azure.storage.getAccountBlobContainerSAS

Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container.

Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account Blob Container.

Example Usage

using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;

return await Deployment.RunAsync(() => 
{
    var rg = new Azure.Core.ResourceGroup("rg", new()
    {
        Location = "West Europe",
    });

    var storage = new Azure.Storage.Account("storage", new()
    {
        ResourceGroupName = rg.Name,
        Location = rg.Location,
        AccountTier = "Standard",
        AccountReplicationType = "LRS",
    });

    var container = new Azure.Storage.Container("container", new()
    {
        StorageAccountName = storage.Name,
        ContainerAccessType = "private",
    });

    var example = Azure.Storage.GetAccountBlobContainerSAS.Invoke(new()
    {
        ConnectionString = storage.PrimaryConnectionString,
        ContainerName = container.Name,
        HttpsOnly = true,
        IpAddress = "168.1.5.65",
        Start = "2018-03-21",
        Expiry = "2018-03-21",
        Permissions = new Azure.Storage.Inputs.GetAccountBlobContainerSASPermissionsInputArgs
        {
            Read = true,
            Add = true,
            Create = false,
            Write = false,
            Delete = true,
            List = true,
        },
        CacheControl = "max-age=5",
        ContentDisposition = "inline",
        ContentEncoding = "deflate",
        ContentLanguage = "en-US",
        ContentType = "application/json",
    });

    return new Dictionary<string, object?>
    {
        ["sasUrlQueryString"] = example.Apply(getAccountBlobContainerSASResult => getAccountBlobContainerSASResult.Sas),
    };
});
package main

import (
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
	"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
	"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		rg, err := core.NewResourceGroup(ctx, "rg", &core.ResourceGroupArgs{
			Location: pulumi.String("West Europe"),
		})
		if err != nil {
			return err
		}
		storage, err := storage.NewAccount(ctx, "storage", &storage.AccountArgs{
			ResourceGroupName:      rg.Name,
			Location:               rg.Location,
			AccountTier:            pulumi.String("Standard"),
			AccountReplicationType: pulumi.String("LRS"),
		})
		if err != nil {
			return err
		}
		container, err := storage.NewContainer(ctx, "container", &storage.ContainerArgs{
			StorageAccountName:  storage.Name,
			ContainerAccessType: pulumi.String("private"),
		})
		if err != nil {
			return err
		}
		example := storage.GetAccountBlobContainerSASOutput(ctx, storage.GetAccountBlobContainerSASOutputArgs{
			ConnectionString: storage.PrimaryConnectionString,
			ContainerName:    container.Name,
			HttpsOnly:        pulumi.Bool(true),
			IpAddress:        pulumi.String("168.1.5.65"),
			Start:            pulumi.String("2018-03-21"),
			Expiry:           pulumi.String("2018-03-21"),
			Permissions: &storage.GetAccountBlobContainerSASPermissionsArgs{
				Read:   pulumi.Bool(true),
				Add:    pulumi.Bool(true),
				Create: pulumi.Bool(false),
				Write:  pulumi.Bool(false),
				Delete: pulumi.Bool(true),
				List:   pulumi.Bool(true),
			},
			CacheControl:       pulumi.String("max-age=5"),
			ContentDisposition: pulumi.String("inline"),
			ContentEncoding:    pulumi.String("deflate"),
			ContentLanguage:    pulumi.String("en-US"),
			ContentType:        pulumi.String("application/json"),
		}, nil)
		ctx.Export("sasUrlQueryString", example.ApplyT(func(example storage.GetAccountBlobContainerSASResult) (*string, error) {
			return &example.Sas, nil
		}).(pulumi.StringPtrOutput))
		return nil
	})
}
package generated_program;

import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.storage.StorageFunctions;
import com.pulumi.azure.storage.inputs.GetAccountBlobContainerSASArgs;
import com.pulumi.azure.storage.inputs.GetAccountBlobContainerSASPermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;

public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }

    public static void stack(Context ctx) {
        var rg = new ResourceGroup("rg", ResourceGroupArgs.builder()        
            .location("West Europe")
            .build());

        var storage = new Account("storage", AccountArgs.builder()        
            .resourceGroupName(rg.name())
            .location(rg.location())
            .accountTier("Standard")
            .accountReplicationType("LRS")
            .build());

        var container = new Container("container", ContainerArgs.builder()        
            .storageAccountName(storage.name())
            .containerAccessType("private")
            .build());

        final var example = StorageFunctions.getAccountBlobContainerSAS(GetAccountBlobContainerSASArgs.builder()
            .connectionString(storage.primaryConnectionString())
            .containerName(container.name())
            .httpsOnly(true)
            .ipAddress("168.1.5.65")
            .start("2018-03-21")
            .expiry("2018-03-21")
            .permissions(GetAccountBlobContainerSASPermissionsArgs.builder()
                .read(true)
                .add(true)
                .create(false)
                .write(false)
                .delete(true)
                .list(true)
                .build())
            .cacheControl("max-age=5")
            .contentDisposition("inline")
            .contentEncoding("deflate")
            .contentLanguage("en-US")
            .contentType("application/json")
            .build());

        ctx.export("sasUrlQueryString", example.applyValue(getAccountBlobContainerSASResult -> getAccountBlobContainerSASResult).applyValue(example -> example.applyValue(getAccountBlobContainerSASResult -> getAccountBlobContainerSASResult.sas())));
    }
}
import pulumi
import pulumi_azure as azure

rg = azure.core.ResourceGroup("rg", location="West Europe")
storage = azure.storage.Account("storage",
    resource_group_name=rg.name,
    location=rg.location,
    account_tier="Standard",
    account_replication_type="LRS")
container = azure.storage.Container("container",
    storage_account_name=storage.name,
    container_access_type="private")
example = azure.storage.get_account_blob_container_sas_output(connection_string=storage.primary_connection_string,
    container_name=container.name,
    https_only=True,
    ip_address="168.1.5.65",
    start="2018-03-21",
    expiry="2018-03-21",
    permissions=azure.storage.GetAccountBlobContainerSASPermissionsArgs(
        read=True,
        add=True,
        create=False,
        write=False,
        delete=True,
        list=True,
    ),
    cache_control="max-age=5",
    content_disposition="inline",
    content_encoding="deflate",
    content_language="en-US",
    content_type="application/json")
pulumi.export("sasUrlQueryString", example.sas)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

const rg = new azure.core.ResourceGroup("rg", {location: "West Europe"});
const storage = new azure.storage.Account("storage", {
    resourceGroupName: rg.name,
    location: rg.location,
    accountTier: "Standard",
    accountReplicationType: "LRS",
});
const container = new azure.storage.Container("container", {
    storageAccountName: storage.name,
    containerAccessType: "private",
});
const example = azure.storage.getAccountBlobContainerSASOutput({
    connectionString: storage.primaryConnectionString,
    containerName: container.name,
    httpsOnly: true,
    ipAddress: "168.1.5.65",
    start: "2018-03-21",
    expiry: "2018-03-21",
    permissions: {
        read: true,
        add: true,
        create: false,
        write: false,
        "delete": true,
        list: true,
    },
    cacheControl: "max-age=5",
    contentDisposition: "inline",
    contentEncoding: "deflate",
    contentLanguage: "en-US",
    contentType: "application/json",
});
export const sasUrlQueryString = example.apply(example => example.sas);
resources:
  rg:
    type: azure:core:ResourceGroup
    properties:
      location: West Europe
  storage:
    type: azure:storage:Account
    properties:
      resourceGroupName: ${rg.name}
      location: ${rg.location}
      accountTier: Standard
      accountReplicationType: LRS
  container:
    type: azure:storage:Container
    properties:
      storageAccountName: ${storage.name}
      containerAccessType: private
variables:
  example:
    fn::invoke:
      Function: azure:storage:getAccountBlobContainerSAS
      Arguments:
        connectionString: ${storage.primaryConnectionString}
        containerName: ${container.name}
        httpsOnly: true
        ipAddress: 168.1.5.65
        start: 2018-03-21
        expiry: 2018-03-21
        permissions:
          read: true
          add: true
          create: false
          write: false
          delete: true
          list: true
        cacheControl: max-age=5
        contentDisposition: inline
        contentEncoding: deflate
        contentLanguage: en-US
        contentType: application/json
outputs:
  sasUrlQueryString: ${example.sas}

Using getAccountBlobContainerSAS

Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

function getAccountBlobContainerSAS(args: GetAccountBlobContainerSASArgs, opts?: InvokeOptions): Promise<GetAccountBlobContainerSASResult>
function getAccountBlobContainerSASOutput(args: GetAccountBlobContainerSASOutputArgs, opts?: InvokeOptions): Output<GetAccountBlobContainerSASResult>
def get_account_blob_container_sas(cache_control: Optional[str] = None,
                                   connection_string: Optional[str] = None,
                                   container_name: Optional[str] = None,
                                   content_disposition: Optional[str] = None,
                                   content_encoding: Optional[str] = None,
                                   content_language: Optional[str] = None,
                                   content_type: Optional[str] = None,
                                   expiry: Optional[str] = None,
                                   https_only: Optional[bool] = None,
                                   ip_address: Optional[str] = None,
                                   permissions: Optional[GetAccountBlobContainerSASPermissions] = None,
                                   start: Optional[str] = None,
                                   opts: Optional[InvokeOptions] = None) -> GetAccountBlobContainerSASResult
def get_account_blob_container_sas_output(cache_control: Optional[pulumi.Input[str]] = None,
                                   connection_string: Optional[pulumi.Input[str]] = None,
                                   container_name: Optional[pulumi.Input[str]] = None,
                                   content_disposition: Optional[pulumi.Input[str]] = None,
                                   content_encoding: Optional[pulumi.Input[str]] = None,
                                   content_language: Optional[pulumi.Input[str]] = None,
                                   content_type: Optional[pulumi.Input[str]] = None,
                                   expiry: Optional[pulumi.Input[str]] = None,
                                   https_only: Optional[pulumi.Input[bool]] = None,
                                   ip_address: Optional[pulumi.Input[str]] = None,
                                   permissions: Optional[pulumi.Input[GetAccountBlobContainerSASPermissionsArgs]] = None,
                                   start: Optional[pulumi.Input[str]] = None,
                                   opts: Optional[InvokeOptions] = None) -> Output[GetAccountBlobContainerSASResult]
func GetAccountBlobContainerSAS(ctx *Context, args *GetAccountBlobContainerSASArgs, opts ...InvokeOption) (*GetAccountBlobContainerSASResult, error)
func GetAccountBlobContainerSASOutput(ctx *Context, args *GetAccountBlobContainerSASOutputArgs, opts ...InvokeOption) GetAccountBlobContainerSASResultOutput

> Note: This function is named GetAccountBlobContainerSAS in the Go SDK.

public static class GetAccountBlobContainerSAS 
{
    public static Task<GetAccountBlobContainerSASResult> InvokeAsync(GetAccountBlobContainerSASArgs args, InvokeOptions? opts = null)
    public static Output<GetAccountBlobContainerSASResult> Invoke(GetAccountBlobContainerSASInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAccountBlobContainerSASResult> getAccountBlobContainerSAS(GetAccountBlobContainerSASArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
  function: azure:storage/getAccountBlobContainerSAS:getAccountBlobContainerSAS
  arguments:
    # arguments dictionary

The following arguments are supported:

ConnectionString string

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

ContainerName string

Name of the container.

Expiry string

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

Permissions GetAccountBlobContainerSASPermissions

A permissions block as defined below.

Start string

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

CacheControl string

The Cache-Control response header that is sent when this SAS token is used.

ContentDisposition string

The Content-Disposition response header that is sent when this SAS token is used.

ContentEncoding string

The Content-Encoding response header that is sent when this SAS token is used.

ContentLanguage string

The Content-Language response header that is sent when this SAS token is used.

ContentType string

The Content-Type response header that is sent when this SAS token is used.

HttpsOnly bool

Only permit https access. If false, both http and https are permitted. Defaults to true.

IpAddress string

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

ConnectionString string

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

ContainerName string

Name of the container.

Expiry string

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

Permissions GetAccountBlobContainerSASPermissions

A permissions block as defined below.

Start string

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

CacheControl string

The Cache-Control response header that is sent when this SAS token is used.

ContentDisposition string

The Content-Disposition response header that is sent when this SAS token is used.

ContentEncoding string

The Content-Encoding response header that is sent when this SAS token is used.

ContentLanguage string

The Content-Language response header that is sent when this SAS token is used.

ContentType string

The Content-Type response header that is sent when this SAS token is used.

HttpsOnly bool

Only permit https access. If false, both http and https are permitted. Defaults to true.

IpAddress string

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

connectionString String

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

containerName String

Name of the container.

expiry String

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

permissions GetAccountBlobContainerSASPermissions

A permissions block as defined below.

start String

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

cacheControl String

The Cache-Control response header that is sent when this SAS token is used.

contentDisposition String

The Content-Disposition response header that is sent when this SAS token is used.

contentEncoding String

The Content-Encoding response header that is sent when this SAS token is used.

contentLanguage String

The Content-Language response header that is sent when this SAS token is used.

contentType String

The Content-Type response header that is sent when this SAS token is used.

httpsOnly Boolean

Only permit https access. If false, both http and https are permitted. Defaults to true.

ipAddress String

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

connectionString string

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

containerName string

Name of the container.

expiry string

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

permissions GetAccountBlobContainerSASPermissions

A permissions block as defined below.

start string

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

cacheControl string

The Cache-Control response header that is sent when this SAS token is used.

contentDisposition string

The Content-Disposition response header that is sent when this SAS token is used.

contentEncoding string

The Content-Encoding response header that is sent when this SAS token is used.

contentLanguage string

The Content-Language response header that is sent when this SAS token is used.

contentType string

The Content-Type response header that is sent when this SAS token is used.

httpsOnly boolean

Only permit https access. If false, both http and https are permitted. Defaults to true.

ipAddress string

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

connection_string str

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

container_name str

Name of the container.

expiry str

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

permissions GetAccountBlobContainerSASPermissions

A permissions block as defined below.

start str

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

cache_control str

The Cache-Control response header that is sent when this SAS token is used.

content_disposition str

The Content-Disposition response header that is sent when this SAS token is used.

content_encoding str

The Content-Encoding response header that is sent when this SAS token is used.

content_language str

The Content-Language response header that is sent when this SAS token is used.

content_type str

The Content-Type response header that is sent when this SAS token is used.

https_only bool

Only permit https access. If false, both http and https are permitted. Defaults to true.

ip_address str

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

connectionString String

The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of an azure.storage.Account resource.

containerName String

Name of the container.

expiry String

The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.

permissions Property Map

A permissions block as defined below.

start String

The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.

cacheControl String

The Cache-Control response header that is sent when this SAS token is used.

contentDisposition String

The Content-Disposition response header that is sent when this SAS token is used.

contentEncoding String

The Content-Encoding response header that is sent when this SAS token is used.

contentLanguage String

The Content-Language response header that is sent when this SAS token is used.

contentType String

The Content-Type response header that is sent when this SAS token is used.

httpsOnly Boolean

Only permit https access. If false, both http and https are permitted. Defaults to true.

ipAddress String

Single IPv4 address or range (connected with a dash) of IPv4 addresses.

getAccountBlobContainerSAS Result

The following output properties are available:

ConnectionString string
ContainerName string
Expiry string
Id string

The provider-assigned unique ID for this managed resource.

Permissions GetAccountBlobContainerSASPermissions
Sas string

The computed Blob Container Shared Access Signature (SAS).

Start string
CacheControl string
ContentDisposition string
ContentEncoding string
ContentLanguage string
ContentType string
HttpsOnly bool
IpAddress string
ConnectionString string
ContainerName string
Expiry string
Id string

The provider-assigned unique ID for this managed resource.

Permissions GetAccountBlobContainerSASPermissions
Sas string

The computed Blob Container Shared Access Signature (SAS).

Start string
CacheControl string
ContentDisposition string
ContentEncoding string
ContentLanguage string
ContentType string
HttpsOnly bool
IpAddress string
connectionString String
containerName String
expiry String
id String

The provider-assigned unique ID for this managed resource.

permissions GetAccountBlobContainerSASPermissions
sas String

The computed Blob Container Shared Access Signature (SAS).

start String
cacheControl String
contentDisposition String
contentEncoding String
contentLanguage String
contentType String
httpsOnly Boolean
ipAddress String
connectionString string
containerName string
expiry string
id string

The provider-assigned unique ID for this managed resource.

permissions GetAccountBlobContainerSASPermissions
sas string

The computed Blob Container Shared Access Signature (SAS).

start string
cacheControl string
contentDisposition string
contentEncoding string
contentLanguage string
contentType string
httpsOnly boolean
ipAddress string
connection_string str
container_name str
expiry str
id str

The provider-assigned unique ID for this managed resource.

permissions GetAccountBlobContainerSASPermissions
sas str

The computed Blob Container Shared Access Signature (SAS).

start str
cache_control str
content_disposition str
content_encoding str
content_language str
content_type str
https_only bool
ip_address str
connectionString String
containerName String
expiry String
id String

The provider-assigned unique ID for this managed resource.

permissions Property Map
sas String

The computed Blob Container Shared Access Signature (SAS).

start String
cacheControl String
contentDisposition String
contentEncoding String
contentLanguage String
contentType String
httpsOnly Boolean
ipAddress String

Supporting Types

GetAccountBlobContainerSASPermissions

Add bool

Should Add permissions be enabled for this SAS?

Create bool

Should Create permissions be enabled for this SAS?

Delete bool

Should Delete permissions be enabled for this SAS?

List bool

Should List permissions be enabled for this SAS?

Read bool

Should Read permissions be enabled for this SAS?

Write bool

Should Write permissions be enabled for this SAS?

Add bool

Should Add permissions be enabled for this SAS?

Create bool

Should Create permissions be enabled for this SAS?

Delete bool

Should Delete permissions be enabled for this SAS?

List bool

Should List permissions be enabled for this SAS?

Read bool

Should Read permissions be enabled for this SAS?

Write bool

Should Write permissions be enabled for this SAS?

add Boolean

Should Add permissions be enabled for this SAS?

create Boolean

Should Create permissions be enabled for this SAS?

delete Boolean

Should Delete permissions be enabled for this SAS?

list Boolean

Should List permissions be enabled for this SAS?

read Boolean

Should Read permissions be enabled for this SAS?

write Boolean

Should Write permissions be enabled for this SAS?

add boolean

Should Add permissions be enabled for this SAS?

create boolean

Should Create permissions be enabled for this SAS?

delete boolean

Should Delete permissions be enabled for this SAS?

list boolean

Should List permissions be enabled for this SAS?

read boolean

Should Read permissions be enabled for this SAS?

write boolean

Should Write permissions be enabled for this SAS?

add bool

Should Add permissions be enabled for this SAS?

create bool

Should Create permissions be enabled for this SAS?

delete bool

Should Delete permissions be enabled for this SAS?

list bool

Should List permissions be enabled for this SAS?

read bool

Should Read permissions be enabled for this SAS?

write bool

Should Write permissions be enabled for this SAS?

add Boolean

Should Add permissions be enabled for this SAS?

create Boolean

Should Create permissions be enabled for this SAS?

delete Boolean

Should Delete permissions be enabled for this SAS?

list Boolean

Should List permissions be enabled for this SAS?

read Boolean

Should Read permissions be enabled for this SAS?

write Boolean

Should Write permissions be enabled for this SAS?

Package Details

Repository
Azure Classic pulumi/pulumi-azure
License
Apache-2.0
Notes

This Pulumi package is based on the azurerm Terraform Provider.