azure.storage.sharedaccesssignature module

class azure.storage.sharedaccesssignature.SharedAccessSignature(account_name, account_key)[source]

Bases: object

Provides a factory for creating blob, queue, table, and file shares access signature tokens with a common account name and account key. Users can either use the factory or can construct the appropriate service and use the generate_*_shared_access_signature method directly.

Parameters:
  • account_name (str) – The storage account name used to generate the shared access signatures.
  • account_key (str) – The access key to genenerate the shares access signatures.
generate_account(services, resource_types, permission, expiry, start=None, ip=None, protocol=None)[source]

Generates a shared access signature for the account. Use the returned signature with the sas_token parameter of the service or to create a new account object.

Parameters:
  • services (Services) – Specifies the services accessible with the account SAS. You can combine values to provide access to more than one service.
  • resource_types (ResourceTypes) – Specifies the resource types that are accessible with the account SAS. You can combine values to provide access to more than one resource type.
  • permission (AccountPermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. You can combine values to provide more than one permission.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
generate_blob(container_name, blob_name, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None)[source]

Generates a shared access signature for the blob. Use the returned signature with the sas_token parameter of any BlobService.

Parameters:
  • container_name (str) – Name of container.
  • blob_name (str) – Name of blob.
  • permission (BlobPermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_blob_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
  • cache_control (str) – Response header value for Cache-Control when resource is accessed using this shared access signature.
  • content_disposition (str) – Response header value for Content-Disposition when resource is accessed using this shared access signature.
  • content_encoding (str) – Response header value for Content-Encoding when resource is accessed using this shared access signature.
  • content_language (str) – Response header value for Content-Language when resource is accessed using this shared access signature.
  • content_type (str) – Response header value for Content-Type when resource is accessed using this shared access signature.
generate_container(container_name, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None)[source]

Generates a shared access signature for the container. Use the returned signature with the sas_token parameter of any BlobService.

Parameters:
  • container_name (str) – Name of container.
  • permission (ContainerPermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_blob_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
  • cache_control (str) – Response header value for Cache-Control when resource is accessed using this shared access signature.
  • content_disposition (str) – Response header value for Content-Disposition when resource is accessed using this shared access signature.
  • content_encoding (str) – Response header value for Content-Encoding when resource is accessed using this shared access signature.
  • content_language (str) – Response header value for Content-Language when resource is accessed using this shared access signature.
  • content_type (str) – Response header value for Content-Type when resource is accessed using this shared access signature.
generate_file(share_name, directory_name=None, file_name=None, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None)[source]

Generates a shared access signature for the file. Use the returned signature with the sas_token parameter of FileService.

Parameters:
  • share_name (str) – Name of share.
  • directory_name (str) – Name of directory. SAS tokens cannot be created for directories, so this parameter should only be present if file_name is provided.
  • file_name (str) – Name of file.
  • permission (FilePermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, create, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_file_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
  • cache_control (str) – Response header value for Cache-Control when resource is accessed using this shared access signature.
  • content_disposition (str) – Response header value for Content-Disposition when resource is accessed using this shared access signature.
  • content_encoding (str) – Response header value for Content-Encoding when resource is accessed using this shared access signature.
  • content_language (str) – Response header value for Content-Language when resource is accessed using this shared access signature.
  • content_type (str) – Response header value for Content-Type when resource is accessed using this shared access signature.
generate_queue(queue_name, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None)[source]

Generates a shared access signature for the queue. Use the returned signature with the sas_token parameter of QueueService.

Parameters:
  • queue_name (str) – Name of queue.
  • permission (QueuePermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, add, update, process. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_blob_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
generate_share(share_name, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None, cache_control=None, content_disposition=None, content_encoding=None, content_language=None, content_type=None)[source]

Generates a shared access signature for the share. Use the returned signature with the sas_token parameter of FileService.

Parameters:
  • share_name (str) – Name of share.
  • permission (SharePermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, create, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_file_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
  • cache_control (str) – Response header value for Cache-Control when resource is accessed using this shared access signature.
  • content_disposition (str) – Response header value for Content-Disposition when resource is accessed using this shared access signature.
  • content_encoding (str) – Response header value for Content-Encoding when resource is accessed using this shared access signature.
  • content_language (str) – Response header value for Content-Language when resource is accessed using this shared access signature.
  • content_type (str) – Response header value for Content-Type when resource is accessed using this shared access signature.
generate_table(table_name, permission=None, expiry=None, start=None, id=None, ip=None, protocol=None, start_pk=None, start_rk=None, end_pk=None, end_rk=None)[source]

Generates a shared access signature for the table. Use the returned signature with the sas_token parameter of TableService.

Parameters:
  • table_name (str) – Name of table.
  • permission (TablePermissions) – The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.
  • expiry (date or str) – The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • start (date or str) – The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.
  • id (str) – A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_blob_service_properties.
  • ip (str) – Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.
  • protocol (str) – Specifies the protocol permitted for a request made. The default value is https,http. See Protocol for possible values.
  • start_pk (str) – The minimum partition key accessible with this shared access signature. startpk must accompany startrk. Key values are inclusive. If omitted, there is no lower bound on the table entities that can be accessed.
  • start_rk (str) – The minimum row key accessible with this shared access signature. startpk must accompany startrk. Key values are inclusive. If omitted, there is no lower bound on the table entities that can be accessed.
  • end_pk (str) – The maximum partition key accessible with this shared access signature. endpk must accompany endrk. Key values are inclusive. If omitted, there is no upper bound on the table entities that can be accessed.
  • end_rk (str) – The maximum row key accessible with this shared access signature. endpk must accompany endrk. Key values are inclusive. If omitted, there is no upper bound on the table entities that can be accessed.