There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact

Commit 2c0d384b authored by Yannick's avatar Yannick
Browse files

dask auth using sas token

parent f4b67410
Pipeline #50585 passed with stage
in 27 seconds
from typing import Optional
from datetime import datetime, timedelta
import adlfs
import fsspec
from import generate_account_sas, ResourceTypes, AccountSasPermissions
from import DaskStorageParameters
from import Tenant
......@@ -17,7 +19,10 @@ class AzureBlobFileSystemWithDefaultCredentials(adlfs.AzureBlobFileSystem):
def __init__(self, *args, **kwargs):
has_credential = (
"credential" in kwargs or "account_key" in kwargs or "connection_string" in kwargs
"credential" in kwargs
or "account_key" in kwargs
or "connection_string" in kwargs
or "sas_token" in kwargs
if not has_credential:
kwargs["credential"] = AzureAioBlobStorage._get_credentials()
......@@ -34,7 +39,17 @@ async def get_dask_storage_parameters(tenant: Tenant, directory: Optional[str] =
storage_account_name = partition_info.get_value(STORAGE_ACCOUNT_NAME)
storage_account_key = partition_info.get_value(STORAGE_ACCOUNT_KEY)
storage_options = {'account_name': storage_account_name, 'account_key': storage_account_key}
sas_token = generate_account_sas(
resource_types=ResourceTypes(object=True), # only request access to blob, not container nor service
permission=AccountSasPermissions(read=True, write=True, delete=True,
list=True, add=True, create=True, update=True,
process=True, delete_previous_version=True),
expiry=datetime.utcnow() + timedelta(minutes=10)
storage_options = {'account_name': storage_account_name, 'sas_token': sas_token}
base_directory = f'{tenant.bucket_name}/{directory}' if directory else tenant.bucket_name
import base64
import pytest
from mock import patch
import fsspec
import uuid
from import Tenant
from osdu_az.partition.partition_info import PartitionInfo
from osdu_az.partition.partition_service import PartitionService
from import AzureAioBlobStorage
from import get_dask_storage_parameters
......@@ -13,8 +16,20 @@ from tests.conftest import Config
def with_azurite_credentials() -> AzureAioBlobStorage:
partition_info = PartitionInfo(
"storage-account-key": {
"sensitive": False,
"value": base64.b64encode(b"storage-account-key")
"storage-account-name": {
"sensitive": False,
"value": "opendes-storage"
with patch.object(AzureAioBlobStorage, '_get_credentials', return_value=Config.credentials):
with patch.object(PartitionService, 'get_storage_account_name', return_value=Config.storage_account_name):
with patch.object(PartitionService, 'get_partition', return_value=partition_info):
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment