GetAccountBlobContainerSAS
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container.
Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account Blob Container.
Example Usage
using Pulumi;
using Azure = Pulumi.Azure;
class MyStack : Stack
{
public MyStack()
{
var rg = new Azure.Core.ResourceGroup("rg", new Azure.Core.ResourceGroupArgs
{
Location = "westus",
});
var storage = new Azure.Storage.Account("storage", new Azure.Storage.AccountArgs
{
ResourceGroupName = rg.Name,
Location = rg.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var container = new Azure.Storage.Container("container", new Azure.Storage.ContainerArgs
{
StorageAccountName = storage.Name,
ContainerAccessType = "private",
});
var example = Output.Tuple(storage.PrimaryConnectionString, container.Name).Apply(values =>
{
var primaryConnectionString = values.Item1;
var name = values.Item2;
return Azure.Storage.GetAccountBlobContainerSAS.InvokeAsync(new Azure.Storage.GetAccountBlobContainerSASArgs
{
ConnectionString = primaryConnectionString,
ContainerName = name,
HttpsOnly = true,
IpAddress = "168.1.5.65",
Start = "2018-03-21",
Expiry = "2018-03-21",
Permissions = new Azure.Storage.Inputs.GetAccountBlobContainerSASPermissionsArgs
{
Read = true,
Add = true,
Create = false,
Write = false,
Delete = true,
List = true,
},
CacheControl = "max-age=5",
ContentDisposition = "inline",
ContentEncoding = "deflate",
ContentLanguage = "en-US",
ContentType = "application/json",
});
});
this.SasUrlQueryString = example.Apply(example => example.Sas);
}
[Output("sasUrlQueryString")]
public Output<string> SasUrlQueryString { get; set; }
}
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v3/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v2/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
rg, err := core.NewResourceGroup(ctx, "rg", &core.ResourceGroupArgs{
Location: pulumi.String("westus"),
})
if err != nil {
return err
}
storage, err := storage.NewAccount(ctx, "storage", &storage.AccountArgs{
ResourceGroupName: rg.Name,
Location: rg.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
container, err := storage.NewContainer(ctx, "container", &storage.ContainerArgs{
StorageAccountName: storage.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
ctx.Export("sasUrlQueryString", example.ApplyT(func(example storage.GetAccountBlobContainerSASResult) (string, error) {
return example.Sas, nil
}).(pulumi.StringOutput))
return nil
})
}import pulumi
import pulumi_azure as azure
rg = azure.core.ResourceGroup("rg", location="westus")
storage = azure.storage.Account("storage",
resource_group_name=rg.name,
location=rg.location,
account_tier="Standard",
account_replication_type="LRS")
container = azure.storage.Container("container",
storage_account_name=storage.name,
container_access_type="private")
example = pulumi.Output.all(storage.primary_connection_string, container.name).apply(lambda primary_connection_string, name: azure.storage.get_account_blob_container_sas(connection_string=primary_connection_string,
container_name=name,
https_only=True,
ip_address="168.1.5.65",
start="2018-03-21",
expiry="2018-03-21",
permissions={
"read": True,
"add": True,
"create": False,
"write": False,
"delete": True,
"list": True,
},
cache_control="max-age=5",
content_disposition="inline",
content_encoding="deflate",
content_language="en-US",
content_type="application/json"))
pulumi.export("sasUrlQueryString", example.sas)import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const rg = new azure.core.ResourceGroup("rg", {location: "westus"});
const storage = new azure.storage.Account("storage", {
resourceGroupName: rg.name,
location: rg.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const container = new azure.storage.Container("container", {
storageAccountName: storage.name,
containerAccessType: "private",
});
const example = pulumi.all([storage.primaryConnectionString, container.name]).apply(([primaryConnectionString, name]) => azure.storage.getAccountBlobContainerSAS({
connectionString: primaryConnectionString,
containerName: name,
httpsOnly: true,
ipAddress: "168.1.5.65",
start: "2018-03-21",
expiry: "2018-03-21",
permissions: {
read: true,
add: true,
create: false,
write: false,
"delete": true,
list: true,
},
cacheControl: "max-age=5",
contentDisposition: "inline",
contentEncoding: "deflate",
contentLanguage: "en-US",
contentType: "application/json",
}));
export const sasUrlQueryString = example.sas;Using GetAccountBlobContainerSAS
function getAccountBlobContainerSAS(args: GetAccountBlobContainerSASArgs, opts?: InvokeOptions): Promise<GetAccountBlobContainerSASResult>function get_account_blob_container_sas(cache_control=None, connection_string=None, container_name=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None, expiry=None, https_only=None, ip_address=None, permissions=None, start=None, opts=None)func GetAccountBlobContainerSAS(ctx *Context, args *GetAccountBlobContainerSASArgs, opts ...InvokeOption) (*GetAccountBlobContainerSASResult, error)public static class GetAccountBlobContainerSAS {
public static Task<GetAccountBlobContainerSASResult> InvokeAsync(GetAccountBlobContainerSASArgs args, InvokeOptions? opts = null)
}The following arguments are supported:
- Connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- Container
Name string Name of the container.
- Expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- Permissions
Get
Account Blob Container SASPermissions Args A
permissionsblock as defined below.- Start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- Cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- Content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- Content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- Content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- Content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- Https
Only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- Ip
Address string Single ipv4 address or range (connected with a dash) of ipv4 addresses.
- Connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- Container
Name string Name of the container.
- Expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- Permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- Start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- Cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- Content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- Content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- Content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- Content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- Https
Only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- Ip
Address string Single ipv4 address or range (connected with a dash) of ipv4 addresses.
- connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container
Name string Name of the container.
- expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- https
Only boolean Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip
Address string Single ipv4 address or range (connected with a dash) of ipv4 addresses.
- connection_
string str The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container_
name str Name of the container.
- expiry str
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions
Dict[Get
Account Blob Container SASPermissions] A
permissionsblock as defined below.- start str
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache_
control str The
Cache-Controlresponse header that is sent when this SAS token is used.- content_
disposition str The
Content-Dispositionresponse header that is sent when this SAS token is used.- content_
encoding str The
Content-Encodingresponse header that is sent when this SAS token is used.- content_
language str The
Content-Languageresponse header that is sent when this SAS token is used.- content_
type str The
Content-Typeresponse header that is sent when this SAS token is used.- https_
only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip_
address str Single ipv4 address or range (connected with a dash) of ipv4 addresses.
GetAccountBlobContainerSAS Result
The following output properties are available:
- Connection
String string - Container
Name string - Expiry string
- Id string
The provider-assigned unique ID for this managed resource.
- Permissions
Get
Account Blob Container SASPermissions - Sas string
The computed Blob Container Shared Access Signature (SAS).
- Start string
- Cache
Control string - Content
Disposition string - Content
Encoding string - Content
Language string - Content
Type string - Https
Only bool - Ip
Address string
- Connection
String string - Container
Name string - Expiry string
- Id string
The provider-assigned unique ID for this managed resource.
- Permissions
Get
Account Blob Container SASPermissions - Sas string
The computed Blob Container Shared Access Signature (SAS).
- Start string
- Cache
Control string - Content
Disposition string - Content
Encoding string - Content
Language string - Content
Type string - Https
Only bool - Ip
Address string
- connection
String string - container
Name string - expiry string
- id string
The provider-assigned unique ID for this managed resource.
- permissions
Get
Account Blob Container SASPermissions - sas string
The computed Blob Container Shared Access Signature (SAS).
- start string
- cache
Control string - content
Disposition string - content
Encoding string - content
Language string - content
Type string - https
Only boolean - ip
Address string
- connection_
string str - container_
name str - expiry str
- id str
The provider-assigned unique ID for this managed resource.
- permissions
Dict[Get
Account Blob Container SASPermissions] - sas str
The computed Blob Container Shared Access Signature (SAS).
- start str
- cache_
control str - content_
disposition str - content_
encoding str - content_
language str - content_
type str - https_
only bool - ip_
address str
Supporting Types
GetAccountBlobContainerSASPermissions
- Add bool
Should Add permissions be enabled for this SAS?
- Create bool
Should Create permissions be enabled for this SAS?
- Delete bool
Should Delete permissions be enabled for this SAS?
- List bool
Should List permissions be enabled for this SAS?
- Read bool
Should Read permissions be enabled for this SAS?
- Write bool
Should Write permissions be enabled for this SAS?
- Add bool
Should Add permissions be enabled for this SAS?
- Create bool
Should Create permissions be enabled for this SAS?
- Delete bool
Should Delete permissions be enabled for this SAS?
- List bool
Should List permissions be enabled for this SAS?
- Read bool
Should Read permissions be enabled for this SAS?
- Write bool
Should Write permissions be enabled for this SAS?
- add boolean
Should Add permissions be enabled for this SAS?
- create boolean
Should Create permissions be enabled for this SAS?
- delete boolean
Should Delete permissions be enabled for this SAS?
- list boolean
Should List permissions be enabled for this SAS?
- read boolean
Should Read permissions be enabled for this SAS?
- write boolean
Should Write permissions be enabled for this SAS?
- add bool
Should Add permissions be enabled for this SAS?
- create bool
Should Create permissions be enabled for this SAS?
- delete bool
Should Delete permissions be enabled for this SAS?
- list bool
Should List permissions be enabled for this SAS?
- read bool
Should Read permissions be enabled for this SAS?
- write bool
Should Write permissions be enabled for this SAS?
Package Details
- Repository
- https://github.com/pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
- This Pulumi package is based on the
azurermTerraform Provider.