There is a security vulnerability in SSH key-generation using GitKraken < v8.0.1. If you used this tool to create SSH keys, please update GitKraken and regenerate. If you need help with this, contact forum-support@opengroup.org

Commit 2c0d384b authored by Yannick's avatar Yannick
Browse files

dask auth using sas token

parent f4b67410
Pipeline #50585 passed with stage
in 27 seconds
from typing import Optional
from datetime import datetime, timedelta
import adlfs
import fsspec
from azure.storage.blob import generate_account_sas, ResourceTypes, AccountSasPermissions
from osdu.core.api.storage.dask_storage_parameters import DaskStorageParameters
from osdu.core.api.storage.tenant import Tenant
......@@ -17,7 +19,10 @@ class AzureBlobFileSystemWithDefaultCredentials(adlfs.AzureBlobFileSystem):
def __init__(self, *args, **kwargs):
has_credential = (
"credential" in kwargs or "account_key" in kwargs or "connection_string" in kwargs
"credential" in kwargs
or "account_key" in kwargs
or "connection_string" in kwargs
or "sas_token" in kwargs
)
if not has_credential:
kwargs["credential"] = AzureAioBlobStorage._get_credentials()
......@@ -34,7 +39,17 @@ async def get_dask_storage_parameters(tenant: Tenant, directory: Optional[str] =
storage_account_name = partition_info.get_value(STORAGE_ACCOUNT_NAME)
storage_account_key = partition_info.get_value(STORAGE_ACCOUNT_KEY)
storage_options = {'account_name': storage_account_name, 'account_key': storage_account_key}
sas_token = generate_account_sas(
storage_account_name,
account_key=storage_account_key,
resource_types=ResourceTypes(object=True), # only request access to blob, not container nor service
permission=AccountSasPermissions(read=True, write=True, delete=True,
list=True, add=True, create=True, update=True,
process=True, delete_previous_version=True),
expiry=datetime.utcnow() + timedelta(minutes=10)
)
storage_options = {'account_name': storage_account_name, 'sas_token': sas_token}
base_directory = f'{tenant.bucket_name}/{directory}' if directory else tenant.bucket_name
......
import base64
import pytest
from mock import patch
import fsspec
import uuid
from osdu.core.api.storage.tenant import Tenant
from osdu_az.partition.partition_info import PartitionInfo
from osdu_az.partition.partition_service import PartitionService
from osdu_az.storage.blob_storage_az import AzureAioBlobStorage
from osdu_az.storage.dask_storage_parameters import get_dask_storage_parameters
......@@ -13,8 +16,20 @@ from tests.conftest import Config
@pytest.fixture
def with_azurite_credentials() -> AzureAioBlobStorage:
partition_info = PartitionInfo(
{
"storage-account-key": {
"sensitive": False,
"value": base64.b64encode(b"storage-account-key")
},
"storage-account-name": {
"sensitive": False,
"value": "opendes-storage"
}
})
with patch.object(AzureAioBlobStorage, '_get_credentials', return_value=Config.credentials):
with patch.object(PartitionService, 'get_storage_account_name', return_value=Config.storage_account_name):
with patch.object(PartitionService, 'get_partition', return_value=partition_info):
yield
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment