search

fsprojects / AzureStorageTypeProvider

An F# Azure Type Provider which can be used to explore Blob, Table and Queue Azure Storage assets and easily apply CRUD operations on them.
http://fsprojects.github.io/AzureStorageTypeProvider/
The Unlicense
84 stars 34 forks source link

SAS Token Generation for Queues: Feature Request/API design question #90

Closed WilliamOckham closed 7 years ago

WilliamOckham commented 7 years ago

I would like to extend the ProvidedQueue.GenerateSharedAccessSignature method to allow generating SAS tokens with limited permissions. SAS tokens are intended to be used by other processes and many scenarios involve limiting the permissions of those processes.

The permissions model for Azure Storage Queues is confusing, due to terrible naming and some unfortunate design decisions. We can't do anything about the design designs, but we're not stuck with the naming conventions. I would like to use a type that maps the Azure permissions to the capabilities that the provided types use.

[<System.FlagsAttribute>]
type QueuePermission = 
    | Peek = 1 // SharedAccessQueuePermissions.Read
    | Enqueue = 2 // SharedAccessQueuePermissions.Add
    | UpdateMessage = 4 // SharedAccessQueuePermissions.Update
    | DequeueAndDeleteMessageAndClear = 8 // SharedAccessQueuePermissions.ProcessMessages

Then I would add an optional permissions parameter to the method used to request the tokens. Omitting the parameter would return a full permissions SAS token so that this would be a non-breaking change:

ProvidedQueue.GenerateSharedAccessSignature(duration, ?start, ?connectionString, ?permissions)

I would like feedback on whether this design makes sense to other folks. Based on that feedback, I would be willing to submit a PR including implementation, documentation, and unit tests.

isaacabraham commented 7 years ago

Yep, sounds like a great idea. I'd always wanted to enhance the SAS token model in the TP but had never gotten around to it.