diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/__init__.py b/sdk/storage/azure-storage-blob/azure/storage/blob/__init__.py index d1c52cfea95a..8d43e05b481a 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/__init__.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/__init__.py @@ -17,7 +17,7 @@ from ._shared.models import( LocationMode, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode ) from .models import ( @@ -43,8 +43,8 @@ BlobBlock, PageRange, AccessPolicy, - ContainerPermissions, - BlobPermissions, + ContainerSasPermissions, + BlobSasPermissions, ) __version__ = VERSION @@ -82,10 +82,10 @@ 'BlobBlock', 'PageRange', 'AccessPolicy', - 'ContainerPermissions', - 'BlobPermissions', + 'ContainerSasPermissions', + 'BlobSasPermissions', 'ResourceTypes', - 'AccountPermissions', + 'AccountSasPermissions', 'StorageStreamDownloader', ] diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/models.py b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/models.py index 50f891de3012..c42edbc3745f 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/models.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/models.py @@ -277,7 +277,7 @@ def __str__(self): ResourceTypes.OBJECT = ResourceTypes(object=True) -class AccountPermissions(object): +class AccountSasPermissions(object): """ :class:`~ResourceTypes` class to be used with generate_shared_access_signature method and for the AccessPolicies used with set_*_acl. There are two types of @@ -286,25 +286,6 @@ class AccountPermissions(object): entire service for a specific account and allow certain operations based on perms found here. - :cvar AccountPermissions AccountPermissions.ADD: - Valid for the following Object resource types only: queue messages and append blobs. - :cvar AccountPermissions AccountPermissions.CREATE: - Valid for the following Object resource types only: blobs and files. Users - can create new blobs or files, but may not overwrite existing blobs or files. - :cvar AccountPermissions AccountPermissions.DELETE: - Valid for Container and Object resource types, except for queue messages. - :cvar AccountPermissions AccountPermissions.LIST: - Valid for Service and Container resource types only. - :cvar AccountPermissions AccountPermissions.PROCESS: - Valid for the following Object resource type only: queue messages. - :cvar AccountPermissions AccountPermissions.READ: - Valid for all signed resources types (Service, Container, and Object). - Permits read permissions to the specified resource type. - :cvar AccountPermissions AccountPermissions.UPDATE: - Valid for the following Object resource types only: queue messages. - :cvar AccountPermissions AccountPermissions.WRITE: - Valid for all signed resources types (Service, Container, and Object). - Permits write permissions to the specified resource type. :param bool read: Valid for all signed resources types (Service, Container, and Object). Permits read permissions to the specified resource type. @@ -325,57 +306,43 @@ class AccountPermissions(object): Valid for the following Object resource types only: queue messages. :param bool process: Valid for the following Object resource type only: queue messages. - :param str _str: - A string representing the permissions. """ - - READ = None # type: AccountPermissions - WRITE = None # type: AccountPermissions - DELETE = None # type: AccountPermissions - LIST = None # type: AccountPermissions - ADD = None # type: AccountPermissions - CREATE = None # type: AccountPermissions - UPDATE = None # type: AccountPermissions - PROCESS = None # type: AccountPermissions - def __init__(self, read=False, write=False, delete=False, list=False, # pylint: disable=redefined-builtin - add=False, create=False, update=False, process=False, _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - self.list = list or ('l' in _str) - self.add = add or ('a' in _str) - self.create = create or ('c' in _str) - self.update = update or ('u' in _str) - self.process = process or ('p' in _str) - - def __or__(self, other): - return AccountPermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return AccountPermissions(_str=str(self) + str(other)) + add=False, create=False, update=False, process=False): + self.read = read + self.write = write + self.delete = delete + self.list = list + self.add = add + self.create = create + self.update = update + self.process = process + self._str = (('r' if self.read else '') + + ('w' if self.write else '') + + ('d' if self.delete else '') + + ('l' if self.list else '') + + ('a' if self.add else '') + + ('c' if self.create else '') + + ('u' if self.update else '') + + ('p' if self.process else '')) def __str__(self): - return (('r' if self.read else '') + - ('w' if self.write else '') + - ('d' if self.delete else '') + - ('l' if self.list else '') + - ('a' if self.add else '') + - ('c' if self.create else '') + - ('u' if self.update else '') + - ('p' if self.process else '')) - - -AccountPermissions.READ = AccountPermissions(read=True) -AccountPermissions.WRITE = AccountPermissions(write=True) -AccountPermissions.DELETE = AccountPermissions(delete=True) -AccountPermissions.LIST = AccountPermissions(list=True) -AccountPermissions.ADD = AccountPermissions(add=True) -AccountPermissions.CREATE = AccountPermissions(create=True) -AccountPermissions.UPDATE = AccountPermissions(update=True) -AccountPermissions.PROCESS = AccountPermissions(process=True) + return self._str + + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + p_list = 'l' in permission + p_add = 'a' in permission + p_create = 'c' in permission + p_update = 'u' in permission + p_process = 'p' in permission + + parsed = cls(p_read, p_write, p_delete, p_list, p_add, p_create, p_update, p_process) + parsed._str = permission # pylint: disable = protected-access + return parsed class Services(object): diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py index 183889fc06a6..367c6554ef89 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py @@ -103,7 +103,7 @@ def generate_account(self, services, resource_types, permission, expiry, start=N Specifies the resource types that are accessible with the account SAS. You can combine values to provide access to more than one resource type. - :param AccountPermissions permission: + :param AccountSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py index b3adf5b2ac1a..4c05f380ad78 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py @@ -52,7 +52,7 @@ def generate_blob(self, container_name, blob_name, snapshot=None, permission=Non :param str snapshot: The snapshot parameter is an opaque DateTime value that, when present, specifies the blob snapshot to grant permission. - :param BlobPermissions permission: + :param BlobSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. @@ -129,7 +129,7 @@ def generate_container(self, container_name, permission=None, expiry=None, :param str container_name: Name of container. - :param ContainerPermissions permission: + :param ContainerSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/__init__.py b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/__init__.py index 598fd2090a81..eb80c977820a 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/__init__.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/__init__.py @@ -9,7 +9,7 @@ from .._shared.models import( LocationMode, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode ) from ..models import ( @@ -32,8 +32,8 @@ BlobBlock, PageRange, AccessPolicy, - ContainerPermissions, - BlobPermissions, + ContainerSasPermissions, + BlobSasPermissions, ) from .models import ( ContainerPropertiesPaged, @@ -78,9 +78,9 @@ 'BlobBlock', 'PageRange', 'AccessPolicy', - 'ContainerPermissions', - 'BlobPermissions', + 'ContainerSasPermissions', + 'BlobSasPermissions', 'ResourceTypes', - 'AccountPermissions', + 'AccountSasPermissions', 'StorageStreamDownloader', ] diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_client_async.py b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_client_async.py index 8892b400710e..a243c185b01d 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_client_async.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_client_async.py @@ -35,7 +35,7 @@ from ..models import ( # pylint: disable=unused-import ContainerProperties, BlobProperties, - BlobPermissions, + BlobSasPermissions, ContentSettings, PremiumPageBlobTier, StandardBlobTier, diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_service_client_async.py b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_service_client_async.py index 06238e8d0bd2..6f2e43ef14b8 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_service_client_async.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_service_client_async.py @@ -31,7 +31,7 @@ from datetime import datetime from azure.core.pipeline.transport import HttpTransport from azure.core.pipeline.policies import HTTPPolicy - from .._shared.models import AccountPermissions, ResourceTypes + from .._shared.models import AccountSasPermissions, ResourceTypes from .lease_async import LeaseClient from ..models import ( BlobProperties, diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/container_client_async.py b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/container_client_async.py index b4611d3a29d6..45765e384e6a 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/aio/container_client_async.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/aio/container_client_async.py @@ -39,7 +39,7 @@ if TYPE_CHECKING: from azure.core.pipeline.transport import HttpTransport from azure.core.pipeline.policies import HTTPPolicy - from ..models import ContainerPermissions, PublicAccess + from ..models import ContainerSasPermissions, PublicAccess from datetime import datetime from ..models import ( # pylint: disable=unused-import AccessPolicy, diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/blob_client.py b/sdk/storage/azure-storage-blob/azure/storage/blob/blob_client.py index bedf49a3be52..815ac3bdf866 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/blob_client.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/blob_client.py @@ -57,7 +57,7 @@ from .models import ( # pylint: disable=unused-import ContainerProperties, BlobProperties, - BlobPermissions, + BlobSasPermissions, ContentSettings, PremiumPageBlobTier, StandardBlobTier, @@ -225,7 +225,7 @@ def from_connection_string( account_url, container=container, blob=blob, snapshot=snapshot, credential=credential, **kwargs) def generate_shared_access_signature( - self, permission=None, # type: Optional[Union[BlobPermissions, str]] + self, permission=None, # type: Optional[Union[BlobSasPermissions, str]] expiry=None, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] policy_id=None, # type: Optional[str] @@ -252,7 +252,7 @@ def generate_shared_access_signature( Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. - :type permission: str or ~azure.storage.blob.models.BlobPermissions + :type permission: str or ~azure.storage.blob.models.BlobSasPermissions :param expiry: The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/blob_service_client.py b/sdk/storage/azure-storage-blob/azure/storage/blob/blob_service_client.py index ddae62e8d2dc..89c3dccbe315 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/blob_service_client.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/blob_service_client.py @@ -34,7 +34,7 @@ from datetime import datetime from azure.core.pipeline.transport import HttpTransport from azure.core.pipeline.policies import HTTPPolicy - from ._shared.models import AccountPermissions, ResourceTypes + from ._shared.models import AccountSasPermissions, ResourceTypes from .lease import LeaseClient from .models import ( BlobProperties, @@ -157,7 +157,7 @@ def from_connection_string( def generate_shared_access_signature( self, resource_types, # type: Union[ResourceTypes, str] - permission, # type: Union[AccountPermissions, str] + permission, # type: Union[AccountSasPermissions, str] expiry, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] ip=None, # type: Optional[str] @@ -177,7 +177,7 @@ def generate_shared_access_signature( Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. - :type permission: str or ~azure.storage.blob.models.AccountPermissions + :type permission: str or ~azure.storage.blob.models.AccountSasPermissions :param expiry: The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/container_client.py b/sdk/storage/azure-storage-blob/azure/storage/blob/container_client.py index a4f176c35685..94f5a133256d 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/container_client.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/container_client.py @@ -48,7 +48,7 @@ if TYPE_CHECKING: from azure.core.pipeline.transport import HttpTransport # pylint: disable=ungrouped-imports from azure.core.pipeline.policies import HTTPPolicy # pylint: disable=ungrouped-imports - from .models import ContainerPermissions, PublicAccess + from .models import ContainerSasPermissions, PublicAccess from datetime import datetime from .models import ( # pylint: disable=unused-import AccessPolicy, @@ -185,7 +185,7 @@ def from_connection_string( account_url, container=container, credential=credential, **kwargs) def generate_shared_access_signature( - self, permission=None, # type: Optional[Union[ContainerPermissions, str]] + self, permission=None, # type: Optional[Union[ContainerSasPermissions, str]] expiry=None, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] policy_id=None, # type: Optional[str] @@ -211,7 +211,7 @@ def generate_shared_access_signature( Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. - :type permission: str or ~azure.storage.blob.models.ContainerPermissions + :type permission: str or ~azure.storage.blob.models.ContainerSasPermissions :param expiry: The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-blob/azure/storage/blob/models.py b/sdk/storage/azure-storage-blob/azure/storage/blob/models.py index a80e75dfcaef..33895584ab3b 100644 --- a/sdk/storage/azure-storage-blob/azure/storage/blob/models.py +++ b/sdk/storage/azure-storage-blob/azure/storage/blob/models.py @@ -820,7 +820,7 @@ class AccessPolicy(GenAccessPolicy): Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. - :type permission: str or ~azure.storage.blob.models.ContainerPermissions + :type permission: str or ~azure.storage.blob.models.ContainerSasPermissions :param expiry: The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy @@ -843,27 +843,12 @@ def __init__(self, permission=None, expiry=None, start=None): self.permission = permission -class ContainerPermissions(object): - """ContainerPermissions class to be used with +class ContainerSasPermissions(object): + """ContainerSasPermissions class to be used with :func:`~azure.storage.blob.container_client.ContainerClient.generate_shared_access_signature` API and for the AccessPolicies used with :func:`~azure.storage.blob.container_client.ContainerClient.set_container_access_policy`. - :cvar ContainerPermissions ContainerPermissions.DELETE: - Delete any blob in the container. Note: You cannot grant permissions to - delete a container with a container SAS. Use an account SAS instead. - :cvar ContainerPermissions ContainerPermissions.LIST: - List blobs in the container. - :cvar ContainerPermissions ContainerPermissions.READ: - Read the content, properties, metadata or block list of any blob in the - container. Use any blob in the container as the source of a copy operation. - :cvar ContainerPermissions ContainerPermissions.WRITE: - For any blob in the container, create or write content, properties, - metadata, or block list. Snapshot or lease the blob. Resize the blob - (page blob only). Use the blob as the destination of a copy operation - within the same account. Note: You cannot grant permissions to read or - write container properties or metadata, nor to lease a container, with - a container SAS. Use an account SAS instead. :param bool read: Read the content, properties, metadata or block list of any blob in the container. Use any blob in the container as the source of a copy operation. @@ -879,58 +864,35 @@ class ContainerPermissions(object): delete a container with a container SAS. Use an account SAS instead. :param bool list: List blobs in the container. - :param str _str: - A string representing the permissions. """ - - DELETE = None # type: ContainerPermissions - LIST = None # type: ContainerPermissions - READ = None # type: ContainerPermissions - WRITE = None # type: ContainerPermissions - - def __init__(self, read=False, write=False, delete=False, list=False, _str=None): # pylint: disable=redefined-builtin - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - self.list = list or ('l' in _str) - - def __or__(self, other): - return ContainerPermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return ContainerPermissions(_str=str(self) + str(other)) + def __init__(self, read=False, write=False, delete=False, list=False): # pylint: disable=redefined-builtin + self.read = read + self.write = write + self.delete = delete + self.list = list + self._str = (('r' if self.read else '') + + ('w' if self.write else '') + + ('d' if self.delete else '') + + ('l' if self.list else '')) def __str__(self): - return (('r' if self.read else '') + - ('w' if self.write else '') + - ('d' if self.delete else '') + - ('l' if self.list else '')) - - -ContainerPermissions.DELETE = ContainerPermissions(delete=True) -ContainerPermissions.LIST = ContainerPermissions(list=True) -ContainerPermissions.READ = ContainerPermissions(read=True) -ContainerPermissions.WRITE = ContainerPermissions(write=True) - + return self._str -class BlobPermissions(object): - """BlobPermissions class to be used with + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + p_list = 'l' in permission + parsed = cls(p_read, p_write, p_delete, p_list) + parsed._str = permission # pylint: disable = protected-access + return parsed + + +class BlobSasPermissions(object): + """BlobSasPermissions class to be used with :func:`~azure.storage.blob.blob_client.BlobClient.generate_shared_access_signature` API. - :cvar BlobPermissions BlobPermissions.ADD: - Add a block to an append blob. - :cvar BlobPermissions BlobPermissions.CREATE: - Write a new blob, snapshot a blob, or copy a blob to a new blob. - :cvar BlobPermissions BlobPermissions.DELETE: - Delete the blob. - :cvar BlobPermissions BlobPermissions.READ: - Read the content, properties, metadata and block list. Use the blob as the source of a copy operation. - :cvar BlobPermissions BlobPermissions.WRITE: - Create or write content, properties, metadata, or block list. Snapshot or lease - the blob. Resize the blob (page blob only). Use the blob as the destination of a - copy operation within the same account. :param bool read: Read the content, properties, metadata and block list. Use the blob as the source of a copy operation. @@ -944,45 +906,34 @@ class BlobPermissions(object): destination of a copy operation within the same account. :param bool delete: Delete the blob. - :param str _str: - A string representing the permissions. """ - ADD = None # type: BlobPermissions - CREATE = None # type: BlobPermissions - DELETE = None # type: BlobPermissions - READ = None # type: BlobPermissions - WRITE = None # type: BlobPermissions - - def __init__(self, read=False, add=False, create=False, write=False, - delete=False, _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.add = add or ('a' in _str) - self.create = create or ('c' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - - def __or__(self, other): - return BlobPermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return BlobPermissions(_str=str(self) + str(other)) + delete=False): + self.read = read + self.add = add + self.create = create + self.write = write + self.delete = delete + self._str = (('r' if self.read else '') + + ('a' if self.add else '') + + ('c' if self.create else '') + + ('w' if self.write else '') + + ('d' if self.delete else '')) def __str__(self): - return (('r' if self.read else '') + - ('a' if self.add else '') + - ('c' if self.create else '') + - ('w' if self.write else '') + - ('d' if self.delete else '')) - - -BlobPermissions.ADD = BlobPermissions(add=True) -BlobPermissions.CREATE = BlobPermissions(create=True) -BlobPermissions.DELETE = BlobPermissions(delete=True) -BlobPermissions.READ = BlobPermissions(read=True) -BlobPermissions.WRITE = BlobPermissions(write=True) + return self._str + + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_add = 'a' in permission + p_create = 'c' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + + parsed = cls(p_read, p_add, p_create, p_write, p_delete) + parsed._str = permission # pylint: disable = protected-access + return parsed class CustomerProvidedEncryptionKey(object): diff --git a/sdk/storage/azure-storage-blob/tests/test_append_blob.py b/sdk/storage/azure-storage-blob/tests/test_append_blob.py index 0a511c2ddb46..edfe9a96692b 100644 --- a/sdk/storage/azure-storage-blob/tests/test_append_blob.py +++ b/sdk/storage/azure-storage-blob/tests/test_append_blob.py @@ -17,7 +17,7 @@ ContainerClient, BlobClient, BlobType, - BlobPermissions) + BlobSasPermissions) from azure.storage.blob._shared.policies import StorageContentValidation from testcase import ( StorageTestCase, @@ -198,7 +198,7 @@ def test_append_block_from_url(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -238,7 +238,7 @@ def test_append_block_from_url_and_validate_content_md5(self): source_blob_client = self._create_source_blob(source_blob_data) src_md5 = StorageContentValidation.get_content_md5(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -271,7 +271,7 @@ def test_append_block_from_url_with_source_if_modified(self): source_blob_client = self._create_source_blob(source_blob_data) source_blob_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -308,7 +308,7 @@ def test_append_block_from_url_with_source_if_unmodified(self): source_blob_client = self._create_source_blob(source_blob_data) source_blob_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -345,7 +345,7 @@ def test_append_block_from_url_with_source_if_match(self): source_blob_client = self._create_source_blob(source_blob_data) source_blob_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -380,7 +380,7 @@ def test_append_block_from_url_with_source_if_none_match(self): source_blob_client = self._create_source_blob(source_blob_data) source_blob_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -414,7 +414,7 @@ def test_append_block_from_url_with_if_match(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -452,7 +452,7 @@ def test_append_block_from_url_with_if_none_match(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -486,7 +486,7 @@ def test_append_block_from_url_with_maxsize_condition(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -520,7 +520,7 @@ def test_append_block_from_url_with_appendpos_condition(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -555,7 +555,7 @@ def test_append_block_from_url_with_if_modified(self): source_blob_client = self._create_source_blob(source_blob_data) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -591,7 +591,7 @@ def test_append_block_from_url_with_if_unmodified(self): source_blob_client = self._create_source_blob(source_blob_data) source_properties = source_blob_client.append_block(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) diff --git a/sdk/storage/azure-storage-blob/tests/test_append_blob_async.py b/sdk/storage/azure-storage-blob/tests/test_append_blob_async.py index 843eb66b334e..219998d42d11 100644 --- a/sdk/storage/azure-storage-blob/tests/test_append_blob_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_append_blob_async.py @@ -18,7 +18,7 @@ from azure.core.pipeline.transport import AioHttpTransport from multidict import CIMultiDict, CIMultiDictProxy -from azure.storage.blob import BlobPermissions +from azure.storage.blob import BlobSasPermissions from azure.storage.blob._shared.policies import StorageContentValidation from azure.storage.blob.aio import ( BlobServiceClient, @@ -255,7 +255,7 @@ async def _test_append_block_from_url(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -300,7 +300,7 @@ async def _test_append_block_from_url_and_validate_content_md5(self): source_blob_client = await self._create_source_blob(source_blob_data) src_md5 = StorageContentValidation.get_content_md5(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -338,7 +338,7 @@ async def _test_append_block_from_url_with_source_if_modified(self): source_blob_client = await self._create_source_blob(source_blob_data) source_blob_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -381,7 +381,7 @@ async def _test_append_block_from_url_with_source_if_unmodified(self): source_blob_client = await self._create_source_blob(source_blob_data) source_blob_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -424,7 +424,7 @@ async def _test_append_block_from_url_with_source_if_match(self): source_blob_client = await self._create_source_blob(source_blob_data) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -465,7 +465,7 @@ async def _test_append_block_from_url_with_source_if_none_match(self): source_blob_client = await self._create_source_blob(source_blob_data) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -505,7 +505,7 @@ async def _test_append_block_from_url_with_if_match(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -549,7 +549,7 @@ async def _test_append_block_from_url_with_if_none_match(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -589,7 +589,7 @@ async def _test_append_block_from_url_with_maxsize_condition(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -629,7 +629,7 @@ async def _test_append_block_from_url_with_appendpos_condition(self): source_blob_data = self.get_random_bytes(LARGE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -670,7 +670,7 @@ async def _test_append_block_from_url_with_if_modified(self): source_blob_client = await self._create_source_blob(source_blob_data) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -712,7 +712,7 @@ async def _test_append_block_from_url_with_if_unmodified(self): source_blob_client = await self._create_source_blob(source_blob_data) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) diff --git a/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication.py b/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication.py index 970d2f5a13f0..87dac143086e 100644 --- a/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication.py +++ b/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication.py @@ -115,11 +115,11 @@ def test_auth_shared_access_signature(self): # [START create_sas_token] # Create a SAS token to use to authenticate a new client from datetime import datetime, timedelta - from azure.storage.blob import ResourceTypes, AccountPermissions + from azure.storage.blob import ResourceTypes, AccountSasPermissions sas_token = blob_service_client.generate_shared_access_signature( resource_types=ResourceTypes.OBJECT, - permission=AccountPermissions.READ, + permission=AccountSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) # [END create_sas_token] diff --git a/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication_async.py b/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication_async.py index eb540130f6a5..ad91c7f7215c 100644 --- a/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_blob_samples_authentication_async.py @@ -140,11 +140,11 @@ async def _test_auth_shared_access_signature_async(self): # [START create_sas_token] # Create a SAS token to use to authenticate a new client from datetime import datetime, timedelta - from azure.storage.blob import ResourceTypes, AccountPermissions + from azure.storage.blob import ResourceTypes, AccountSasPermissions sas_token = blob_service_client.generate_shared_access_signature( resource_types=ResourceTypes.OBJECT, - permission=AccountPermissions.READ, + permission=AccountSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) # [END create_sas_token] diff --git a/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers.py b/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers.py index 4291d2576da3..0f0828e1c190 100644 --- a/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers.py +++ b/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers.py @@ -149,8 +149,8 @@ def test_container_access_policy(self): # [START set_container_access_policy] # Create access policy - from azure.storage.blob import AccessPolicy, ContainerPermissions - access_policy = AccessPolicy(permission=ContainerPermissions(read=True), + from azure.storage.blob import AccessPolicy, ContainerSasPermissions + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) diff --git a/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers_async.py b/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers_async.py index 7ddacdfc4838..1ea44f5c83d8 100644 --- a/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_blob_samples_containers_async.py @@ -166,8 +166,8 @@ async def _test_container_access_policy_async(self): # [START set_container_access_policy] # Create access policy - from azure.storage.blob import AccessPolicy, ContainerPermissions - access_policy = AccessPolicy(permission=ContainerPermissions(read=True), + from azure.storage.blob import AccessPolicy, ContainerSasPermissions + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) diff --git a/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy.py b/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy.py index 9a8c7a726b87..9cd6769ecd05 100644 --- a/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy.py +++ b/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy.py @@ -12,7 +12,7 @@ ContainerClient, BlobClient, StorageErrorCode, - BlobPermissions + BlobSasPermissions ) from azure.storage.blob._shared.policies import StorageContentValidation from testcase import ( @@ -55,7 +55,7 @@ def setUp(self): # generate a SAS so that it is accessible with a URL sas_token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) self.source_blob_url = BlobClient(blob.url, credential=sas_token).url diff --git a/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy_async.py b/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy_async.py index 06c6095e56dd..cceeedfff827 100644 --- a/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_block_blob_sync_copy_async.py @@ -16,7 +16,7 @@ ContainerClient, BlobClient, StorageErrorCode, - BlobPermissions + BlobSasPermissions ) from azure.storage.blob._shared.policies import StorageContentValidation from testcase import ( @@ -69,7 +69,7 @@ def setUp(self): # generate a SAS so that it is accessible with a URL sas_token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) self.source_blob_url = BlobClient(blob.url, credential=sas_token).url @@ -95,7 +95,7 @@ async def _setup(self): # generate a SAS so that it is accessible with a URL sas_token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) self.source_blob_url = BlobClient(blob.url, credential=sas_token).url diff --git a/sdk/storage/azure-storage-blob/tests/test_common_blob.py b/sdk/storage/azure-storage-blob/tests/test_common_blob.py index c0e5b3f95cdf..28b787231073 100644 --- a/sdk/storage/azure-storage-blob/tests/test_common_blob.py +++ b/sdk/storage/azure-storage-blob/tests/test_common_blob.py @@ -25,14 +25,14 @@ BlobClient, BlobType, StorageErrorCode, - BlobPermissions, - ContainerPermissions, + BlobSasPermissions, + ContainerSasPermissions, ContentSettings, BlobProperties, RetentionPolicy, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StandardBlobTier) from azure.storage.blob._generated.models import RehydratePriority from testcase import ( @@ -946,7 +946,7 @@ def test_copy_blob_async_private_blob_with_sas(self): self._create_remote_container() source_blob = self._create_remote_block_blob(blob_data=data) sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) blob = BlobClient(source_blob.url, credential=sas_token) @@ -1209,7 +1209,7 @@ def test_sas_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1233,7 +1233,7 @@ def test_sas_access_blob_snapshot(self): blob_snapshot_client = self.bsc.get_blob_client(self.container_name, blob_name, snapshot=blob_snapshot) token = blob_snapshot_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1266,7 +1266,7 @@ def test_sas_signed_identifier(self): access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = BlobPermissions.READ + access_policy.permission = BlobSasPermissions(read=True) identifiers = {'testid': access_policy} resp = container.set_container_access_policy(identifiers) @@ -1292,7 +1292,7 @@ def test_account_sas(self): token = self.bsc.generate_shared_access_signature( ResourceTypes(container=True, object=True), - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), ) @@ -1358,7 +1358,7 @@ def test_user_delegation_sas_for_blob(self): blob_client.upload_blob(self.byte_data, length=len(self.byte_data)) token = blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), user_delegation_key=user_delegation_key, account_name='emilydevtest', @@ -1404,7 +1404,7 @@ def test_shared_read_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1428,7 +1428,7 @@ def test_shared_read_access_blob_with_content_query_params(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), cache_control='no-cache', content_disposition='inline', @@ -1462,7 +1462,7 @@ def test_shared_write_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.WRITE, + permission=BlobSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1488,7 +1488,7 @@ def test_shared_delete_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.DELETE, + permission=BlobSasPermissions(delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1542,7 +1542,7 @@ def test_get_account_information_with_container_sas(self): # Arrange container = self.bsc.get_container_client(self.container_name) token = container.generate_shared_access_signature( - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_container = ContainerClient(container.url, credential=token) @@ -1565,7 +1565,7 @@ def test_get_account_information_with_blob_sas(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1586,7 +1586,7 @@ def test_download_to_file_with_sas(self): self._create_remote_container() source_blob = self._create_remote_block_blob(blob_data=data) sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) blob = BlobClient(source_blob.url, credential=sas_token) @@ -1700,7 +1700,7 @@ def test_upload_to_url_bytes_with_sas(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.WRITE, + permission=BlobSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1820,6 +1820,20 @@ def test_upload_to_url_file_with_credential(self): content = blob.download_blob().content_as_bytes() self.assertEqual(data, content) + def test_set_blob_permission_from_string(self): + # Arrange + permission1 = BlobSasPermissions(read=True, write=True) + permission2 = BlobSasPermissions.from_string('wr') + self.assertEqual(permission1.read, permission2.read) + self.assertEqual(permission1.write, permission2.write) + + def test_set_blob_permission(self): + # Arrange + permission = BlobSasPermissions.from_string('wrdx') + self.assertEqual(permission.read, True) + self.assertEqual(permission.delete, True) + self.assertEqual(permission.write, True) + self.assertEqual(permission._str, 'wrdx') #------------------------------------------------------------------------------ if __name__ == '__main__': diff --git a/sdk/storage/azure-storage-blob/tests/test_common_blob_async.py b/sdk/storage/azure-storage-blob/tests/test_common_blob_async.py index 1a5e936805be..12ab3573ecd2 100644 --- a/sdk/storage/azure-storage-blob/tests/test_common_blob_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_common_blob_async.py @@ -34,14 +34,14 @@ download_blob_from_url, BlobType, StorageErrorCode, - BlobPermissions, - ContainerPermissions, + BlobSasPermissions, + ContainerSasPermissions, ContentSettings, BlobProperties, RetentionPolicy, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StandardBlobTier) from testcase import ( @@ -1249,7 +1249,7 @@ async def _test_copy_blob_async_private_blob_with_sas(self): await self._create_remote_container() source_blob = await self._create_remote_block_blob(blob_data=data) sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) blob = BlobClient(source_blob.url, credential=sas_token) @@ -1600,7 +1600,7 @@ async def _test_sas_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1631,7 +1631,7 @@ async def _test_sas_signed_identifier(self): access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = BlobPermissions.READ + access_policy.permission = BlobSasPermissions(read=True) identifiers = {'testid': access_policy} resp = await container.set_container_access_policy(identifiers) @@ -1662,7 +1662,7 @@ async def _test_account_sas(self): token = self.bsc.generate_shared_access_signature( ResourceTypes(container=True, object=True), - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), ) @@ -1764,7 +1764,7 @@ async def _test_shared_read_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1793,7 +1793,7 @@ async def _test_shared_read_access_blob_with_content_query_params(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), cache_control='no-cache', content_disposition='inline', @@ -1832,7 +1832,7 @@ async def _test_shared_write_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.WRITE, + permission=BlobSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1863,7 +1863,7 @@ async def _test_shared_delete_access_blob(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.DELETE, + permission=BlobSasPermissions(delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1937,7 +1937,7 @@ async def _test_get_account_information_with_container_sas(self): await self._setup() container = self.bsc.get_container_client(self.container_name) token = container.generate_shared_access_signature( - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_container = ContainerClient(container.url, credential=token) @@ -1965,7 +1965,7 @@ async def _test_get_account_information_with_blob_sas(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) @@ -1991,7 +1991,7 @@ async def _test_download_to_file_with_sas(self): await self._create_remote_container() source_blob = await self._create_remote_block_blob(blob_data=data) sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) blob = BlobClient(source_blob.url, credential=sas_token) @@ -2129,7 +2129,7 @@ async def _test_upload_to_url_bytes_with_sas(self): blob = self.bsc.get_blob_client(self.container_name, blob_name) token = blob.generate_shared_access_signature( - permission=BlobPermissions.WRITE, + permission=BlobSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(blob.url, credential=token) diff --git a/sdk/storage/azure-storage-blob/tests/test_container.py b/sdk/storage/azure-storage-blob/tests/test_container.py index cf707fe22095..a9a148d43019 100644 --- a/sdk/storage/azure-storage-blob/tests/test_container.py +++ b/sdk/storage/azure-storage-blob/tests/test_container.py @@ -20,9 +20,9 @@ ContainerClient, BlobClient, LeaseClient, - ContainerPermissions, + ContainerSasPermissions, PublicAccess, - ContainerPermissions, + ContainerSasPermissions, AccessPolicy, StandardBlobTier, PremiumPageBlobTier @@ -434,7 +434,7 @@ def test_set_container_acl_with_one_signed_identifier(self): container = self._create_container() # Act - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifier = {'testid': access_policy} @@ -450,7 +450,7 @@ def test_set_container_acl_with_one_signed_identifier(self): container = self._create_container() # Act - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifiers = {'testid': access_policy} @@ -523,7 +523,7 @@ def test_set_container_acl_with_signed_identifiers(self): container = self._create_container() # Act - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'testid': access_policy} @@ -556,7 +556,7 @@ def test_set_container_acl_with_empty_identifiers(self): def test_set_container_acl_with_three_identifiers(self): # Arrange container = self._create_container() - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {str(i): access_policy for i in range(0, 3)} @@ -1199,7 +1199,7 @@ def test_shared_access_container(self): token = container.generate_shared_access_signature( expiry=datetime.utcnow() + timedelta(hours=1), - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), ) blob = BlobClient(blob.url, credential=token) @@ -1257,7 +1257,7 @@ def test_user_delegation_sas_for_container(self): container_client = service_client.create_container(self.get_resource_name('oauthcontainer')) token = container_client.generate_shared_access_signature( expiry=datetime.utcnow() + timedelta(hours=1), - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), user_delegation_key=user_delegation_key, account_name='emilydevtest' ) @@ -1273,6 +1273,21 @@ def test_user_delegation_sas_for_container(self): # Assert self.assertEqual(blob_content, b"".join(list(content)).decode('utf-8')) + def test_set_container_permission_from_string(self): + # Arrange + permission1 = ContainerSasPermissions(read=True, write=True) + permission2 = ContainerSasPermissions.from_string('wr') + self.assertEqual(permission1.read, permission2.read) + self.assertEqual(permission1.write, permission2.write) + + def test_set_container_permission(self): + # Arrange + permission = ContainerSasPermissions.from_string('wrlx') + self.assertEqual(permission.read, True) + self.assertEqual(permission.list, True) + self.assertEqual(permission.write, True) + self.assertEqual(permission._str, 'wrlx') + #------------------------------------------------------------------------------ if __name__ == '__main__': import unittest diff --git a/sdk/storage/azure-storage-blob/tests/test_container_async.py b/sdk/storage/azure-storage-blob/tests/test_container_async.py index 3f511f8e60bc..8c3d11dcb98b 100644 --- a/sdk/storage/azure-storage-blob/tests/test_container_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_container_async.py @@ -29,7 +29,7 @@ BlobType, ContentSettings, BlobProperties, - ContainerPermissions, + ContainerSasPermissions, StandardBlobTier, PremiumPageBlobTier ) @@ -558,7 +558,7 @@ async def _test_set_container_acl_with_one_signed_identifier(self): container = await self._create_container() # Act - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow()) signed_identifier = {'testid': access_policy} @@ -632,7 +632,7 @@ async def _test_set_container_acl_with_signed_identifiers(self): container = await self._create_container() # Act - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {'testid': access_policy} @@ -673,7 +673,7 @@ def test_set_container_acl_with_empty_identifiers(self): async def _test_set_container_acl_with_three_identifiers(self): # Arrange container = await self._create_container() - access_policy = AccessPolicy(permission=ContainerPermissions.READ, + access_policy = AccessPolicy(permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1)) identifiers = {i: access_policy for i in range(2)} @@ -1460,7 +1460,7 @@ async def _test_shared_access_container(self): token = container.generate_shared_access_signature( expiry=datetime.utcnow() + timedelta(hours=1), - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), ) blob = BlobClient(blob.url, credential=token) diff --git a/sdk/storage/azure-storage-blob/tests/test_cpk.py b/sdk/storage/azure-storage-blob/tests/test_cpk.py index 1a2e3877364b..5af1a5428de8 100644 --- a/sdk/storage/azure-storage-blob/tests/test_cpk.py +++ b/sdk/storage/azure-storage-blob/tests/test_cpk.py @@ -14,7 +14,7 @@ BlobType, BlobBlock, ) -from azure.storage.blob.models import CustomerProvidedEncryptionKey, BlobPermissions +from azure.storage.blob.models import CustomerProvidedEncryptionKey, BlobSasPermissions from testcase import ( StorageTestCase, TestMode, @@ -219,7 +219,7 @@ def test_put_block_from_url_and_commit(self): self.config.use_byte_buffer = True # Make sure using chunk upload, then we can record the request source_blob_client, _ = self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas @@ -298,7 +298,7 @@ def test_append_block_from_url(self): self.config.use_byte_buffer = True # chunk upload source_blob_client, _ = self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas @@ -393,7 +393,7 @@ def test_update_page_from_url(self): self.config.use_byte_buffer = True # Make sure using chunk upload, then we can record the request source_blob_client, _ = self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas diff --git a/sdk/storage/azure-storage-blob/tests/test_cpk_async.py b/sdk/storage/azure-storage-blob/tests/test_cpk_async.py index 9b6bb7c57cd5..915670cc6438 100644 --- a/sdk/storage/azure-storage-blob/tests/test_cpk_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_cpk_async.py @@ -17,7 +17,7 @@ BlobType, BlobBlock, ) -from azure.storage.blob.models import CustomerProvidedEncryptionKey, BlobPermissions +from azure.storage.blob.models import CustomerProvidedEncryptionKey, BlobSasPermissions from testcase import ( StorageTestCase, TestMode, @@ -254,7 +254,7 @@ async def _test_put_block_from_url_and_commit(self): self.config.use_byte_buffer = True # Make sure using chunk upload, then we can record the request source_blob_client, _ = await self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas @@ -341,7 +341,7 @@ async def _test_append_block_from_url(self): self.config.use_byte_buffer = True # chunk upload source_blob_client, _ = await self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas @@ -448,7 +448,7 @@ async def _test_update_page_from_url(self): self.config.use_byte_buffer = True # Make sure using chunk upload, then we can record the request source_blob_client, _ = await self._create_block_blob(blob_name=source_blob_name, data=self.byte_data) source_blob_sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1) ) source_blob_url = source_blob_client.url + "?" + source_blob_sas diff --git a/sdk/storage/azure-storage-blob/tests/test_logging.py b/sdk/storage/azure-storage-blob/tests/test_logging.py index 15cb6ebfc077..566cb60118d0 100644 --- a/sdk/storage/azure-storage-blob/tests/test_logging.py +++ b/sdk/storage/azure-storage-blob/tests/test_logging.py @@ -14,8 +14,8 @@ BlobServiceClient, ContainerClient, BlobClient, - ContainerPermissions, - BlobPermissions + ContainerSasPermissions, + BlobSasPermissions ) from azure.storage.blob._shared.shared_access_signature import QueryStringConstants @@ -56,7 +56,7 @@ def setUp(self): # generate a SAS so that it is accessible with a URL sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_source = BlobClient(source_blob.url, credential=sas_token) @@ -91,7 +91,7 @@ def test_sas_signature_is_scrubbed_off(self): # Arrange container = self.bsc.get_container_client(self.container_name) token = container.generate_shared_access_signature( - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) # parse out the signed signature diff --git a/sdk/storage/azure-storage-blob/tests/test_logging_async.py b/sdk/storage/azure-storage-blob/tests/test_logging_async.py index 015737f294e9..6ad5c638a00c 100644 --- a/sdk/storage/azure-storage-blob/tests/test_logging_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_logging_async.py @@ -21,8 +21,8 @@ ) from azure.storage.blob import ( - ContainerPermissions, - BlobPermissions, + ContainerSasPermissions, + BlobSasPermissions, ) from azure.storage.blob._shared.shared_access_signature import QueryStringConstants @@ -88,7 +88,7 @@ async def _setup(self): # generate a SAS so that it is accessible with a URL sas_token = source_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_source = BlobClient(source_blob.url, credential=sas_token) @@ -124,7 +124,7 @@ async def _test_sas_signature_is_scrubbed_off(self): # Arrange container = self.bsc.get_container_client(self.container_name) token = container.generate_shared_access_signature( - permission=ContainerPermissions.READ, + permission=ContainerSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) # parse out the signed signature diff --git a/sdk/storage/azure-storage-blob/tests/test_page_blob.py b/sdk/storage/azure-storage-blob/tests/test_page_blob.py index 8d410e729fa7..b734a29b3b22 100644 --- a/sdk/storage/azure-storage-blob/tests/test_page_blob.py +++ b/sdk/storage/azure-storage-blob/tests/test_page_blob.py @@ -18,7 +18,7 @@ ContainerClient, BlobClient, BlobProperties, - BlobPermissions, + BlobSasPermissions, BlobType, PremiumPageBlobTier, SequenceNumberAction, @@ -367,7 +367,7 @@ def test_upload_pages_from_url(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -395,7 +395,7 @@ def test_upload_pages_from_url_and_validate_content_md5(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) src_md5 = StorageContentValidation.get_content_md5(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -430,7 +430,7 @@ def test_upload_pages_from_url_with_source_if_modified(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -467,7 +467,7 @@ def test_upload_pages_from_url_with_source_if_unmodified(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -504,7 +504,7 @@ def test_upload_pages_from_url_with_source_if_match(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -540,7 +540,7 @@ def test_upload_pages_from_url_with_source_if_none_match(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -576,7 +576,7 @@ def test_upload_pages_from_url_with_if_modified(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -613,7 +613,7 @@ def test_upload_pages_from_url_with_if_unmodified(self): source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -650,7 +650,7 @@ def test_upload_pages_from_url_with_if_match(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -686,7 +686,7 @@ def test_upload_pages_from_url_with_if_none_match(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE) @@ -723,7 +723,7 @@ def test_upload_pages_from_url_with_sequence_number_lt(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -759,7 +759,7 @@ def test_upload_pages_from_url_with_sequence_number_lte(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -795,7 +795,7 @@ def test_upload_pages_from_url_with_sequence_number_eq(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -1342,7 +1342,7 @@ def test_incremental_copy_blob(self): snapshot_blob = BlobClient( source_blob.url, credential=source_blob.credential, snapshot=source_snapshot_blob) sas_token = snapshot_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(snapshot_blob.url, credential=sas_token) diff --git a/sdk/storage/azure-storage-blob/tests/test_page_blob_async.py b/sdk/storage/azure-storage-blob/tests/test_page_blob_async.py index ba64b9f5a54c..b01510654756 100644 --- a/sdk/storage/azure-storage-blob/tests/test_page_blob_async.py +++ b/sdk/storage/azure-storage-blob/tests/test_page_blob_async.py @@ -22,7 +22,7 @@ ContainerClient, BlobClient, BlobProperties, - BlobPermissions, + BlobSasPermissions, BlobType, PremiumPageBlobTier, SequenceNumberAction, @@ -469,7 +469,7 @@ async def _test_upload_pages_from_url(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -503,7 +503,7 @@ async def _test_upload_pages_from_url_and_validate_content_md5(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) src_md5 = StorageContentValidation.get_content_md5(source_blob_data) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -543,7 +543,7 @@ async def _test_upload_pages_from_url_with_source_if_modified(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -585,7 +585,7 @@ async def _test_upload_pages_from_url_with_source_if_unmodified(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -627,7 +627,7 @@ async def _test_upload_pages_from_url_with_source_if_match(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -666,7 +666,7 @@ async def _test_upload_pages_from_url_with_source_if_none_match(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -705,7 +705,7 @@ async def _test_upload_pages_from_url_with_if_modified(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -747,7 +747,7 @@ async def _test_upload_pages_from_url_with_if_unmodified(self): source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) source_properties = await source_blob_client.get_blob_properties() sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -788,7 +788,7 @@ async def _test_upload_pages_from_url_with_if_match(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -827,7 +827,7 @@ async def _test_upload_pages_from_url_with_if_none_match(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE) @@ -866,7 +866,7 @@ async def _test_upload_pages_from_url_with_sequence_number_lt(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -905,7 +905,7 @@ async def _test_upload_pages_from_url_with_sequence_number_lte(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -944,7 +944,7 @@ async def _test_upload_pages_from_url_with_sequence_number_eq(self): source_blob_data = self.get_random_bytes(SOURCE_BLOB_SIZE) source_blob_client = await self._create_source_blob(source_blob_data, 0, SOURCE_BLOB_SIZE - 1) sas = source_blob_client.generate_shared_access_signature( - permission=BlobPermissions.READ + BlobPermissions.DELETE, + permission=BlobSasPermissions(read=True, delete=True), expiry=datetime.utcnow() + timedelta(hours=1)) destination_blob_client = await self._create_blob(SOURCE_BLOB_SIZE, sequence_number=start_sequence) @@ -1612,7 +1612,7 @@ async def _test_incremental_copy_blob(self): snapshot_blob = BlobClient( source_blob.url, credential=source_blob.credential, snapshot=source_snapshot_blob) sas_token = snapshot_blob.generate_shared_access_signature( - permission=BlobPermissions.READ, + permission=BlobSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) sas_blob = BlobClient(snapshot_blob.url, credential=sas_token) diff --git a/sdk/storage/azure-storage-file/azure/storage/file/__init__.py b/sdk/storage/azure-storage-file/azure/storage/file/__init__.py index 6bb4dcb2c5d7..a780ec20aa30 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/__init__.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/__init__.py @@ -13,7 +13,7 @@ from ._shared.models import( LocationMode, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode) from .models import ( ShareProperties, @@ -27,8 +27,8 @@ RetentionPolicy, CorsRule, AccessPolicy, - FilePermissions, - SharePermissions, + FileSasPermissions, + ShareSasPermissions, ContentSettings, NTFSAttributes) @@ -46,14 +46,14 @@ 'NoRetry', 'LocationMode', 'ResourceTypes', - 'AccountPermissions', + 'AccountSasPermissions', 'StorageErrorCode', 'Metrics', 'RetentionPolicy', 'CorsRule', 'AccessPolicy', - 'FilePermissions', - 'SharePermissions', + 'FileSasPermissions', + 'ShareSasPermissions', 'ShareProperties', 'SharePropertiesPaged', 'DirectoryProperties', diff --git a/sdk/storage/azure-storage-file/azure/storage/file/_shared/models.py b/sdk/storage/azure-storage-file/azure/storage/file/_shared/models.py index 50f891de3012..3234c72b534f 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/_shared/models.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/_shared/models.py @@ -277,7 +277,7 @@ def __str__(self): ResourceTypes.OBJECT = ResourceTypes(object=True) -class AccountPermissions(object): +class AccountSasPermissions(object): """ :class:`~ResourceTypes` class to be used with generate_shared_access_signature method and for the AccessPolicies used with set_*_acl. There are two types of @@ -285,26 +285,6 @@ class AccountPermissions(object): specific resource (resource-specific). Another is to grant access to the entire service for a specific account and allow certain operations based on perms found here. - - :cvar AccountPermissions AccountPermissions.ADD: - Valid for the following Object resource types only: queue messages and append blobs. - :cvar AccountPermissions AccountPermissions.CREATE: - Valid for the following Object resource types only: blobs and files. Users - can create new blobs or files, but may not overwrite existing blobs or files. - :cvar AccountPermissions AccountPermissions.DELETE: - Valid for Container and Object resource types, except for queue messages. - :cvar AccountPermissions AccountPermissions.LIST: - Valid for Service and Container resource types only. - :cvar AccountPermissions AccountPermissions.PROCESS: - Valid for the following Object resource type only: queue messages. - :cvar AccountPermissions AccountPermissions.READ: - Valid for all signed resources types (Service, Container, and Object). - Permits read permissions to the specified resource type. - :cvar AccountPermissions AccountPermissions.UPDATE: - Valid for the following Object resource types only: queue messages. - :cvar AccountPermissions AccountPermissions.WRITE: - Valid for all signed resources types (Service, Container, and Object). - Permits write permissions to the specified resource type. :param bool read: Valid for all signed resources types (Service, Container, and Object). Permits read permissions to the specified resource type. @@ -325,58 +305,43 @@ class AccountPermissions(object): Valid for the following Object resource types only: queue messages. :param bool process: Valid for the following Object resource type only: queue messages. - :param str _str: - A string representing the permissions. """ - - READ = None # type: AccountPermissions - WRITE = None # type: AccountPermissions - DELETE = None # type: AccountPermissions - LIST = None # type: AccountPermissions - ADD = None # type: AccountPermissions - CREATE = None # type: AccountPermissions - UPDATE = None # type: AccountPermissions - PROCESS = None # type: AccountPermissions - def __init__(self, read=False, write=False, delete=False, list=False, # pylint: disable=redefined-builtin - add=False, create=False, update=False, process=False, _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - self.list = list or ('l' in _str) - self.add = add or ('a' in _str) - self.create = create or ('c' in _str) - self.update = update or ('u' in _str) - self.process = process or ('p' in _str) - - def __or__(self, other): - return AccountPermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return AccountPermissions(_str=str(self) + str(other)) + add=False, create=False, update=False, process=False): + self.read = read + self.write = write + self.delete = delete + self.list = list + self.add = add + self.create = create + self.update = update + self.process = process + self._str = (('r' if self.read else '') + + ('w' if self.write else '') + + ('d' if self.delete else '') + + ('l' if self.list else '') + + ('a' if self.add else '') + + ('c' if self.create else '') + + ('u' if self.update else '') + + ('p' if self.process else '')) def __str__(self): - return (('r' if self.read else '') + - ('w' if self.write else '') + - ('d' if self.delete else '') + - ('l' if self.list else '') + - ('a' if self.add else '') + - ('c' if self.create else '') + - ('u' if self.update else '') + - ('p' if self.process else '')) - - -AccountPermissions.READ = AccountPermissions(read=True) -AccountPermissions.WRITE = AccountPermissions(write=True) -AccountPermissions.DELETE = AccountPermissions(delete=True) -AccountPermissions.LIST = AccountPermissions(list=True) -AccountPermissions.ADD = AccountPermissions(add=True) -AccountPermissions.CREATE = AccountPermissions(create=True) -AccountPermissions.UPDATE = AccountPermissions(update=True) -AccountPermissions.PROCESS = AccountPermissions(process=True) - + return self._str + + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + p_list = 'l' in permission + p_add = 'a' in permission + p_create = 'c' in permission + p_update = 'u' in permission + p_process = 'p' in permission + + parsed = cls(p_read, p_write, p_delete, p_list, p_add, p_create, p_update, p_process) + parsed._str = permission # pylint: disable = protected-access + return parsed class Services(object): """Specifies the services accessible with the account SAS. diff --git a/sdk/storage/azure-storage-file/azure/storage/file/_shared/shared_access_signature.py b/sdk/storage/azure-storage-file/azure/storage/file/_shared/shared_access_signature.py index 183889fc06a6..367c6554ef89 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/_shared/shared_access_signature.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/_shared/shared_access_signature.py @@ -103,7 +103,7 @@ def generate_account(self, services, resource_types, permission, expiry, start=N Specifies the resource types that are accessible with the account SAS. You can combine values to provide access to more than one resource type. - :param AccountPermissions permission: + :param AccountSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-file/azure/storage/file/_shared_access_signature.py b/sdk/storage/azure-storage-file/azure/storage/file/_shared_access_signature.py index 78abc178ea5a..1bfac4a176f0 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/_shared_access_signature.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/_shared_access_signature.py @@ -43,7 +43,7 @@ def generate_file(self, share_name, directory_name=None, file_name=None, this parameter should only be present if file_name is provided. :param str file_name: Name of file. - :param FilePermissions permission: + :param FileSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, create, write, delete, list. @@ -121,7 +121,7 @@ def generate_share(self, share_name, permission=None, expiry=None, :param str share_name: Name of share. - :param SharePermissions permission: + :param ShareSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, create, write, delete, list. diff --git a/sdk/storage/azure-storage-file/azure/storage/file/aio/__init__.py b/sdk/storage/azure-storage-file/azure/storage/file/aio/__init__.py index 504192b1d559..03e0d3ba5ef8 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/aio/__init__.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/aio/__init__.py @@ -12,7 +12,7 @@ from .._shared.models import ( LocationMode, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode) from ..models import ( Handle, @@ -23,8 +23,8 @@ RetentionPolicy, CorsRule, AccessPolicy, - FilePermissions, - SharePermissions, + FileSasPermissions, + ShareSasPermissions, ContentSettings, NTFSAttributes) from .models import ( @@ -43,7 +43,7 @@ 'NoRetry', 'LocationMode', 'ResourceTypes', - 'AccountPermissions', + 'AccountSasPermissions', 'StorageErrorCode', 'Metrics', 'RetentionPolicy', @@ -51,8 +51,8 @@ 'Handle', 'HandlesPaged', 'AccessPolicy', - 'FilePermissions', - 'SharePermissions', + 'FileSasPermissions', + 'ShareSasPermissions', 'ShareProperties', 'SharePropertiesPaged', 'DirectoryProperties', diff --git a/sdk/storage/azure-storage-file/azure/storage/file/aio/file_service_client_async.py b/sdk/storage/azure-storage-file/azure/storage/file/aio/file_service_client_async.py index 0034963eff8b..dc87ec4086e8 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/aio/file_service_client_async.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/aio/file_service_client_async.py @@ -26,7 +26,7 @@ if TYPE_CHECKING: from datetime import datetime - from .._shared.models import ResourceTypes, AccountPermissions + from .._shared.models import ResourceTypes, AccountSasPermissions from ..models import Metrics, CorsRule, ShareProperties diff --git a/sdk/storage/azure-storage-file/azure/storage/file/file_client.py b/sdk/storage/azure-storage-file/azure/storage/file/file_client.py index 3c2b8dbfc837..a4889aa99574 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/file_client.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/file_client.py @@ -39,7 +39,7 @@ if TYPE_CHECKING: from datetime import datetime - from .models import ShareProperties, FilePermissions, ContentSettings, FileProperties + from .models import ShareProperties, FileSasPermissions, ContentSettings, FileProperties from ._generated.models import HandleItem @@ -238,7 +238,7 @@ def from_connection_string( account_url, share=share, file_path=file_path, snapshot=snapshot, credential=credential, **kwargs) def generate_shared_access_signature( - self, permission=None, # type: Optional[Union[FilePermissions, str]] + self, permission=None, # type: Optional[Union[FileSasPermissions, str]] expiry=None, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] policy_id=None, # type: Optional[str] @@ -256,7 +256,7 @@ def generate_shared_access_signature( Use the returned signature with the credential parameter of any FileServiceClient, ShareClient, DirectoryClient, or FileClient. - :param ~azure.storage.file.models.FilePermissions permission: + :param ~azure.storage.file.models.FileSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. diff --git a/sdk/storage/azure-storage-file/azure/storage/file/file_service_client.py b/sdk/storage/azure-storage-file/azure/storage/file/file_service_client.py index 53fba3a0d745..2c15911bc3c8 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/file_service_client.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/file_service_client.py @@ -29,7 +29,7 @@ if TYPE_CHECKING: from datetime import datetime - from ._shared.models import ResourceTypes, AccountPermissions + from ._shared.models import ResourceTypes, AccountSasPermissions from .models import Metrics, CorsRule, ShareProperties @@ -137,7 +137,7 @@ def from_connection_string( def generate_shared_access_signature( self, resource_types, # type: Union[ResourceTypes, str] - permission, # type: Union[AccountPermissions, str] + permission, # type: Union[AccountSasPermissions, str] expiry, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] ip=None, # type: Optional[str] @@ -150,7 +150,7 @@ def generate_shared_access_signature( :param ~azure.storage.file._shared.models.ResourceTypes resource_types: Specifies the resource types that are accessible with the account SAS. - :param ~azure.storage.file._shared.models.AccountPermissions permission: + :param ~azure.storage.file._shared.models.AccountSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-file/azure/storage/file/models.py b/sdk/storage/azure-storage-file/azure/storage/file/models.py index 258c6f54b35b..f0d62b991371 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/models.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/models.py @@ -630,20 +630,10 @@ def _from_generated(cls, generated): return copy -class FilePermissions(object): - """FilePermissions class to be used with +class FileSasPermissions(object): + """FileSasPermissions class to be used with generating shared access signature operations. - :cvar FilePermissions FilePermissions.CREATE: - Create a new file or copy a file to a new file. - :cvar FilePermissions FilePermissions.DELETE: - Delete the file. - :cvar FilePermissions FilePermissions.READ: - Read the content, properties, metadata. Use the file as the source of a copy - operation. - :cvar FilePermissions FilePermissions.WRITE: - Create or write content, properties, metadata. Resize the file. Use the file - as the destination of a copy operation within the same account. :param bool read: Read the content, properties, metadata. Use the file as the source of a copy operation. @@ -654,62 +644,36 @@ class FilePermissions(object): as the destination of a copy operation within the same account. :param bool delete: Delete the file. - :param str _str: - A string representing the permissions. """ - - CREATE = None # type: FilePermissions - DELETE = None # type: FilePermissions - READ = None # type: FilePermissions - WRITE = None # type: FilePermissions - - def __init__(self, read=False, create=False, write=False, delete=False, - _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.create = create or ('c' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - - def __or__(self, other): - return FilePermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return FilePermissions(_str=str(self) + str(other)) + def __init__(self, read=False, create=False, write=False, delete=False): + self.read = read + self.create = create + self.write = write + self.delete = delete + self._str = (('r' if self.read else '') + + ('c' if self.create else '') + + ('w' if self.write else '') + + ('d' if self.delete else '')) def __str__(self): - return (('r' if self.read else '') + - ('c' if self.create else '') + - ('w' if self.write else '') + - ('d' if self.delete else '')) + return self._str + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_create = 'c' in permission + p_write = 'w' in permission + p_delete = 'd' in permission -FilePermissions.CREATE = FilePermissions(create=True) # type: ignore -FilePermissions.DELETE = FilePermissions(delete=True) # type: ignore -FilePermissions.READ = FilePermissions(read=True) # type: ignore -FilePermissions.WRITE = FilePermissions(write=True) # type: ignore + parsed = cls(p_read, p_create, p_write, p_delete) + parsed._str = permission # pylint: disable = protected-access + return parsed -class SharePermissions(object): - """SharePermissions class to be used to be used with +class ShareSasPermissions(object): + """ShareSasPermissions class to be used to be used with generating shared access signature and access policy operations. - :cvar SharePermissions SharePermissions.DELETE: - Delete any file in the share. - Note: You cannot grant permissions to delete a share with a service SAS. Use - an account SAS instead. - :cvar SharePermissions SharePermissions.LIST: - List files and directories in the share. - :cvar SharePermissions SharePermissions.READ: - Read the content, properties or metadata of any file in the share. Use any - file in the share as the source of a copy operation. - :cvar SharePermissions SharePermissions.WRITE: - For any file in the share, create or write content, properties or metadata. - Resize the file. Use the file as the destination of a copy operation within - the same account. - Note: You cannot grant permissions to read or write share properties or - metadata with a service SAS. Use an account SAS instead. :param bool read: Read the content, properties or metadata of any file in the share. Use any file in the share as the source of a copy operation. @@ -725,42 +689,31 @@ class SharePermissions(object): an account SAS instead. :param bool list: List files and directories in the share. - :param str _str: - A string representing the permissions """ + def __init__(self, read=False, write=False, delete=False, list=False): # pylint: disable=redefined-builtin + self.read = read + self.write = write + self.delete = delete + self.list = list + self._str = (('r' if self.read else '') + + ('w' if self.write else '') + + ('d' if self.delete else '') + + ('l' if self.list else '')) - LIST = None # type: SharePermissions - DELETE = None # type: SharePermissions - READ = None # type: SharePermissions - WRITE = None # type: SharePermissions - - def __init__(self, read=False, write=False, delete=False, list=False, # pylint: disable=redefined-builtin - _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - self.list = list or ('l' in _str) - - def __or__(self, other): - return SharePermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return SharePermissions(_str=str(self) + str(other)) def __str__(self): - return (('r' if self.read else '') + - ('w' if self.write else '') + - ('d' if self.delete else '') + - ('l' if self.list else '')) - - -SharePermissions.DELETE = SharePermissions(delete=True) # type: ignore -SharePermissions.LIST = SharePermissions(list=True) # type: ignore -SharePermissions.READ = SharePermissions(read=True) # type: ignore -SharePermissions.WRITE = SharePermissions(write=True) # type: ignore + return self._str + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + p_list = 'l' in permission + + parsed = cls(p_read, p_write, p_delete, p_list) + parsed._str = permission # pylint: disable = protected-access + return parsed class NTFSAttributes(object): """ diff --git a/sdk/storage/azure-storage-file/azure/storage/file/share_client.py b/sdk/storage/azure-storage-file/azure/storage/file/share_client.py index 77482bb77ca8..e92b65a310e4 100644 --- a/sdk/storage/azure-storage-file/azure/storage/file/share_client.py +++ b/sdk/storage/azure-storage-file/azure/storage/file/share_client.py @@ -34,7 +34,7 @@ from ._shared_access_signature import FileSharedAccessSignature if TYPE_CHECKING: - from .models import ShareProperties, AccessPolicy, SharePermissions + from .models import ShareProperties, AccessPolicy, ShareSasPermissions class ShareClient(StorageAccountHostsMixin): @@ -168,7 +168,7 @@ def from_connection_string( account_url, share=share, snapshot=snapshot, credential=credential, **kwargs) def generate_shared_access_signature( - self, permission=None, # type: Optional[Union[SharePermissions, str]] + self, permission=None, # type: Optional[Union[ShareSasPermissions, str]] expiry=None, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] policy_id=None, # type: Optional[str] @@ -184,7 +184,7 @@ def generate_shared_access_signature( Use the returned signature with the credential parameter of any FileServiceClient, ShareClient, DirectoryClient, or FileClient. - :param ~azure.storage.file.models.SharePermissions permission: + :param ~azure.storage.file.models.ShareSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, create, write, delete, list. diff --git a/sdk/storage/azure-storage-file/tests/test_file.py b/sdk/storage/azure-storage-file/tests/test_file.py index 5c1fc651fa78..19df33ad690d 100644 --- a/sdk/storage/azure-storage-file/tests/test_file.py +++ b/sdk/storage/azure-storage-file/tests/test_file.py @@ -19,10 +19,10 @@ FileClient, FileServiceClient, ContentSettings, - FilePermissions, + FileSasPermissions, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode, NTFSAttributes) from filetestcase import ( @@ -620,7 +620,7 @@ def test_update_range_from_file_url(self): # generate SAS for the source file sas_token_for_source_file = \ source_file_client.generate_shared_access_signature( - FilePermissions.READ, + FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1)) source_file_url = source_file_client.url + '?' + sas_token_for_source_file @@ -652,7 +652,7 @@ def test_update_big_range_from_file_url(self): # generate SAS for the source file sas_token_for_source_file = \ source_file_client.generate_shared_access_signature( - FilePermissions.READ, + FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1)) source_file_url = source_file_client.url + '?' + sas_token_for_source_file @@ -858,7 +858,7 @@ def test_copy_file_async_private_file_with_sas(self): self._create_remote_share() source_file = self._create_remote_file(file_data=data) sas_token = source_file.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) source_url = source_file.url + '?' + sas_token @@ -886,7 +886,7 @@ def test_abort_copy_file(self): self._create_remote_share() source_file = self._create_remote_file(file_data=data) sas_token = source_file.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) source_url = source_file.url + '?' + sas_token @@ -1403,7 +1403,7 @@ def test_sas_access_file(self): # Arrange file_client = self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1431,7 +1431,7 @@ def test_sas_signed_identifier(self): access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = FilePermissions.READ + access_policy.permission = FileSasPermissions(read=True) identifiers = {'testid': access_policy} share_client.set_share_access_policy(identifiers) @@ -1457,7 +1457,7 @@ def test_account_sas(self): file_client = self._create_file() token = self.fsc.generate_shared_access_signature( ResourceTypes.OBJECT, - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), ) @@ -1483,7 +1483,7 @@ def test_shared_read_access_file(self): # Arrange file_client = self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1508,7 +1508,7 @@ def test_shared_read_access_file_with_content_query_params(self): # Arrange file_client = self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), cache_control='no-cache', content_disposition='inline', @@ -1543,7 +1543,7 @@ def test_shared_write_access_file(self): updated_data = b'updated file data' file_client_admin = self._create_file() token = file_client_admin.generate_shared_access_signature( - permission=FilePermissions.WRITE, + permission=FileSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) file_client = FileClient( @@ -1570,7 +1570,7 @@ def test_shared_delete_access_file(self): # Arrange file_client_admin = self._create_file() token = file_client_admin.generate_shared_access_signature( - permission=FilePermissions.DELETE, + permission=FileSasPermissions(delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) file_client = FileClient( diff --git a/sdk/storage/azure-storage-file/tests/test_file_async.py b/sdk/storage/azure-storage-file/tests/test_file_async.py index 4bc047d17a3b..98f60a899c84 100644 --- a/sdk/storage/azure-storage-file/tests/test_file_async.py +++ b/sdk/storage/azure-storage-file/tests/test_file_async.py @@ -22,10 +22,10 @@ FileClient, FileServiceClient, ContentSettings, - FilePermissions, + FileSasPermissions, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode ) from filetestcase import ( @@ -768,7 +768,7 @@ async def _test_update_range_from_file_url(self): # generate SAS for the source file sas_token_for_source_file = \ source_file_client.generate_shared_access_signature( - FilePermissions.READ, + FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1)) source_file_url = source_file_client.url + '?' + sas_token_for_source_file @@ -805,7 +805,7 @@ async def _test_update_big_range_from_file_url(self): # generate SAS for the source file sas_token_for_source_file = \ source_file_client.generate_shared_access_signature( - FilePermissions.READ, + FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1)) source_file_url = source_file_client.url + '?' + sas_token_for_source_file @@ -1062,7 +1062,7 @@ async def _test_copy_file_async_private_file_with_sas_async(self): await self._create_remote_share() source_file = await self._create_remote_file(file_data=data) sas_token = source_file.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) source_url = source_file.url + '?' + sas_token @@ -1097,7 +1097,7 @@ async def _test_abort_copy_file_async(self): await self._create_remote_share() source_file = await self._create_remote_file(file_data=data) sas_token = source_file.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) source_url = source_file.url + '?' + sas_token @@ -1734,7 +1734,7 @@ async def _test_sas_access_file_async(self): # Arrange file_client = await self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1767,7 +1767,7 @@ async def _test_sas_signed_identifier_async(self): access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = FilePermissions.READ + access_policy.permission = FileSasPermissions(read=True) identifiers = {'testid': access_policy} await share_client.set_share_access_policy(identifiers) @@ -1798,7 +1798,7 @@ async def _test_account_sas_async(self): file_client = await self._create_file() token = self.fsc.generate_shared_access_signature( ResourceTypes.OBJECT, - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), ) @@ -1828,7 +1828,7 @@ async def _test_shared_read_access_file_async(self): # Arrange file_client = await self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), ) @@ -1857,7 +1857,7 @@ async def _test_shared_read_access_file_with_content_query_params_async(self): # Arrange file_client = await self._create_file() token = file_client.generate_shared_access_signature( - permission=FilePermissions.READ, + permission=FileSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), cache_control='no-cache', content_disposition='inline', @@ -1896,7 +1896,7 @@ async def _test_shared_write_access_file_async(self): updated_data = b'updated file data' file_client_admin = await self._create_file() token = file_client_admin.generate_shared_access_signature( - permission=FilePermissions.WRITE, + permission=FileSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) file_client = FileClient( @@ -1928,7 +1928,7 @@ async def _test_shared_delete_access_file_async(self): # Arrange file_client_admin = await self._create_file() token = file_client_admin.generate_shared_access_signature( - permission=FilePermissions.DELETE, + permission=FileSasPermissions(delete=True), expiry=datetime.utcnow() + timedelta(hours=1), ) file_client = FileClient( diff --git a/sdk/storage/azure-storage-file/tests/test_share.py b/sdk/storage/azure-storage-file/tests/test_share.py index dd4adf1cb3f3..dd58eaf88061 100644 --- a/sdk/storage/azure-storage-file/tests/test_share.py +++ b/sdk/storage/azure-storage-file/tests/test_share.py @@ -15,7 +15,7 @@ ResourceNotFoundError, ResourceExistsError) -from azure.storage.file.models import AccessPolicy, SharePermissions +from azure.storage.file.models import AccessPolicy, ShareSasPermissions from azure.storage.file.file_service_client import FileServiceClient from azure.storage.file.directory_client import DirectoryClient from azure.storage.file.file_client import FileClient @@ -549,7 +549,7 @@ def test_set_share_acl_with_signed_identifiers(self): # Act identifiers = dict() identifiers['testid'] = AccessPolicy( - permission=SharePermissions.WRITE, + permission=ShareSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) @@ -727,7 +727,7 @@ def test_shared_access_share(self): token = share.generate_shared_access_signature( expiry=datetime.utcnow() + timedelta(hours=1), - permission=SharePermissions.READ, + permission=ShareSasPermissions(read=True), ) sas_client = FileClient( self.get_file_url(), diff --git a/sdk/storage/azure-storage-file/tests/test_share_async.py b/sdk/storage/azure-storage-file/tests/test_share_async.py index 7fac8757eb49..2c05eaf89f4c 100644 --- a/sdk/storage/azure-storage-file/tests/test_share_async.py +++ b/sdk/storage/azure-storage-file/tests/test_share_async.py @@ -19,7 +19,7 @@ from azure.storage.file.aio import ( AccessPolicy, - SharePermissions, + ShareSasPermissions, FileServiceClient, DirectoryClient, FileClient, @@ -662,7 +662,7 @@ async def _test_set_share_acl_with_signed_identifiers_async(self): # Act identifiers = dict() identifiers['testid'] = AccessPolicy( - permission=SharePermissions.WRITE, + permission=ShareSasPermissions(write=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=1), ) @@ -873,7 +873,7 @@ async def _test_shared_access_share_async(self): token = share.generate_shared_access_signature( expiry=datetime.utcnow() + timedelta(hours=1), - permission=SharePermissions.READ, + permission=ShareSasPermissions(read=True), ) sas_client = FileClient( self.get_file_url(), diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/__init__.py b/sdk/storage/azure-storage-queue/azure/storage/queue/__init__.py index 8cd24874fff0..77c2c5872ef1 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/__init__.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/__init__.py @@ -11,7 +11,7 @@ from ._shared.models import( LocationMode, ResourceTypes, - AccountPermissions, + AccountSasPermissions, StorageErrorCode ) from ._message_encoding import ( @@ -28,7 +28,7 @@ QueueMessage, QueueProperties, QueuePropertiesPaged, - QueuePermissions, + QueueSasPermissions, AccessPolicy, Logging, Metrics, @@ -47,12 +47,12 @@ 'NoRetry', 'LocationMode', 'ResourceTypes', - 'AccountPermissions', + 'AccountSasPermissions', 'StorageErrorCode', 'QueueMessage', 'QueueProperties', 'QueuePropertiesPaged', - 'QueuePermissions', + 'QueueSasPermissions', 'AccessPolicy', 'TextBase64EncodePolicy', 'TextBase64DecodePolicy', diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/models.py b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/models.py index 50f891de3012..0fd6d4de786c 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/models.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/models.py @@ -277,7 +277,7 @@ def __str__(self): ResourceTypes.OBJECT = ResourceTypes(object=True) -class AccountPermissions(object): +class AccountSasPermissions(object): """ :class:`~ResourceTypes` class to be used with generate_shared_access_signature method and for the AccessPolicies used with set_*_acl. There are two types of @@ -285,26 +285,6 @@ class AccountPermissions(object): specific resource (resource-specific). Another is to grant access to the entire service for a specific account and allow certain operations based on perms found here. - - :cvar AccountPermissions AccountPermissions.ADD: - Valid for the following Object resource types only: queue messages and append blobs. - :cvar AccountPermissions AccountPermissions.CREATE: - Valid for the following Object resource types only: blobs and files. Users - can create new blobs or files, but may not overwrite existing blobs or files. - :cvar AccountPermissions AccountPermissions.DELETE: - Valid for Container and Object resource types, except for queue messages. - :cvar AccountPermissions AccountPermissions.LIST: - Valid for Service and Container resource types only. - :cvar AccountPermissions AccountPermissions.PROCESS: - Valid for the following Object resource type only: queue messages. - :cvar AccountPermissions AccountPermissions.READ: - Valid for all signed resources types (Service, Container, and Object). - Permits read permissions to the specified resource type. - :cvar AccountPermissions AccountPermissions.UPDATE: - Valid for the following Object resource types only: queue messages. - :cvar AccountPermissions AccountPermissions.WRITE: - Valid for all signed resources types (Service, Container, and Object). - Permits write permissions to the specified resource type. :param bool read: Valid for all signed resources types (Service, Container, and Object). Permits read permissions to the specified resource type. @@ -325,57 +305,43 @@ class AccountPermissions(object): Valid for the following Object resource types only: queue messages. :param bool process: Valid for the following Object resource type only: queue messages. - :param str _str: - A string representing the permissions. """ - - READ = None # type: AccountPermissions - WRITE = None # type: AccountPermissions - DELETE = None # type: AccountPermissions - LIST = None # type: AccountPermissions - ADD = None # type: AccountPermissions - CREATE = None # type: AccountPermissions - UPDATE = None # type: AccountPermissions - PROCESS = None # type: AccountPermissions - def __init__(self, read=False, write=False, delete=False, list=False, # pylint: disable=redefined-builtin - add=False, create=False, update=False, process=False, _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.write = write or ('w' in _str) - self.delete = delete or ('d' in _str) - self.list = list or ('l' in _str) - self.add = add or ('a' in _str) - self.create = create or ('c' in _str) - self.update = update or ('u' in _str) - self.process = process or ('p' in _str) - - def __or__(self, other): - return AccountPermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return AccountPermissions(_str=str(self) + str(other)) + add=False, create=False, update=False, process=False): + self.read = read + self.write = write + self.delete = delete + self.list = list + self.add = add + self.create = create + self.update = update + self.process = process + self._str = (('r' if self.read else '') + + ('w' if self.write else '') + + ('d' if self.delete else '') + + ('l' if self.list else '') + + ('a' if self.add else '') + + ('c' if self.create else '') + + ('u' if self.update else '') + + ('p' if self.process else '')) def __str__(self): - return (('r' if self.read else '') + - ('w' if self.write else '') + - ('d' if self.delete else '') + - ('l' if self.list else '') + - ('a' if self.add else '') + - ('c' if self.create else '') + - ('u' if self.update else '') + - ('p' if self.process else '')) - - -AccountPermissions.READ = AccountPermissions(read=True) -AccountPermissions.WRITE = AccountPermissions(write=True) -AccountPermissions.DELETE = AccountPermissions(delete=True) -AccountPermissions.LIST = AccountPermissions(list=True) -AccountPermissions.ADD = AccountPermissions(add=True) -AccountPermissions.CREATE = AccountPermissions(create=True) -AccountPermissions.UPDATE = AccountPermissions(update=True) -AccountPermissions.PROCESS = AccountPermissions(process=True) + return self._str + + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_write = 'w' in permission + p_delete = 'd' in permission + p_list = 'l' in permission + p_add = 'a' in permission + p_create = 'c' in permission + p_update = 'u' in permission + p_process = 'p' in permission + + parsed = cls(p_read, p_write, p_delete, p_list, p_add, p_create, p_update, p_process) + parsed._str = permission # pylint: disable = protected-access + return parsed class Services(object): diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/shared_access_signature.py b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/shared_access_signature.py index 183889fc06a6..367c6554ef89 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/shared_access_signature.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared/shared_access_signature.py @@ -103,7 +103,7 @@ def generate_account(self, services, resource_types, permission, expiry, start=N Specifies the resource types that are accessible with the account SAS. You can combine values to provide access to more than one resource type. - :param AccountPermissions permission: + :param AccountSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared_access_signature.py b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared_access_signature.py index d4b2e27327f8..827d00c77084 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/_shared_access_signature.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/_shared_access_signature.py @@ -35,7 +35,7 @@ def generate_queue(self, queue_name, permission=None, Use the returned signature with the sas_token parameter of QueueService. :param str queue_name: Name of queue. - :param QueuePermissions permission: + :param QueueSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, add, update, process. diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/__init__.py b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/__init__.py index c70ebec1f8cc..1085b29e6628 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/__init__.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/__init__.py @@ -10,7 +10,7 @@ from .models import MessagesPaged, QueuePropertiesPaged from ..models import ( Logging, Metrics, RetentionPolicy, CorsRule, AccessPolicy, - QueueMessage, QueuePermissions, QueueProperties) + QueueMessage, QueueSasPermissions, QueueProperties) __version__ = VERSION @@ -24,7 +24,7 @@ 'AccessPolicy', 'QueueMessage', 'MessagesPaged', - 'QueuePermissions', + 'QueueSasPermissions', 'QueueProperties', 'QueuePropertiesPaged' ] diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_client_async.py b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_client_async.py index 37f9a9f56dec..26c5f8db6976 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_client_async.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_client_async.py @@ -50,7 +50,7 @@ if TYPE_CHECKING: from datetime import datetime from azure.core.pipeline.policies import HTTPPolicy - from azure.storage.queue.models import QueuePermissions, QueueProperties + from azure.storage.queue.models import QueueSasPermissions, QueueProperties class QueueClient(AsyncStorageAccountHostsMixin, QueueClientBase): diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_service_client_async.py b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_service_client_async.py index 1798b10ac0ed..d67dba7228a2 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_service_client_async.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/aio/queue_service_client_async.py @@ -32,7 +32,7 @@ from datetime import datetime from azure.core import Configuration from azure.core.pipeline.policies import HTTPPolicy - from azure.storage.queue._shared.models import AccountPermissions, ResourceTypes + from azure.storage.queue._shared.models import AccountSasPermissions, ResourceTypes from azure.storage.queue.aio.models import ( QueueProperties ) diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/models.py b/sdk/storage/azure-storage-queue/azure/storage/queue/models.py index 64d159271513..8cd74ba829d8 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/models.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/models.py @@ -331,21 +331,12 @@ def _extract_data_cb(self, get_next_return): return self._response.next_marker or None, props_list -class QueuePermissions(object): - """QueuePermissions class to be used with +class QueueSasPermissions(object): + """QueueSasPermissions class to be used with :func:`~azure.storage.queue.queue_client.QueueClient.generate_shared_access_signature` method and for the AccessPolicies used with :func:`~azure.storage.queue.queue_client.QueueClient.set_queue_access_policy`. - :ivar QueuePermissions QueuePermissions.READ: - Read metadata and properties, including message count. Peek at messages. - :ivar QueuePermissions QueuePermissions.ADD: - Add messages to the queue. - :ivar QueuePermissions QueuePermissions.UPDATE: - Update messages in the queue. Note: Use the Process permission with - Update so you can first get the message you want to update. - :ivar QueuePermissions QueuePermissions.PROCESS: Delete entities. - Get and delete messages from the queue. :param bool read: Read metadata and properties, including message count. Peek at messages. :param bool add: @@ -355,37 +346,27 @@ class QueuePermissions(object): Update so you can first get the message you want to update. :param bool process: Get and delete messages from the queue. - :param str _str: - A string representing the permissions. """ - - READ = None # type: QueuePermissions - ADD = None # type: QueuePermissions - UPDATE = None # type: QueuePermissions - PROCESS = None # type: QueuePermissions - - def __init__(self, read=False, add=False, update=False, process=False, _str=None): - if not _str: - _str = '' - self.read = read or ('r' in _str) - self.add = add or ('a' in _str) - self.update = update or ('u' in _str) - self.process = process or ('p' in _str) - - def __or__(self, other): - return QueuePermissions(_str=str(self) + str(other)) - - def __add__(self, other): - return QueuePermissions(_str=str(self) + str(other)) + def __init__(self, read=False, add=False, update=False, process=False): + self.read = read + self.add = add + self.update = update + self.process = process + self._str = (('r' if self.read else '') + + ('a' if self.add else '') + + ('u' if self.update else '') + + ('p' if self.process else '')) def __str__(self): - return (('r' if self.read else '') + - ('a' if self.add else '') + - ('u' if self.update else '') + - ('p' if self.process else '')) + return self._str - -QueuePermissions.READ = QueuePermissions(read=True) -QueuePermissions.ADD = QueuePermissions(add=True) -QueuePermissions.UPDATE = QueuePermissions(update=True) -QueuePermissions.PROCESS = QueuePermissions(process=True) + @classmethod + def from_string(cls, permission): + p_read = 'r' in permission + p_add = 'a' in permission + p_update = 'u' in permission + p_process = 'p' in permission + + parsed = cls(p_read, p_add, p_update, p_process) + parsed._str = permission # pylint: disable = protected-access + return parsed diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/queue_client.py b/sdk/storage/azure-storage-queue/azure/storage/queue/queue_client.py index d1fc7766aaf6..e5bb72c56469 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/queue_client.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/queue_client.py @@ -36,7 +36,7 @@ if TYPE_CHECKING: from datetime import datetime from azure.core.pipeline.policies import HTTPPolicy - from .models import QueuePermissions, QueueProperties + from .models import QueueSasPermissions, QueueProperties class QueueClient(StorageAccountHostsMixin): @@ -162,7 +162,7 @@ def from_connection_string( return cls(account_url, queue=queue, credential=credential, **kwargs) # type: ignore def generate_shared_access_signature( - self, permission=None, # type: Optional[Union[QueuePermissions, str]] + self, permission=None, # type: Optional[Union[QueueSasPermissions, str]] expiry=None, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] policy_id=None, # type: Optional[str] @@ -173,7 +173,7 @@ def generate_shared_access_signature( Use the returned signature with the credential parameter of any Queue Service. - :param ~azure.storage.queue.models.QueuePermissions permission: + :param ~azure.storage.queue.models.QueueSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless a policy_id is given referencing a stored access policy diff --git a/sdk/storage/azure-storage-queue/azure/storage/queue/queue_service_client.py b/sdk/storage/azure-storage-queue/azure/storage/queue/queue_service_client.py index 3baf0f7393e5..04679aa2b73e 100644 --- a/sdk/storage/azure-storage-queue/azure/storage/queue/queue_service_client.py +++ b/sdk/storage/azure-storage-queue/azure/storage/queue/queue_service_client.py @@ -29,7 +29,7 @@ from datetime import datetime from azure.core import Configuration from azure.core.pipeline.policies import HTTPPolicy - from ._shared.models import AccountPermissions, ResourceTypes + from ._shared.models import AccountSasPermissions, ResourceTypes from .models import ( QueueProperties, Logging, @@ -149,7 +149,7 @@ def from_connection_string( def generate_shared_access_signature( self, resource_types, # type: Union[ResourceTypes, str] - permission, # type: Union[AccountPermissions, str] + permission, # type: Union[AccountSasPermissions, str] expiry, # type: Optional[Union[datetime, str]] start=None, # type: Optional[Union[datetime, str]] ip=None, # type: Optional[str] @@ -161,7 +161,7 @@ def generate_shared_access_signature( :param ~azure.storage.queue._shared.models.ResourceTypes resource_types: Specifies the resource types that are accessible with the account SAS. - :param ~azure.storage.queue._shared.models.AccountPermissions permission: + :param ~azure.storage.queue._shared.models.AccountSasPermissions permission: The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. :param expiry: diff --git a/sdk/storage/azure-storage-queue/tests/test_queue.py b/sdk/storage/azure-storage-queue/tests/test_queue.py index 32083fcabf1f..de4e58b1d453 100644 --- a/sdk/storage/azure-storage-queue/tests/test_queue.py +++ b/sdk/storage/azure-storage-queue/tests/test_queue.py @@ -27,10 +27,10 @@ from azure.storage.queue import ( QueueServiceClient, QueueClient, - QueuePermissions, + QueueSasPermissions, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, ) from queuetestcase import ( @@ -543,7 +543,7 @@ def test_account_sas(self, resource_group, location, storage_account, storage_ac queue_client.enqueue_message(u'message1') token = qsc.generate_shared_access_signature( ResourceTypes.OBJECT, - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), datetime.utcnow() - timedelta(minutes=5) ) @@ -600,7 +600,7 @@ def test_sas_read(self, resource_group, location, storage_account, storage_accou queue_client.create_queue() queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.READ, + QueueSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), datetime.utcnow() - timedelta(minutes=5) ) @@ -632,7 +632,7 @@ def test_sas_add(self, resource_group, location, storage_account, storage_accoun queue_client = self._get_queue_reference(qsc) queue_client.create_queue() token = queue_client.generate_shared_access_signature( - QueuePermissions.ADD, + QueueSasPermissions(add=True), datetime.utcnow() + timedelta(hours=1), ) @@ -660,7 +660,7 @@ def test_sas_update(self, resource_group, location, storage_account, storage_acc queue_client.create_queue() queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.UPDATE, + QueueSasPermissions(update=True), datetime.utcnow() + timedelta(hours=1), ) messages = queue_client.receive_messages() @@ -695,7 +695,7 @@ def test_sas_process(self, resource_group, location, storage_account, storage_ac queue_client.create_queue() queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.PROCESS, + QueueSasPermissions(process=True), datetime.utcnow() + timedelta(hours=1), ) @@ -722,7 +722,7 @@ def test_sas_signed_identifier(self, resource_group, location, storage_account, access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = QueuePermissions.READ + access_policy.permission = QueueSasPermissions(read=True) identifiers = {'testid': access_policy} @@ -858,7 +858,7 @@ def test_set_queue_acl_with_signed_identifiers(self, resource_group, location, s queue_client.create_queue() # Act - access_policy = AccessPolicy(permission=QueuePermissions.READ, + access_policy = AccessPolicy(permission=QueueSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=5)) identifiers = {'testid': access_policy} diff --git a/sdk/storage/azure-storage-queue/tests/test_queue_async.py b/sdk/storage/azure-storage-queue/tests/test_queue_async.py index 1483a11d5c63..9849a44de57f 100644 --- a/sdk/storage/azure-storage-queue/tests/test_queue_async.py +++ b/sdk/storage/azure-storage-queue/tests/test_queue_async.py @@ -26,10 +26,10 @@ from azure.storage.queue.aio import QueueServiceClient, QueueClient from azure.storage.queue import ( - QueuePermissions, + QueueSasPermissions, AccessPolicy, ResourceTypes, - AccountPermissions, + AccountSasPermissions, ) from asyncqueuetestcase import ( @@ -585,7 +585,7 @@ async def test_account_sas(self, resource_group, location, storage_account, stor await queue_client.enqueue_message(u'message1') token = qsc.generate_shared_access_signature( ResourceTypes.OBJECT, - AccountPermissions.READ, + AccountSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), datetime.utcnow() - timedelta(minutes=5) ) @@ -647,7 +647,7 @@ async def test_sas_read(self, resource_group, location, storage_account, storage queue_client = await self._create_queue(qsc) await queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.READ, + QueueSasPermissions(read=True), datetime.utcnow() + timedelta(hours=1), datetime.utcnow() - timedelta(minutes=5) ) @@ -679,7 +679,7 @@ async def test_sas_add(self, resource_group, location, storage_account, storage_ # Arrange queue_client = await self._create_queue(qsc) token = queue_client.generate_shared_access_signature( - QueuePermissions.ADD, + QueueSasPermissions(add=True), datetime.utcnow() + timedelta(hours=1), ) @@ -710,7 +710,7 @@ async def test_sas_update(self, resource_group, location, storage_account, stora queue_client = await self._create_queue(qsc) await queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.UPDATE, + QueueSasPermissions(update=True), datetime.utcnow() + timedelta(hours=1), ) messages = [] @@ -750,7 +750,7 @@ async def test_sas_process(self, resource_group, location, storage_account, stor queue_client = await self._create_queue(qsc) await queue_client.enqueue_message(u'message1') token = queue_client.generate_shared_access_signature( - QueuePermissions.PROCESS, + QueueSasPermissions(process=True), datetime.utcnow() + timedelta(hours=1), ) @@ -782,7 +782,7 @@ async def test_sas_signed_identifier(self, resource_group, location, storage_acc access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = QueuePermissions.READ + access_policy.permission = QueueSasPermissions(read=True) identifiers = {'testid': access_policy} @@ -917,7 +917,7 @@ async def test_set_queue_acl_with_signed_identifiers(self, resource_group, locat queue_client = await self._create_queue(qsc) # Act - access_policy = AccessPolicy(permission=QueuePermissions.READ, + access_policy = AccessPolicy(permission=QueueSasPermissions(read=True), expiry=datetime.utcnow() + timedelta(hours=1), start=datetime.utcnow() - timedelta(minutes=5)) identifiers = {'testid': access_policy} diff --git a/sdk/storage/azure-storage-queue/tests/test_queue_samples_message.py b/sdk/storage/azure-storage-queue/tests/test_queue_samples_message.py index af7dce4849ca..be1a2ad3c98a 100644 --- a/sdk/storage/azure-storage-queue/tests/test_queue_samples_message.py +++ b/sdk/storage/azure-storage-queue/tests/test_queue_samples_message.py @@ -39,11 +39,11 @@ def test_set_access_policy(self, resource_group, location, storage_account, stor try: # [START set_access_policy] # Create an access policy - from azure.storage.queue import AccessPolicy, QueuePermissions + from azure.storage.queue import AccessPolicy, QueueSasPermissions access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = QueuePermissions.READ + access_policy.permission = QueueSasPermissions(read=True) identifiers = {'my-access-policy-id': access_policy} # Set the access policy diff --git a/sdk/storage/azure-storage-queue/tests/test_queue_samples_message_async.py b/sdk/storage/azure-storage-queue/tests/test_queue_samples_message_async.py index b71c06fd7035..20d3e3a51cce 100644 --- a/sdk/storage/azure-storage-queue/tests/test_queue_samples_message_async.py +++ b/sdk/storage/azure-storage-queue/tests/test_queue_samples_message_async.py @@ -39,11 +39,11 @@ async def test_set_access_policy(self, resource_group, location, storage_account try: # [START async_set_access_policy] # Create an access policy - from azure.storage.queue.aio import AccessPolicy, QueuePermissions + from azure.storage.queue.aio import AccessPolicy, QueueSasPermissions access_policy = AccessPolicy() access_policy.start = datetime.utcnow() - timedelta(hours=1) access_policy.expiry = datetime.utcnow() + timedelta(hours=1) - access_policy.permission = QueuePermissions.READ + access_policy.permission = QueueSasPermissions(read=True) identifiers = {'my-access-policy-id': access_policy} # Set the access policy