forked from pulumi/examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
helpers.ts
45 lines (38 loc) · 2.32 KB
/
helpers.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
// Copyright 2016-2021, Pulumi Corporation. All rights reserved.
import * as azure from "@pulumi/azure";
import * as storage from "@pulumi/azure-nextgen/storage/latest";
import * as pulumi from "@pulumi/pulumi";
export function getConnectionString(resourceGroupName: pulumi.Input<string>, accountName: pulumi.Input<string>): pulumi.Output<string> {
// Retrieve the primary storage account key.
const storageAccountKeys = pulumi.all([resourceGroupName, accountName]).apply(([resourceGroupName, accountName]) =>
storage.listStorageAccountKeys({ resourceGroupName, accountName }));
const primaryStorageKey = storageAccountKeys.keys[0].value;
// Build the connection string to the storage account.
return pulumi.interpolate`DefaultEndpointsProtocol=https;AccountName=${accountName};AccountKey=${primaryStorageKey}`;
}
export function signedBlobReadUrl(resourceGroupName: pulumi.Input<string>, accountName: pulumi.Input<string>, containerName: pulumi.Input<string>, blobName: pulumi.Input<string>): pulumi.Output<string> {
const primaryConnectionString = getConnectionString(resourceGroupName, accountName);
// Choose a fixed, far-future expiration date for signed blob URLs. The shared access signature
// (SAS) we generate for the Azure storage blob must remain valid for as long as the Function
// App is deployed, since new instances will download the code on startup. By using a fixed
// date, rather than (e.g.) "today plus ten years", the signing operation is idempotent.
const signatureExpiration = "2100-01-01";
return pulumi.all([accountName, primaryConnectionString, containerName, blobName]).apply(
async ([accountName, connectionString, containerName, blobName]) => {
const sas = await azure.storage.getAccountBlobContainerSAS({
connectionString,
containerName,
start: "2019-01-01",
expiry: signatureExpiration,
permissions: {
read: true,
write: false,
delete: false,
list: false,
add: false,
create: false,
},
}, { async: true });
return `https://${accountName}.blob.core.windows.net/${containerName}/${blobName}${sas.sas}`;
});
}