        try:
            print('1. Create a queue with name - ' + queue_name)
            queue_service.create_queue(queue_name)

            print('2. Set access policy for queue')
            access_policy = AccessPolicy(permission=QueuePermissions.READ,
                                         expiry=datetime.datetime.utcnow() +
                                         datetime.timedelta(hours=1))
            identifiers = {'id': access_policy}
            queue_service.set_queue_acl(queue_name, identifiers)

            print('3. Get access policy from queue')
            acl = queue_service.get_queue_acl(queue_name)

            print('4. Clear access policy in queue')
            # Clear
            queue_service.set_queue_acl(queue_name)

        finally:
            print('5. Delete queue')
            if queue_service.exists(queue_name):
                queue_service.delete_queue(queue_name)

        print("Queue ACL operations sample completed")
Exemplo n.º 39
0
    def sas_with_signed_identifiers(self):
        container_name = self._create_container()
        self.service.create_blob_from_text(container_name, 'blob1', b'hello world')

        # Set access policy on container
        access_policy = AccessPolicy(permission=ContainerPermissions.READ,
                                     expiry=datetime.utcnow() + timedelta(hours=1))
        identifiers = {'id': access_policy}
        acl = self.service.set_container_acl(container_name, identifiers)

        # Wait 30 seconds for acl to propagate
        time.sleep(30)

        # Indicates to use the access policy set on the container
        token = self.service.generate_container_shared_access_signature(
            container_name,
            id='id'
        )

        # Create a service and use the SAS
        sas_service = BlockBlobService(
            account_name=self.account.account_name,
            sas_token=token,
        )

        blob = sas_service.get_blob_to_text(container_name, 'blob1')
        content = blob.content # hello world
        
        self.service.delete_container(container_name)
 def test_container_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     qry_str = self.sas.generate_signed_query_string('images',
                                                     RESOURCE_CONTAINER,
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
     self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      '1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
    def test_generate_signature_blob(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11T11:03:40Z'
        accss_plcy.expiry = '2011-10-12T11:53:40Z'
        accss_plcy.permission = 'r'
        sap = SharedAccessPolicy(accss_plcy)

        signature = self.sas._generate_signature('images/pic1.png',
                                                 sap,
                                                 X_MS_VERSION,
                                                 None,
                                                 'file; attachment',
                                                 None,
                                                 None,
                                                 'binary')
        self.assertEqual(signature,
                         'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
 def test_container_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     qry_str = self.sas.generate_signed_query_string('images',
                                                     RESOURCE_CONTAINER,
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
     self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
     self.assertEqual(qry_str[SIGNED_SIGNATURE],
                      'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
 def test_container_signed_query_string(self):
     accss_plcy = AccessPolicy()
     accss_plcy.start = '2011-10-11'
     accss_plcy.expiry = '2011-10-12'
     accss_plcy.permission = 'r'
     signed_identifier = 'YWJjZGVmZw=='
     sap = SharedAccessPolicy(accss_plcy, signed_identifier)
     qry_str = self.sas.generate_signed_query_string('images', 
                                                     RESOURCE_CONTAINER, 
                                                     sap)
     self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
     self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
     self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
     self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
     self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
     self.assertEqual(qry_str[SIGNED_SIGNATURE], 
                      'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
Exemplo n.º 44
0
    def test_generate_signed_query_dict_blob_with_access_policy(self):
        accss_plcy = AccessPolicy()
        accss_plcy.start = '2011-10-11'
        accss_plcy.expiry = '2011-10-12'
        accss_plcy.permission = 'w'

        query = self.sas._generate_signed_query_dict(
            'images/pic1.png',
            ResourceType.RESOURCE_BLOB,
            SharedAccessPolicy(accss_plcy),
        )

        self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11')
        self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12')
        self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
        self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w')
        self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
                         'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
Exemplo n.º 45
0
def sasUrl(account, key, container, permission):

    start = datetime.utcnow()
    expiry = start + timedelta(hours = 24)

    accss_plcy = AccessPolicy()
    accss_plcy.start = start.strftime('%Y-%m-%dT%H:%M:%SZ')
    accss_plcy.expiry = expiry.strftime('%Y-%m-%dT%H:%M:%SZ')
    accss_plcy.permission = permission

    sas = SharedAccessSignature(account_name=account, account_key=key)

    query = sas.generate_signed_query_string(
        container,
        ResourceType.RESOURCE_CONTAINER,
        SharedAccessPolicy(accss_plcy),
        )

    return query
Exemplo n.º 46
0
    def test_sas_signed_identifier(self):
        # SAS URL is calculated from storage key, so this test runs live only
        if TestMode.need_recording_file(self.test_mode):
            return

        # Arrange
        access_policy = AccessPolicy()
        access_policy.start = '2011-10-11'
        access_policy.expiry = '2018-10-12'
        access_policy.permission = QueuePermissions.READ

        identifiers = {'testid': access_policy}

        queue_name = self._create_queue()
        resp = self.qs.set_queue_acl(queue_name, identifiers)

        self.qs.put_message(queue_name, u'message1')

        token = self.qs.generate_queue_shared_access_signature(
            queue_name,
            id='testid'
        )

        # Act
        service = QueueService(
            account_name=self.settings.STORAGE_ACCOUNT_NAME,
            sas_token=token,
        )
        self._set_service_options(service, self.settings)
        result = service.peek_messages(queue_name)

        # Assert
        self.assertIsNotNone(result)
        self.assertEqual(1, len(result))
        message = result[0]
        self.assertIsNotNone(message)
        self.assertNotEqual('', message.id)
        self.assertEqual(u'message1', message.content)
Exemplo n.º 47
0
 def url(self, name):
     if hasattr(self.connection, 'make_blob_url'):
         if self.auto_sign:
             access_policy = AccessPolicy()
             access_policy.start = (datetime.utcnow() + timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
             access_policy.expiry = (datetime.utcnow() + timedelta(seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
             access_policy.permission = self.azure_access_policy_permission
             sap = SharedAccessPolicy(access_policy)
             
             sas_token = self.connection.generate_shared_access_signature(
                 self.azure_container,
                 blob_name=name,
                 shared_access_policy=sap,
             )
         else:
             sas_token = None
         return self.connection.make_blob_url(
             container_name=self.azure_container,
             blob_name=name,
             protocol=self.azure_protocol,
             sas_token=sas_token
         )
     else:
         return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container, name)