Open stenneepro opened 1 month ago
Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.
@stenneepro do you mean Azure Storage Blob services or Azure Storage File Share? Our Azure SDK clients for both have funtionality to generate a SAS url for a specific resource, for example, https://learn.microsoft.com/en-us/javascript/api/@azure/storage-file-share/shareclient?view=azure-node-latest#@azure-storage-file-share-shareclient-generatesasurl
We also have helpers to generate the sas token: https://github.com/Azure/azure-sdk-for-js/blob/a438b8ae966e7fcf70ba8bbd0fc9f68feb67b29d/sdk/storage/storage-file-share/test/node/fileclient.spec.ts#L289-L305
@jeremymeng
I mean Azure Blob Storage account. And what I'm looking for is how to create SAS token for folder not file.
I couldn't find a way to create SAS token for folder, so I had to create container SAS token. It means users who has the container SAS token can access any files in the container, I want to restrict access to specific folders based on end user roles.
@stenneepro The "folder" in Blob is not a real folder. It is just a virtual hierachy based on the separators in the blob names. So basically you can only have permissions on containers and blobs.
@jeremymeng
Even for data lake blob storage account?
Hierarchical namespace
is enabled for the storage account.
@jeremymeng I can see the same function in the Azure portal.
For Hierarchical namespace enabled storage account you can check out the @azure/storage-file-datalake package, for example https://learn.microsoft.com/en-us/javascript/api/@azure/storage-file-datalake/datalakedirectoryclient?view=azure-node-latest#@azure-storage-file-datalake-datalakedirectoryclient-generatesasurl
@jeremymeng The url which you posted the above comment is to create service SAS.
We have to create user delegation SAS
@stenneepro It should support user delegation credential as well. Maybe doc is outdated. I found this example for generating the SAS token for file system:
I want to create a SAS token which retricts access to only specific folder and children files. I can see the above function in the Azure portal, but can not find the same function in the SDK.