def test_sign_request(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
permission = Permission()
permission.path = '/images/pic1.png'
permission.query_string = qry_str
self.sas.permission_set = [permission]
web_rsrc = WebResource()
web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
web_rsrc.path = '/images/pic1.png?comp=metadata'
web_rsrc.request_url = '/images/pic1.png?comp=metadata'
web_rsrc = self.sas.sign_request(web_rsrc)
self.assertEqual(web_rsrc.request_url,
'/images/pic1.png?comp=metadata&' +
self.sas._convert_query_string(qry_str))
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
file_name = self._create_file()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = FilePermissions.READ
identifiers = {'testid': access_policy}
resp = self.fs.set_share_acl(self.share_name, identifiers)
token = self.fs.generate_file_shared_access_signature(self.share_name,
None,
file_name,
id='testid')
# Act
service = FileService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_test_proxy(service, self.settings)
result = service.get_file_to_bytes(self.share_name, None, file_name)
# Assert
self.assertEqual(self.short_byte_data, result.content)
def url(self, name):
if hasattr(self.connection, 'make_blob_url'):
if self.auto_sign:
access_policy = AccessPolicy()
access_policy.start = (
datetime.utcnow() +
timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.expiry = (datetime.utcnow() + timedelta(
seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.permission = self.azure_access_policy_permission
sap = SharedAccessPolicy(access_policy)
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=sap,
)
else:
sas_token = None
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token,
)
else:
return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container,
name)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
entity = self._insert_random_entity()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = TablePermissions.QUERY
identifiers = {'testid': access_policy}
entities = self.ts.set_table_acl(self.table_name, identifiers)
token = self.ts.generate_table_shared_access_signature(
self.table_name,
id='testid',
)
# Act
service = TableService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
entities = list(self.ts.query_entities(self.table_name, filter="PartitionKey eq '{}'".format(entity.PartitionKey)))
# Assert
self.assertEqual(len(entities), 1)
self._assert_default_entity(entities[0])
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recordingfile(self.test_mode):
return
# Arrange
entity = self._insert_random_entity()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = TablePermissions.QUERY
identifiers = {'testid': access_policy}
entities = self.ts.set_table_acl(self.table_name, identifiers)
token = self.ts.generate_table_shared_access_signature(
self.table_name,
id='testid',
)
# Act
service = TableService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
entities = list(
self.ts.query_entities(self.table_name,
filter="PartitionKey eq '{}'".format(
entity.PartitionKey)))
# Assert
self.assertEqual(len(entities), 1)
self._assert_default_entity(entities[0])
def container_acl(self):
container_name = self._create_container()
# Create a READ level access policy and set it on the container
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(container_name) # {id: AccessPolicy()}
# Replaces values, does not merge
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id2': access_policy}
self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(container_name) # {id2: AccessPolicy()}
# Clear
self.service.set_container_acl(container_name)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_container_acl(container_name) # {}
self.service.delete_container(container_name)
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(
query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def table_acl(self):
table_name = self._create_table()
# Basic
access_policy = AccessPolicy(permission=TablePermissions.QUERY,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
self.service.set_table_acl(table_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_table_acl(table_name) # {id: AccessPolicy()}
# Replaces values, does not merge
access_policy = AccessPolicy(permission=TablePermissions.QUERY,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id2': access_policy}
self.service.set_table_acl(table_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_table_acl(table_name) # {id2: AccessPolicy()}
# Clear
self.service.set_table_acl(table_name)
# Wait 30 seconds for acl to propagate
time.sleep(30)
acl = self.service.get_table_acl(table_name) # {}
self.service.delete_table(table_name)
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recordingfile(self.test_mode):
return
# Arrange
blob_name = self._create_block_blob()
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = BlobPermissions.READ
identifiers = {'testid': access_policy}
resp = self.bs.set_container_acl(self.container_name, identifiers)
token = self.bs.generate_blob_shared_access_signature(
self.container_name,
blob_name,
id='testid'
)
# Act
service = BlockBlobService(
self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
request_session=requests.Session(),
)
self._set_service_options(service, self.settings)
result = service.get_blob_to_bytes(self.container_name, blob_name)
# Assert
self.assertEqual(self.byte_data, result.content)
def test_sign_request(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
permission = Permission()
permission.path = '/images/pic1.png'
permission.query_string = qry_str
self.sas.permission_set = [permission]
web_rsrc = WebResource()
web_rsrc.properties[SIGNED_RESOURCE_TYPE] = RESOURCE_BLOB
web_rsrc.properties[SHARED_ACCESS_PERMISSION] = 'r'
web_rsrc.path = '/images/pic1.png?comp=metadata'
web_rsrc.request_url = '/images/pic1.png?comp=metadata'
web_rsrc = self.sas.sign_request(web_rsrc)
self.assertEqual(web_rsrc.request_url,
'/images/pic1.png?comp=metadata&' +
self.sas._convert_query_string(qry_str))
def url(self, name):
"""
Override this method so that we can add SAS authorization tokens
"""
sas_token = None
if self.url_expiry_secs:
now = datetime.utcnow().replace(tzinfo=pytz.utc)
expire_at = now + timedelta(seconds=self.url_expiry_secs)
policy = AccessPolicy()
# generate an ISO8601 time string and use split() to remove the sub-second
# components as Azure will reject them. Plus add the timezone at the end.
policy.expiry = expire_at.isoformat().split('.')[0] + 'Z'
policy.permission = 'r'
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=SharedAccessPolicy(access_policy=policy),
)
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token)
def test_generate_signed_query_dict_blob_with_access_policy_and_headers(
self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
content_disposition='file; attachment',
content_type='binary',
)
self.assertEqual(query[QueryStringConstants.SIGNED_START],
'2011-10-11T11:03:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY],
'2011-10-12T11:53:40Z')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE],
ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'r')
self.assertEqual(
query[QueryStringConstants.SIGNED_CONTENT_DISPOSITION],
'file; attachment')
self.assertEqual(query[QueryStringConstants.SIGNED_CONTENT_TYPE],
'binary')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images', sap, X_MS_VERSION,
None, None, None, None, None)
self.assertEqual(signature,
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images', RESOURCE_CONTAINER,
sap)
self.assertEqual(signature,
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
RESOURCE_BLOB, sap)
self.assertEqual(signature,
'7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(signature,
'7NIEip+VOrQ5ZV80pORPK1MOsJc62wwCNcbMvE+lQ0s=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
sap,
X_MS_VERSION)
self.assertEqual(signature,
'1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(signature,
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
sap,
X_MS_VERSION)
self.assertEqual(signature,
'ju4tX0G79vPxMOkBb7UfNVEgrj9+ZnSMutpUemVYHLY=')
def test_generate_signature_container(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
signature = self.sas._generate_signature('images',
sap,
X_MS_VERSION,
None, None, None, None, None)
self.assertEqual(signature,
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png', sap,
X_MS_VERSION, None,
'file; attachment', None,
None, 'binary')
self.assertEqual(signature,
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string(
'images/pic1.png', RESOURCE_BLOB, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string(
'images/pic1.png', RESOURCE_BLOB, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'8I8E8TImfR2TIAcMDq8rF+IhhYyvowXpxSfF1kxnWLQ=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def test_blob_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
sap = SharedAccessPolicy(accss_plcy)
qry_str = self.sas.generate_signed_query_string('images/pic1.png',
RESOURCE_BLOB,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_BLOB)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'w')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'k8uyTrn3pgLXuhwgZhxeAH6mZ/es9k2vqHPJEuIH4CE=')
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = "2011-10-11"
accss_plcy.expiry = "2011-10-12"
accss_plcy.permission = "w"
query = self.sas._generate_signed_query_dict(
"images/pic1.png", ResourceType.RESOURCE_BLOB, SharedAccessPolicy(accss_plcy)
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "w")
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=")
def test_generate_signed_query_dict_container_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = "2011-10-11"
accss_plcy.expiry = "2011-10-12"
accss_plcy.permission = "r"
query = self.sas._generate_signed_query_dict(
"images", ResourceType.RESOURCE_CONTAINER, SharedAccessPolicy(accss_plcy)
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], "2011-10-11")
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], "2011-10-12")
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_CONTAINER)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], "r")
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE], "CxLWN56cjXidpI9em7RDgSN2QIgLggTqrnzudH2XsOY=")
def table_acl_operations(self, table_service):
table_name = 'acltable' + self.random_data.get_random_name(6)
try:
print('1. Create a table with name - ' + table_name)
table_service.create_table(table_name)
print('2. Set access policy for table')
access_policy = AccessPolicy(permission=TablePermissions.QUERY,
expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=1))
identifiers = {'id': access_policy}
table_service.set_table_acl(table_name, identifiers)
print('3. Wait 30 seconds for acl to propagate')
time.sleep(30)
print('4. Get access policy from table')
acl = table_service.get_table_acl(table_name)
print('5. Clear access policy in table')
table_service.set_table_acl(table_name)
finally:
print('5. Delete table')
if(table_service.exists(table_name)):
table_service.delete_table(table_name)
print("Table ACL operations sample completed")
def sas_with_signed_identifiers(self):
share_name = self._create_share()
self.service.create_directory(share_name, 'dir1')
self.service.create_file_from_text(share_name, 'dir1', 'file1', b'hello world')
# Set access policy on share
access_policy = AccessPolicy(permission=SharePermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_share_acl(share_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the share
token = self.service.generate_share_shared_access_signature(
share_name,
id='id'
)
# Create a service and use the SAS
sas_service = FileService(
account_name=self.account.account_name,
sas_token=token,
)
file = sas_service.get_file_to_text(share_name, 'dir1', 'file1')
content = file.content # hello world
self.service.delete_share(share_name)
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string(
'images', RESOURCE_CONTAINER, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def sas_with_signed_identifiers(self):
table_name = self._create_table()
entity = {
'PartitionKey': 'test',
'RowKey': 'test1',
'text': 'hello world',
}
self.service.insert_entity(table_name, entity)
# Set access policy on table
access_policy = AccessPolicy(permission=TablePermissions.QUERY,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_table_acl(table_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the table
token = self.service.generate_table_shared_access_signature(
table_name,
id='id'
)
# Create a service and use the SAS
sas_service = TableService(
account_name=self.account.account_name,
sas_token=token,
)
entities = list(sas_service.query_entities(table_name))
for entity in entities:
print(entity.text) # hello world
self.service.delete_table(table_name)
def _get_shared_access_policy(self, permission):
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=1)
expiry = start + datetime.timedelta(hours=1)
return SharedAccessPolicy(
AccessPolicy(start.strftime(date_format),
expiry.strftime(date_format), permission))
def sas_with_signed_identifiers(self):
queue_name = self._create_queue()
self.service.put_message(queue_name, u'message1')
# Set access policy on queue
access_policy = AccessPolicy(permission=QueuePermissions.PROCESS,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_queue_acl(queue_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the queue
token = self.service.generate_queue_shared_access_signature(
queue_name,
id='id'
)
# Create a service and use the SAS
sas_service = QueueService(
account_name=self.account.account_name,
sas_token=token,
)
messages = sas_service.get_messages(queue_name)
for message in messages:
print(message.content) # message1
self.service.delete_queue(queue_name)
def container_acl_operations(self, account):
container_name = 'aclblockblobcontainer' + self.random_data.get_random_name(
6)
# Create a Block Blob Service object
blockblob_service = account.create_block_blob_service()
try:
print('1. Create a container with name - ' + container_name)
blockblob_service.create_container(container_name)
print('2. Set access policy for container')
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(hours=1))
identifiers = {'id': access_policy}
blockblob_service.set_container_acl(container_name, identifiers)
print('3. Get access policy from container')
acl = blockblob_service.get_container_acl(container_name)
print('4. Clear access policy in container')
# Clear
blockblob_service.set_container_acl(container_name)
finally:
print('5. Delete container')
blockblob_service.delete_container(container_name)
print("Container ACL operations sample completed")
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string(
'images', RESOURCE_CONTAINER, sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def make_blob_sas_url(account_name,
account_key,
container_name,
blob_name,
permission='w',
duration=16):
"""
Generate a Blob SAS URL to allow a client to upload a file.
account_name: Storage account name.
account_key: Storage account key.
container_name: Storage container.
blob_name: Blob name.
duration: A timedelta representing duration until SAS expiration.
SAS start date will be utcnow() minus one minute. Expiry date
is start date plus duration.
Returns the SAS URL.
"""
sas = SharedAccessSignature(account_name, account_key)
resource_path = '%s/%s' % (container_name, blob_name)
date_format = "%Y-%m-%dT%H:%M:%SZ"
start = datetime.datetime.utcnow() - datetime.timedelta(minutes=5)
expiry = start + datetime.timedelta(minutes=duration)
sap = SharedAccessPolicy(AccessPolicy(
start.strftime(date_format),
expiry.strftime(date_format),
permission))
sas_token = sas.generate_signed_query_string(resource_path, 'b', sap)
blob_url = BlobService(account_name, account_key)
url = blob_url.make_blob_url(container_name=container_name, blob_name=blob_name, sas_token=sas_token)
return url
def queue_acl_operations(self, queue_service):
queue_name = 'aclqueue' + self.random_data.get_random_name(6)
try:
print('1. Create a queue with name - ' + queue_name)
queue_service.create_queue(queue_name)
print('2. Set access policy for queue')
access_policy = AccessPolicy(permission=QueuePermissions.READ,
expiry=datetime.datetime.utcnow() +
datetime.timedelta(hours=1))
identifiers = {'id': access_policy}
queue_service.set_queue_acl(queue_name, identifiers)
print('3. Get access policy from queue')
acl = queue_service.get_queue_acl(queue_name)
print('4. Clear access policy in queue')
# Clear
queue_service.set_queue_acl(queue_name)
finally:
print('5. Delete queue')
if queue_service.exists(queue_name):
queue_service.delete_queue(queue_name)
print("Queue ACL operations sample completed")
def sas_with_signed_identifiers(self):
container_name = self._create_container()
self.service.create_blob_from_text(container_name, 'blob1', b'hello world')
# Set access policy on container
access_policy = AccessPolicy(permission=ContainerPermissions.READ,
expiry=datetime.utcnow() + timedelta(hours=1))
identifiers = {'id': access_policy}
acl = self.service.set_container_acl(container_name, identifiers)
# Wait 30 seconds for acl to propagate
time.sleep(30)
# Indicates to use the access policy set on the container
token = self.service.generate_container_shared_access_signature(
container_name,
id='id'
)
# Create a service and use the SAS
sas_service = BlockBlobService(
account_name=self.account.account_name,
sas_token=token,
)
blob = sas_service.get_blob_to_text(container_name, 'blob1')
content = blob.content # hello world
self.service.delete_container(container_name)
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'1AWckmWSNrNCjh9krPXoD4exAgZWQQr38gG6z/ymkhQ=')
def test_generate_signature_blob(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11T11:03:40Z'
accss_plcy.expiry = '2011-10-12T11:53:40Z'
accss_plcy.permission = 'r'
sap = SharedAccessPolicy(accss_plcy)
signature = self.sas._generate_signature('images/pic1.png',
sap,
X_MS_VERSION,
None,
'file; attachment',
None,
None,
'binary')
self.assertEqual(signature,
'uHckUC6T+BwUsc+DgrreyIS1k6au7uUd7LSSs/z+/+w=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'Md+SHy9BQNucdHnmDOEwlAkIWU5YxwlTq6gA9yJKE6w=')
def test_container_signed_query_string(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'r'
signed_identifier = 'YWJjZGVmZw=='
sap = SharedAccessPolicy(accss_plcy, signed_identifier)
qry_str = self.sas.generate_signed_query_string('images',
RESOURCE_CONTAINER,
sap)
self.assertEqual(qry_str[SIGNED_START], '2011-10-11')
self.assertEqual(qry_str[SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(qry_str[SIGNED_RESOURCE], RESOURCE_CONTAINER)
self.assertEqual(qry_str[SIGNED_PERMISSION], 'r')
self.assertEqual(qry_str[SIGNED_IDENTIFIER], 'YWJjZGVmZw==')
self.assertEqual(qry_str[SIGNED_SIGNATURE],
'VdlALM4TYEYYNf94Bvt3dn48TsA01wk45ltwP3zeKp4=')
def test_generate_signed_query_dict_blob_with_access_policy(self):
accss_plcy = AccessPolicy()
accss_plcy.start = '2011-10-11'
accss_plcy.expiry = '2011-10-12'
accss_plcy.permission = 'w'
query = self.sas._generate_signed_query_dict(
'images/pic1.png',
ResourceType.RESOURCE_BLOB,
SharedAccessPolicy(accss_plcy),
)
self.assertEqual(query[QueryStringConstants.SIGNED_START], '2011-10-11')
self.assertEqual(query[QueryStringConstants.SIGNED_EXPIRY], '2011-10-12')
self.assertEqual(query[QueryStringConstants.SIGNED_RESOURCE], ResourceType.RESOURCE_BLOB)
self.assertEqual(query[QueryStringConstants.SIGNED_PERMISSION], 'w')
self.assertEqual(query[QueryStringConstants.SIGNED_SIGNATURE],
'Fqt8tNcyUOp30qYRtSFNcImrRMcxlk6IF17O4l96KT8=')
def sasUrl(account, key, container, permission):
start = datetime.utcnow()
expiry = start + timedelta(hours = 24)
accss_plcy = AccessPolicy()
accss_plcy.start = start.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.expiry = expiry.strftime('%Y-%m-%dT%H:%M:%SZ')
accss_plcy.permission = permission
sas = SharedAccessSignature(account_name=account, account_key=key)
query = sas.generate_signed_query_string(
container,
ResourceType.RESOURCE_CONTAINER,
SharedAccessPolicy(accss_plcy),
)
return query
def test_sas_signed_identifier(self):
# SAS URL is calculated from storage key, so this test runs live only
if TestMode.need_recording_file(self.test_mode):
return
# Arrange
access_policy = AccessPolicy()
access_policy.start = '2011-10-11'
access_policy.expiry = '2018-10-12'
access_policy.permission = QueuePermissions.READ
identifiers = {'testid': access_policy}
queue_name = self._create_queue()
resp = self.qs.set_queue_acl(queue_name, identifiers)
self.qs.put_message(queue_name, u'message1')
token = self.qs.generate_queue_shared_access_signature(
queue_name,
id='testid'
)
# Act
service = QueueService(
account_name=self.settings.STORAGE_ACCOUNT_NAME,
sas_token=token,
)
self._set_service_options(service, self.settings)
result = service.peek_messages(queue_name)
# Assert
self.assertIsNotNone(result)
self.assertEqual(1, len(result))
message = result[0]
self.assertIsNotNone(message)
self.assertNotEqual('', message.id)
self.assertEqual(u'message1', message.content)
def url(self, name):
if hasattr(self.connection, 'make_blob_url'):
if self.auto_sign:
access_policy = AccessPolicy()
access_policy.start = (datetime.utcnow() + timedelta(seconds=-120)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.expiry = (datetime.utcnow() + timedelta(seconds=self.ap_expiry)).strftime('%Y-%m-%dT%H:%M:%SZ')
access_policy.permission = self.azure_access_policy_permission
sap = SharedAccessPolicy(access_policy)
sas_token = self.connection.generate_shared_access_signature(
self.azure_container,
blob_name=name,
shared_access_policy=sap,
)
else:
sas_token = None
return self.connection.make_blob_url(
container_name=self.azure_container,
blob_name=name,
protocol=self.azure_protocol,
sas_token=sas_token
)
else:
return "{}{}/{}".format(setting('MEDIA_URL'), self.azure_container, name)
