the-codinator · December 24, 2020 05:51 · the-codinator · Dec 23, 2020
diff --git a/azure-storage-blob-container-sas-uri.js b/azure-storage-blob-container-sas-uri.js
 /* Script to create a serive SAS URI for an Azure Blob Storage Container */

 const { generateBlobSASQueryParameters, SASProtocol, StorageSharedKeyCredential } = require('@azure/storage-blob'); // v12.x

 function generageBlobSasSignatureValues(blobContainerName, storedPolicyName, overrides) {
  const startsOn = new Date();
  const expiresOn = new Date(startsOn.getTime() + 86400_000); // 1 day - customizable
  const permissions = storedPolicyName ? undefined : 'racwl'; // All but delete, Max permissions are 'racwdl'
  // Stored Access Policy (for the container) defines the permissions and optionally startsOn & expiresOn
  // Using an Access Policy allows us to invalidate SAS by deleting the policy
  // Re-create the Policy with the same name but a higher startsOn to invalidate old SAS (to be tested/confirmed)

  const blobSasSignatureValues = {
    version: '2020-04-08', // Can skip to use SDK default
    protocol: SASProtocol.Https, // Default is HttpsAndHttp
    startsOn,
    expiresOn,
    permissions,
    ipRange: undefined, // IP based filtering - can be ADF's Integration Runtime's Egress IPs
    containerName: blobContainerName,
    identifier: storedPolicyName,
    correlationId: undefined, // For correlating logs with Azure
    // Skipped fields for blob file level SAS
  };

  return Object.assign(blobSasSignatureValues, overrides);
 }

 function generateSasUri(storageAccountName, storageAccessKey, blobContainerName, storedPolicyName, overrides) {
  const blobSasSignatureValues = generageBlobSasSignatureValues(blobContainerName, storedPolicyName, overrides);
  const storageSharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccessKey);
  const query = generateBlobSASQueryParameters(blobSasSignatureValues, storageSharedKeyCredential);
  return `https://${storageAccountName}.blob.core.windows.net/${blobContainerName}?${query.toString()}`;
 }

 function printSasUri(container) {
  const account = 'myStorageAccountName';
  const key = '***myStorageAccountAccessKey***';
  const policy = 'myStorageBlobContainerAccessPolicyName';
  const sasUri = generateSasUri(account, key, container, policy);
  console.log(sasUri);
 }

 printSasUri('myStorageBlobContainerName');
	/* Script to create a serive SAS URI for an Azure Blob Storage Container */

	const { generateBlobSASQueryParameters, SASProtocol, StorageSharedKeyCredential } = require('@azure/storage-blob'); // v12.x

	function generageBlobSasSignatureValues(blobContainerName, storedPolicyName, overrides) {
	const startsOn = new Date();
	const expiresOn = new Date(startsOn.getTime() + 86400_000); // 1 day - customizable
	const permissions = storedPolicyName ? undefined : 'racwl'; // All but delete, Max permissions are 'racwdl'
	// Stored Access Policy (for the container) defines the permissions and optionally startsOn & expiresOn
	// Using an Access Policy allows us to invalidate SAS by deleting the policy
	// Re-create the Policy with the same name but a higher startsOn to invalidate old SAS (to be tested/confirmed)

	const blobSasSignatureValues = {
	version: '2020-04-08', // Can skip to use SDK default
	protocol: SASProtocol.Https, // Default is HttpsAndHttp
	startsOn,
	expiresOn,
	permissions,
	ipRange: undefined, // IP based filtering - can be ADF's Integration Runtime's Egress IPs
	containerName: blobContainerName,
	identifier: storedPolicyName,
	correlationId: undefined, // For correlating logs with Azure
	// Skipped fields for blob file level SAS
	};

	return Object.assign(blobSasSignatureValues, overrides);
	}

	function generateSasUri(storageAccountName, storageAccessKey, blobContainerName, storedPolicyName, overrides) {
	const blobSasSignatureValues = generageBlobSasSignatureValues(blobContainerName, storedPolicyName, overrides);
	const storageSharedKeyCredential = new StorageSharedKeyCredential(storageAccountName, storageAccessKey);
	const query = generateBlobSASQueryParameters(blobSasSignatureValues, storageSharedKeyCredential);
	return `https://${storageAccountName}.blob.core.windows.net/${blobContainerName}?${query.toString()}`;
	}

	function printSasUri(container) {
	const account = 'myStorageAccountName';
	const key = '*myStorageAccountAccessKey*';
	const policy = 'myStorageBlobContainerAccessPolicyName';
	const sasUri = generateSasUri(account, key, container, policy);
	console.log(sasUri);
	}

	printSasUri('myStorageBlobContainerName');