azure.storage.getAccountBlobContainerSAS
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account Blob Container.
Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account Blob Container.
Example Usage
using System.Collections.Generic;
using Pulumi;
using Azure = Pulumi.Azure;
return await Deployment.RunAsync(() =>
{
var rg = new Azure.Core.ResourceGroup("rg", new()
{
Location = "West Europe",
});
var storage = new Azure.Storage.Account("storage", new()
{
ResourceGroupName = rg.Name,
Location = rg.Location,
AccountTier = "Standard",
AccountReplicationType = "LRS",
});
var container = new Azure.Storage.Container("container", new()
{
StorageAccountName = storage.Name,
ContainerAccessType = "private",
});
var example = Azure.Storage.GetAccountBlobContainerSAS.Invoke(new()
{
ConnectionString = storage.PrimaryConnectionString,
ContainerName = container.Name,
HttpsOnly = true,
IpAddress = "168.1.5.65",
Start = "2018-03-21",
Expiry = "2018-03-21",
Permissions = new Azure.Storage.Inputs.GetAccountBlobContainerSASPermissionsInputArgs
{
Read = true,
Add = true,
Create = false,
Write = false,
Delete = true,
List = true,
},
CacheControl = "max-age=5",
ContentDisposition = "inline",
ContentEncoding = "deflate",
ContentLanguage = "en-US",
ContentType = "application/json",
});
return new Dictionary<string, object?>
{
["sasUrlQueryString"] = example.Apply(getAccountBlobContainerSASResult => getAccountBlobContainerSASResult.Sas),
};
});
package main
import (
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/core"
"github.com/pulumi/pulumi-azure/sdk/v5/go/azure/storage"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
rg, err := core.NewResourceGroup(ctx, "rg", &core.ResourceGroupArgs{
Location: pulumi.String("West Europe"),
})
if err != nil {
return err
}
storage, err := storage.NewAccount(ctx, "storage", &storage.AccountArgs{
ResourceGroupName: rg.Name,
Location: rg.Location,
AccountTier: pulumi.String("Standard"),
AccountReplicationType: pulumi.String("LRS"),
})
if err != nil {
return err
}
container, err := storage.NewContainer(ctx, "container", &storage.ContainerArgs{
StorageAccountName: storage.Name,
ContainerAccessType: pulumi.String("private"),
})
if err != nil {
return err
}
example := storage.GetAccountBlobContainerSASOutput(ctx, storage.GetAccountBlobContainerSASOutputArgs{
ConnectionString: storage.PrimaryConnectionString,
ContainerName: container.Name,
HttpsOnly: pulumi.Bool(true),
IpAddress: pulumi.String("168.1.5.65"),
Start: pulumi.String("2018-03-21"),
Expiry: pulumi.String("2018-03-21"),
Permissions: &storage.GetAccountBlobContainerSASPermissionsArgs{
Read: pulumi.Bool(true),
Add: pulumi.Bool(true),
Create: pulumi.Bool(false),
Write: pulumi.Bool(false),
Delete: pulumi.Bool(true),
List: pulumi.Bool(true),
},
CacheControl: pulumi.String("max-age=5"),
ContentDisposition: pulumi.String("inline"),
ContentEncoding: pulumi.String("deflate"),
ContentLanguage: pulumi.String("en-US"),
ContentType: pulumi.String("application/json"),
}, nil)
ctx.Export("sasUrlQueryString", example.ApplyT(func(example storage.GetAccountBlobContainerSASResult) (*string, error) {
return &example.Sas, nil
}).(pulumi.StringPtrOutput))
return nil
})
}
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.Container;
import com.pulumi.azure.storage.ContainerArgs;
import com.pulumi.azure.storage.StorageFunctions;
import com.pulumi.azure.storage.inputs.GetAccountBlobContainerSASArgs;
import com.pulumi.azure.storage.inputs.GetAccountBlobContainerSASPermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var rg = new ResourceGroup("rg", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var storage = new Account("storage", AccountArgs.builder()
.resourceGroupName(rg.name())
.location(rg.location())
.accountTier("Standard")
.accountReplicationType("LRS")
.build());
var container = new Container("container", ContainerArgs.builder()
.storageAccountName(storage.name())
.containerAccessType("private")
.build());
final var example = StorageFunctions.getAccountBlobContainerSAS(GetAccountBlobContainerSASArgs.builder()
.connectionString(storage.primaryConnectionString())
.containerName(container.name())
.httpsOnly(true)
.ipAddress("168.1.5.65")
.start("2018-03-21")
.expiry("2018-03-21")
.permissions(GetAccountBlobContainerSASPermissionsArgs.builder()
.read(true)
.add(true)
.create(false)
.write(false)
.delete(true)
.list(true)
.build())
.cacheControl("max-age=5")
.contentDisposition("inline")
.contentEncoding("deflate")
.contentLanguage("en-US")
.contentType("application/json")
.build());
ctx.export("sasUrlQueryString", example.applyValue(getAccountBlobContainerSASResult -> getAccountBlobContainerSASResult).applyValue(example -> example.applyValue(getAccountBlobContainerSASResult -> getAccountBlobContainerSASResult.sas())));
}
}
import pulumi
import pulumi_azure as azure
rg = azure.core.ResourceGroup("rg", location="West Europe")
storage = azure.storage.Account("storage",
resource_group_name=rg.name,
location=rg.location,
account_tier="Standard",
account_replication_type="LRS")
container = azure.storage.Container("container",
storage_account_name=storage.name,
container_access_type="private")
example = azure.storage.get_account_blob_container_sas_output(connection_string=storage.primary_connection_string,
container_name=container.name,
https_only=True,
ip_address="168.1.5.65",
start="2018-03-21",
expiry="2018-03-21",
permissions=azure.storage.GetAccountBlobContainerSASPermissionsArgs(
read=True,
add=True,
create=False,
write=False,
delete=True,
list=True,
),
cache_control="max-age=5",
content_disposition="inline",
content_encoding="deflate",
content_language="en-US",
content_type="application/json")
pulumi.export("sasUrlQueryString", example.sas)
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
const rg = new azure.core.ResourceGroup("rg", {location: "West Europe"});
const storage = new azure.storage.Account("storage", {
resourceGroupName: rg.name,
location: rg.location,
accountTier: "Standard",
accountReplicationType: "LRS",
});
const container = new azure.storage.Container("container", {
storageAccountName: storage.name,
containerAccessType: "private",
});
const example = azure.storage.getAccountBlobContainerSASOutput({
connectionString: storage.primaryConnectionString,
containerName: container.name,
httpsOnly: true,
ipAddress: "168.1.5.65",
start: "2018-03-21",
expiry: "2018-03-21",
permissions: {
read: true,
add: true,
create: false,
write: false,
"delete": true,
list: true,
},
cacheControl: "max-age=5",
contentDisposition: "inline",
contentEncoding: "deflate",
contentLanguage: "en-US",
contentType: "application/json",
});
export const sasUrlQueryString = example.apply(example => example.sas);
resources:
rg:
type: azure:core:ResourceGroup
properties:
location: West Europe
storage:
type: azure:storage:Account
properties:
resourceGroupName: ${rg.name}
location: ${rg.location}
accountTier: Standard
accountReplicationType: LRS
container:
type: azure:storage:Container
properties:
storageAccountName: ${storage.name}
containerAccessType: private
variables:
example:
fn::invoke:
Function: azure:storage:getAccountBlobContainerSAS
Arguments:
connectionString: ${storage.primaryConnectionString}
containerName: ${container.name}
httpsOnly: true
ipAddress: 168.1.5.65
start: 2018-03-21
expiry: 2018-03-21
permissions:
read: true
add: true
create: false
write: false
delete: true
list: true
cacheControl: max-age=5
contentDisposition: inline
contentEncoding: deflate
contentLanguage: en-US
contentType: application/json
outputs:
sasUrlQueryString: ${example.sas}
Using getAccountBlobContainerSAS
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAccountBlobContainerSAS(args: GetAccountBlobContainerSASArgs, opts?: InvokeOptions): Promise<GetAccountBlobContainerSASResult>
function getAccountBlobContainerSASOutput(args: GetAccountBlobContainerSASOutputArgs, opts?: InvokeOptions): Output<GetAccountBlobContainerSASResult>def get_account_blob_container_sas(cache_control: Optional[str] = None,
connection_string: Optional[str] = None,
container_name: Optional[str] = None,
content_disposition: Optional[str] = None,
content_encoding: Optional[str] = None,
content_language: Optional[str] = None,
content_type: Optional[str] = None,
expiry: Optional[str] = None,
https_only: Optional[bool] = None,
ip_address: Optional[str] = None,
permissions: Optional[GetAccountBlobContainerSASPermissions] = None,
start: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAccountBlobContainerSASResult
def get_account_blob_container_sas_output(cache_control: Optional[pulumi.Input[str]] = None,
connection_string: Optional[pulumi.Input[str]] = None,
container_name: Optional[pulumi.Input[str]] = None,
content_disposition: Optional[pulumi.Input[str]] = None,
content_encoding: Optional[pulumi.Input[str]] = None,
content_language: Optional[pulumi.Input[str]] = None,
content_type: Optional[pulumi.Input[str]] = None,
expiry: Optional[pulumi.Input[str]] = None,
https_only: Optional[pulumi.Input[bool]] = None,
ip_address: Optional[pulumi.Input[str]] = None,
permissions: Optional[pulumi.Input[GetAccountBlobContainerSASPermissionsArgs]] = None,
start: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAccountBlobContainerSASResult]func GetAccountBlobContainerSAS(ctx *Context, args *GetAccountBlobContainerSASArgs, opts ...InvokeOption) (*GetAccountBlobContainerSASResult, error)
func GetAccountBlobContainerSASOutput(ctx *Context, args *GetAccountBlobContainerSASOutputArgs, opts ...InvokeOption) GetAccountBlobContainerSASResultOutput> Note: This function is named GetAccountBlobContainerSAS in the Go SDK.
public static class GetAccountBlobContainerSAS
{
public static Task<GetAccountBlobContainerSASResult> InvokeAsync(GetAccountBlobContainerSASArgs args, InvokeOptions? opts = null)
public static Output<GetAccountBlobContainerSASResult> Invoke(GetAccountBlobContainerSASInvokeArgs args, InvokeOptions? opts = null)
}public static CompletableFuture<GetAccountBlobContainerSASResult> getAccountBlobContainerSAS(GetAccountBlobContainerSASArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: azure:storage/getAccountBlobContainerSAS:getAccountBlobContainerSAS
arguments:
# arguments dictionaryThe following arguments are supported:
- Connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- Container
Name string Name of the container.
- Expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- Permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- Start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- Cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- Content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- Content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- Content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- Content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- Https
Only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- Ip
Address string Single IPv4 address or range (connected with a dash) of IPv4 addresses.
- Connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- Container
Name string Name of the container.
- Expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- Permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- Start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- Cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- Content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- Content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- Content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- Content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- Https
Only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- Ip
Address string Single IPv4 address or range (connected with a dash) of IPv4 addresses.
- connection
String String The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container
Name String Name of the container.
- expiry String
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- start String
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache
Control String The
Cache-Controlresponse header that is sent when this SAS token is used.- content
Disposition String The
Content-Dispositionresponse header that is sent when this SAS token is used.- content
Encoding String The
Content-Encodingresponse header that is sent when this SAS token is used.- content
Language String The
Content-Languageresponse header that is sent when this SAS token is used.- content
Type String The
Content-Typeresponse header that is sent when this SAS token is used.- https
Only Boolean Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip
Address String Single IPv4 address or range (connected with a dash) of IPv4 addresses.
- connection
String string The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container
Name string Name of the container.
- expiry string
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- start string
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache
Control string The
Cache-Controlresponse header that is sent when this SAS token is used.- content
Disposition string The
Content-Dispositionresponse header that is sent when this SAS token is used.- content
Encoding string The
Content-Encodingresponse header that is sent when this SAS token is used.- content
Language string The
Content-Languageresponse header that is sent when this SAS token is used.- content
Type string The
Content-Typeresponse header that is sent when this SAS token is used.- https
Only boolean Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip
Address string Single IPv4 address or range (connected with a dash) of IPv4 addresses.
- connection_
string str The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container_
name str Name of the container.
- expiry str
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions
Get
Account Blob Container SASPermissions A
permissionsblock as defined below.- start str
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache_
control str The
Cache-Controlresponse header that is sent when this SAS token is used.- content_
disposition str The
Content-Dispositionresponse header that is sent when this SAS token is used.- content_
encoding str The
Content-Encodingresponse header that is sent when this SAS token is used.- content_
language str The
Content-Languageresponse header that is sent when this SAS token is used.- content_
type str The
Content-Typeresponse header that is sent when this SAS token is used.- https_
only bool Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip_
address str Single IPv4 address or range (connected with a dash) of IPv4 addresses.
- connection
String String The connection string for the storage account to which this SAS applies. Typically directly from the
primary_connection_stringattribute of anazure.storage.Accountresource.- container
Name String Name of the container.
- expiry String
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
- permissions Property Map
A
permissionsblock as defined below.- start String
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
- cache
Control String The
Cache-Controlresponse header that is sent when this SAS token is used.- content
Disposition String The
Content-Dispositionresponse header that is sent when this SAS token is used.- content
Encoding String The
Content-Encodingresponse header that is sent when this SAS token is used.- content
Language String The
Content-Languageresponse header that is sent when this SAS token is used.- content
Type String The
Content-Typeresponse header that is sent when this SAS token is used.- https
Only Boolean Only permit
httpsaccess. Iffalse, bothhttpandhttpsare permitted. Defaults totrue.- ip
Address String Single IPv4 address or range (connected with a dash) of IPv4 addresses.
getAccountBlobContainerSAS Result
The following output properties are available:
- Connection
String string - Container
Name string - Expiry string
- Id string
The provider-assigned unique ID for this managed resource.
- Permissions
Get
Account Blob Container SASPermissions - Sas string
The computed Blob Container Shared Access Signature (SAS).
- Start string
- Cache
Control string - Content
Disposition string - Content
Encoding string - Content
Language string - Content
Type string - Https
Only bool - Ip
Address string
- Connection
String string - Container
Name string - Expiry string
- Id string
The provider-assigned unique ID for this managed resource.
- Permissions
Get
Account Blob Container SASPermissions - Sas string
The computed Blob Container Shared Access Signature (SAS).
- Start string
- Cache
Control string - Content
Disposition string - Content
Encoding string - Content
Language string - Content
Type string - Https
Only bool - Ip
Address string
- connection
String String - container
Name String - expiry String
- id String
The provider-assigned unique ID for this managed resource.
- permissions
Get
Account Blob Container SASPermissions - sas String
The computed Blob Container Shared Access Signature (SAS).
- start String
- cache
Control String - content
Disposition String - content
Encoding String - content
Language String - content
Type String - https
Only Boolean - ip
Address String
- connection
String string - container
Name string - expiry string
- id string
The provider-assigned unique ID for this managed resource.
- permissions
Get
Account Blob Container SASPermissions - sas string
The computed Blob Container Shared Access Signature (SAS).
- start string
- cache
Control string - content
Disposition string - content
Encoding string - content
Language string - content
Type string - https
Only boolean - ip
Address string
- connection_
string str - container_
name str - expiry str
- id str
The provider-assigned unique ID for this managed resource.
- permissions
Get
Account Blob Container SASPermissions - sas str
The computed Blob Container Shared Access Signature (SAS).
- start str
- cache_
control str - content_
disposition str - content_
encoding str - content_
language str - content_
type str - https_
only bool - ip_
address str
- connection
String String - container
Name String - expiry String
- id String
The provider-assigned unique ID for this managed resource.
- permissions Property Map
- sas String
The computed Blob Container Shared Access Signature (SAS).
- start String
- cache
Control String - content
Disposition String - content
Encoding String - content
Language String - content
Type String - https
Only Boolean - ip
Address String
Supporting Types
GetAccountBlobContainerSASPermissions
- Add bool
Should Add permissions be enabled for this SAS?
- Create bool
Should Create permissions be enabled for this SAS?
- Delete bool
Should Delete permissions be enabled for this SAS?
- List bool
Should List permissions be enabled for this SAS?
- Read bool
Should Read permissions be enabled for this SAS?
- Write bool
Should Write permissions be enabled for this SAS?
- Add bool
Should Add permissions be enabled for this SAS?
- Create bool
Should Create permissions be enabled for this SAS?
- Delete bool
Should Delete permissions be enabled for this SAS?
- List bool
Should List permissions be enabled for this SAS?
- Read bool
Should Read permissions be enabled for this SAS?
- Write bool
Should Write permissions be enabled for this SAS?
- add Boolean
Should Add permissions be enabled for this SAS?
- create Boolean
Should Create permissions be enabled for this SAS?
- delete Boolean
Should Delete permissions be enabled for this SAS?
- list Boolean
Should List permissions be enabled for this SAS?
- read Boolean
Should Read permissions be enabled for this SAS?
- write Boolean
Should Write permissions be enabled for this SAS?
- add boolean
Should Add permissions be enabled for this SAS?
- create boolean
Should Create permissions be enabled for this SAS?
- delete boolean
Should Delete permissions be enabled for this SAS?
- list boolean
Should List permissions be enabled for this SAS?
- read boolean
Should Read permissions be enabled for this SAS?
- write boolean
Should Write permissions be enabled for this SAS?
- add bool
Should Add permissions be enabled for this SAS?
- create bool
Should Create permissions be enabled for this SAS?
- delete bool
Should Delete permissions be enabled for this SAS?
- list bool
Should List permissions be enabled for this SAS?
- read bool
Should Read permissions be enabled for this SAS?
- write bool
Should Write permissions be enabled for this SAS?
- add Boolean
Should Add permissions be enabled for this SAS?
- create Boolean
Should Create permissions be enabled for this SAS?
- delete Boolean
Should Delete permissions be enabled for this SAS?
- list Boolean
Should List permissions be enabled for this SAS?
- read Boolean
Should Read permissions be enabled for this SAS?
- write Boolean
Should Write permissions be enabled for this SAS?
Package Details
- Repository
- Azure Classic pulumi/pulumi-azure
- License
- Apache-2.0
- Notes
This Pulumi package is based on the
azurermTerraform Provider.