forked from pulumi/examples
-
Notifications
You must be signed in to change notification settings - Fork 0
/
sas.ts
37 lines (33 loc) · 1.46 KB
/
sas.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";
import * as azurestorage from "azure-storage";
// Given an Azure blob, create a SAS URL that can read it.
export function signedBlobReadUrl(
blob: azure.storage.Blob | azure.storage.ZipBlob,
account: azure.storage.Account,
container: azure.storage.Container,
): pulumi.Output<string> {
// Choose a fixed, far-future expiration date for signed blob URLs.
// The shared access signature (SAS) we generate for the Azure storage blob must remain valid for as long as the
// Function App is deployed, since new instances will download the code on startup. By using a fixed date, rather
// than (e.g.) "today plus ten years", the signing operation is idempotent.
const signatureExpiration = new Date(2100, 1);
return pulumi.all([
account.primaryConnectionString,
container.name,
blob.name,
]).apply(([connectionString, containerName, blobName]) => {
let blobService = new azurestorage.BlobService(connectionString);
let signature = blobService.generateSharedAccessSignature(
containerName,
blobName,
{
AccessPolicy: {
Expiry: signatureExpiration,
Permissions: azurestorage.BlobUtilities.SharedAccessPermissions.READ,
},
}
);
return blobService.getUrl(containerName, blobName, signature);
});
}