get
Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account. Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account. Note that this is an Account SAS and not a Service SAS.
Example Usage
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.azure.core.ResourceGroup;
import com.pulumi.azure.core.ResourceGroupArgs;
import com.pulumi.azure.storage.Account;
import com.pulumi.azure.storage.AccountArgs;
import com.pulumi.azure.storage.StorageFunctions;
import com.pulumi.azure.storage.inputs.GetAccountSASArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASResourceTypesArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASServicesArgs;
import com.pulumi.azure.storage.inputs.GetAccountSASPermissionsArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var exampleResourceGroup = new ResourceGroup("exampleResourceGroup", ResourceGroupArgs.builder()
.location("West Europe")
.build());
var exampleAccount = new Account("exampleAccount", AccountArgs.builder()
.resourceGroupName(exampleResourceGroup.name())
.location(exampleResourceGroup.location())
.accountTier("Standard")
.accountReplicationType("GRS")
.tags(Map.of("environment", "staging"))
.build());
final var exampleAccountSAS = StorageFunctions.getAccountSAS(GetAccountSASArgs.builder()
.connectionString(exampleAccount.primaryConnectionString())
.httpsOnly(true)
.signedVersion("2017-07-29")
.resourceTypes(GetAccountSASResourceTypesArgs.builder()
.service(true)
.container(false)
.object(false)
.build())
.services(GetAccountSASServicesArgs.builder()
.blob(true)
.queue(false)
.table(false)
.file(false)
.build())
.start("2018-03-21T00:00:00Z")
.expiry("2020-03-21T00:00:00Z")
.permissions(GetAccountSASPermissionsArgs.builder()
.read(true)
.write(true)
.delete(false)
.list(false)
.add(true)
.create(true)
.update(false)
.process(false)
.tag(false)
.filter(false)
.build())
.build());
ctx.export("sasUrlQueryString", exampleAccountSAS.applyValue(getAccountSASResult -> getAccountSASResult).applyValue(exampleAccountSAS -> exampleAccountSAS.applyValue(getAccountSASResult -> getAccountSASResult.sas())));
}
}Return
A collection of values returned by getAccountSAS.
Parameters
A collection of arguments for invoking getAccountSAS.
Return
A collection of values returned by getAccountSAS.
See also
Parameters
The connection string for the storage account to which this SAS applies. Typically directly from the primary_connection_string attribute of a azure.storage.Account resource.
The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string.
NOTE: The ISO-8601 Time offset from UTC is currently not supported by the service, which will result into 409 error.
Only permit https access. If false, both http and https are permitted. Defaults to true.
IP address, or a range of IP addresses, from which to accept requests. When specifying a range, note that the range is inclusive.
A permissions block as defined below.
A resource_types block as defined below.
A services block as defined below.
Specifies the signed storage service version to use to authorize requests made with this account SAS. Defaults to 2017-07-29.
The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string.
Return
A collection of values returned by getAccountSAS.
See also
Parameters
Builder for com.pulumi.azure.storage.kotlin.inputs.GetAccountSASPlainArgs.