Class: Azure::Storage::Auth::SharedAccessSignature

Inherits:
Object
  • Object
show all
Defined in:
lib/azure/storage/core/auth/shared_access_signature_generator.rb

Constant Summary collapse

DEFAULTS =
{
  permissions: 'r',
  version: Azure::Storage::Default::STG_VERSION
}
KEY_MAPPINGS =
{
  version:              :sv,
  permissions:          :sp,
  start:                :st,
  expiry:               :se,
  identifier:           :si
}
BLOB_KEY_MAPPINGS =
{
  resource:             :sr,
  cache_control:        :rscc,
  content_disposition:  :rscd,
  content_encoding:     :rsce,
  content_language:     :rscl,
  content_type:         :rsct
}
TABLE_KEY_MAPPINGS =
{
  tablename:            :tn,
  startpk:              :spk,
  endpk:                :epk,
  startrk:              :srk,
  endrk:                :erk
}
OPTIONAL_QUERY_PARAMS =
[:sp, :si, :rscc, :rscd, :rsce, :rscl, :rsct, :spk, :srk, :epk, :erk]

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(account_name = Azure::Storage.storage_account_name, access_key = Azure::Storage.storage_access_key) ⇒ SharedAccessSignature

Public: Initialize the SharedAccessSignature generator

Parameters:

  • account_name (String) (defaults to: Azure::Storage.storage_account_name)

    The account name. Defaults to the one in the global configuration.

  • access_key (String) (defaults to: Azure::Storage.storage_access_key)

    The access_key encoded in Base64. Defaults to the one in the global configuration.


65
66
67
68
# File 'lib/azure/storage/core/auth/shared_access_signature_generator.rb', line 65

def initialize(=Azure::Storage., access_key=Azure::Storage.storage_access_key)
  @account_name = 
  @signer = Azure::Core::Auth::Signer.new(access_key)
end

Instance Attribute Details

#account_nameObject (readonly)

Returns the value of attribute account_name


59
60
61
# File 'lib/azure/storage/core/auth/shared_access_signature_generator.rb', line 59

def 
  @account_name
end

Instance Method Details

#generate(path, options = {}) ⇒ Object

Shared Access Signature for the given path and options

Options

  • :permissions - String. Combination of 'r','w','d','l' (container only) in this order. Default 'r'

  • :start - String. UTC Date/Time in ISO8601 format. Optional.

  • :expiry - String. UTC Date/Time in ISO8601 format. Optional. Default now + 30 minutes.

  • :identifier - String. Identifier for stored access policy. Optional

Below options for Blob only

  • :resource - String. Resource type, either 'b' (blob) or 'c' (container). Default 'b'

  • :cache_control - String. Response header override. Optional.

  • :content_disposition - String. Response header override. Optional.

  • :content_encoding - String. Response header override. Optional.

  • :content_language - String. Response header override. Optional.

  • :content_type - String. Response header override. Optional.

Below options for table only

  • :startpk - String. The start partition key of a specified partition key range. Optional but startpk must accompany startrk.

  • :endpk - String. The end partition key of a specified partition key range. Optional but endpk must accompany endrk.

  • :startrk - String. The start row key of a specified row key range. Optional.

  • :endrk - String. The end row key of a specified row key range. Optional.

Parameters:

  • path (String)

    Path of the URI

  • options (Hash) (defaults to: {})

Raises:


94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
# File 'lib/azure/storage/core/auth/shared_access_signature_generator.rb', line 94

def generate(path, options={})
  service_type = options[:service_type] || Azure::Storage::ServiceType::BLOB
  options.delete(:service_type) if options.key?(:service_type)

  options[:expiry] ||= (Time.now + 60*30).utc.iso8601

  raise InvalidOptionsError,"SAS version cannot be set" if options[:version]

  defs = DEFAULTS
  valid_mappings = KEY_MAPPINGS
  if service_type == Azure::Storage::ServiceType::BLOB
    defs.merge!(resource: 'b')
    valid_mappings.merge!(BLOB_KEY_MAPPINGS)
  elsif service_type == Azure::Storage::ServiceType::TABLE
    defs.merge!(tablename: path)
    valid_mappings.merge!(TABLE_KEY_MAPPINGS)
  end

  invalid_options = options.reject { |k,v| valid_mappings.key?(k) }
  raise InvalidOptionsError,"invalid options #{invalid_options} provided for SAS token generate" if invalid_options.length > 0

  options.merge!(defs)

  # Order is significant
  # The newlines from empty strings here are required
  signable_string =
  [
    options[:permissions],
    options[:start],
    options[:expiry],
    "/#{service_type}/#{}#{path.start_with?('/') ? '' : '/'}#{path}",
    options[:identifier],
    options[:version],
    options[:cache_control],
    options[:content_disposition],
    options[:content_encoding],
    options[:content_language],
    options[:content_type]
  ].join("\n")

  query_hash = Hash[options.map { |k, v| [KEY_MAPPINGS[k], v] }]
  .reject { |k, v| OPTIONAL_QUERY_PARAMS.include?(k) && v.to_s == '' }
  .merge( sig: @signer.sign(signable_string) )

  sas_params = URI.encode_www_form(query_hash)
end

#sign_uri(uri, options) ⇒ Object

A customised URI reflecting options for the resource signed with Shared Access Signature

Options

  • :permissions - String. Combination of 'r','w','d','l' (container only) in this order. Default 'r'

  • :start - String. UTC Date/Time in ISO8601 format. Optional.

  • :expiry - String. UTC Date/Time in ISO8601 format. Optional. Default now + 30 minutes.

  • :identifier - String. Identifier for stored access policy. Optional

Below options for Blob only

  • :resource - String. Resource type, either 'b' (blob) or 'c' (container). Default 'b'

  • :cache_control - String. Response header override. Optional.

  • :content_disposition - String. Response header override. Optional.

  • :content_encoding - String. Response header override. Optional.

  • :content_language - String. Response header override. Optional.

  • :content_type - String. Response header override. Optional.

Below options for table only

  • :tablename - String. Table name for SAS

  • :startpk - String. The start partition key of a specified partition key range. Optional but startpk must accompany startrk.

  • :endpk - String. The end partition key of a specified partition key range. Optional but endpk must accompany endrk.

  • :startrk - String. The start row key of a specified row key range. Optional.

  • :endrk - String. The end row key of a specified row key range. Optional.

Parameters:

  • uri (URI)

    uri to resource including query options

  • options (Hash)

166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# File 'lib/azure/storage/core/auth/shared_access_signature_generator.rb', line 166

def sign_uri(uri, options)
  parsed_query = CGI::parse(uri.query || '').inject({}){|memo,(k,v)| memo[k.to_sym] = v; memo}

  if parsed_query.has_key?(:restype)
    options[:resource] = parsed_query[:restype].first == 'container' ? 'c' : 'b'
  end

  if options[:service_type] == nil
    host_splits = uri.host.split('.')
    options[:service_type] = host_splits[1] if host_splits.length > 1 && host_splits[0] == 
  end

  sas_params = generate(uri.path, options)

  URI.parse(uri.to_s + (uri.query.nil? ? '?' : '&') + sas_params)
end