Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

generateSasUrl and defaultAzureCredential #29399

Open
asbol-leo opened this issue Apr 23, 2024 · 1 comment
Open

generateSasUrl and defaultAzureCredential #29399

asbol-leo opened this issue Apr 23, 2024 · 1 comment
Assignees
@EmmaZhu
Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files)

Comments

@asbol-leo
Copy link

generateSasUrl and defaultAzureCredential

Is your feature request related to a problem? Please describe.
I would like to be able to use the generateSasUrl method with the BlobClinet authinticated with DefaultAzureCredential to generate a SAS URL for a blob. So i can use managed identity to generate SAS URL an keeping a clean codebase.

Describe the solution you'd like
I would like that I can call the generateSasUrl method on a BlobClinet that is authinticated with DefaultAzureCredential.

This could be implemeted by either by passing an optional UserDelegationKey to the generateSasUrl method:

  public generateSasUrl(options: BlobGenerateSasUrlOptions, userDelegationKey: UserDelegationKey): Promise<string> {
    return new Promise((resolve) => {
        if (this.credential instanceof DefaultAzureCredential) {
            const sas = generateBlobSASQueryParameters(
            {
                containerName: this._containerName,
                blobName: this._name,
                snapshotTime: this._snapshot,
                versionId: this._versionId,
                ...options,
            },
            userDelegationKey,
            this.accountName
            ).toString();
            resolve(appendToURLQuery(this.url, sas));
        }

      if (!(this.credential instanceof StorageSharedKeyCredential)) {
        throw new RangeError(
          "Can only generate the SAS when the client is initialized with a shared key credential",
        );
      }

      const sas = generateBlobSASQueryParameters(
        {
          containerName: this._containerName,
          blobName: this._name,
          snapshotTime: this._snapshot,
          versionId: this._versionId,
          ...options,
        },
        this.credential,
      ).toString();

      resolve(appendToURLQuery(this.url, sas));
    });
  }

Or by using the DefaultAzureCredential to make a BlobServiceClient and then get a UserDelegationKey within the generateSasUrl method:

  public generateSasUrl(options: BlobGenerateSasUrlOptions): Promise<string> {
    return new Promise((resolve) => {
        if (this.credential instanceof DefaultAzureCredential) {
            const blobServiceClient = new BlobServiceClient(`https://${this.accountName}.blob.core.windows.net/`, this.credential);
            const userDelegationKey = blobServiceClient.getUserDelegationKey(options.startsOn, options.expiresOn);
            const sas = generateBlobSASQueryParameters(
            {
                containerName: this._containerName,
                blobName: this._name,
                snapshotTime: this._snapshot,
                versionId: this._versionId,
                ...options,
            },
            userDelegationKey,
            this.accountName
            ).toString();
            resolve(appendToURLQuery(this.url, sas));
        }

      if (!(this.credential instanceof StorageSharedKeyCredential)) {
        throw new RangeError(
          "Can only generate the SAS when the client is initialized with a shared key credential",
        );
      }

      const sas = generateBlobSASQueryParameters(
        {
          containerName: this._containerName,
          blobName: this._name,
          snapshotTime: this._snapshot,
          versionId: this._versionId,
          ...options,
        },
        this.credential,
      ).toString();

      resolve(appendToURLQuery(this.url, sas));
    });
  }

Describe alternatives you've considered
An other alternativ would be to generalize generateBlobSASQueryParameters to take DefaultAzureCredential as credential. However I have not looked in to implementing this.

Additional context
Na.
@github-actions github-actions bot added Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files) labels Apr 23, 2024
@github-actions GitHub Actions
Copy link

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

@jeremymeng jeremymeng added the feature-request This issue requires a new behavior in the product in order be resolved. label Apr 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@EmmaZhu EmmaZhu

Labels
Client This issue points to a problem in the data-plane of the library. customer-reported Issues that are reported by GitHub users external to the Azure organization. feature-request This issue requires a new behavior in the product in order be resolved. needs-team-attention This issue needs attention from Azure service team or SDK team question The issue doesn't require a change to the product in order to be resolved. Most issues start as that Service Attention This issue is responsible by Azure service team. Storage Storage Service (Queues, Blobs, Files)
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@EmmaZhu @jeremymeng @asbol-leo