[Storage] [STG 95] Merge STG 95 into main branch (#36770)

Author: weirongw23-msft

sdk/storage/azure-storage-blob/CHANGELOG.md

@@ -1,9 +1,12 @@
 # Release History
 
-## 12.23.0b1 (Unreleased)
+## 12.23.0b1 (2024-08-07)
 
 ### Features Added
+- Added support for service version 2024-11-04.
 
+### Other Changes
+- Bumped minimum `azure-core` dependency to 1.30.0.
 
 ## 12.22.0 (2024-08-06)
 

sdk/storage/azure-storage-blob/azure/storage/blob/_serialize.py

@@ -56,6 +56,7 @@
     '2023-11-03',
     '2024-05-04',
     '2024-08-04',
+    '2024-11-04',
 ]
 
 

sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py

@@ -107,8 +107,17 @@ def __init__(self, account_name, account_key, x_ms_version=X_MS_VERSION):
         self.account_key = account_key
         self.x_ms_version = x_ms_version
 
-    def generate_account(self, services, resource_types, permission, expiry, start=None,
-                         ip=None, protocol=None, **kwargs) -> str:
+    def generate_account(
+        self, services,
+        resource_types,
+        permission,
+        expiry,
+        start=None,
+        ip=None,
+        protocol=None,
+        sts_hook=None,
+        **kwargs
+    ) -> str:
         '''
         Generates a shared access signature for the account.
         Use the returned signature with the sas_token parameter of the service
@@ -152,6 +161,10 @@ def generate_account(self, services, resource_types, permission, expiry, start=N
         :keyword str encryption_scope:
             Optional. If specified, this is the encryption scope to use when sending requests
             authorized with this SAS URI.
+        :param sts_hook:
+            For debugging purposes only. If provided, the hook is called with the string to sign
+            that was used to generate the SAS.
+        :type sts_hook: Optional[Callable[[str], None]]
         :returns: The generated SAS token for the account.
         :rtype: str
         '''
@@ -161,12 +174,16 @@ def generate_account(self, services, resource_types, permission, expiry, start=N
         sas.add_encryption_scope(**kwargs)
         sas.add_account_signature(self.account_name, self.account_key)
 
+        if sts_hook is not None:
+            sts_hook(sas.string_to_sign)
+
         return sas.get_token()
 
 
 class _SharedAccessHelper(object):
     def __init__(self):
         self.query_dict = {}
+        self.string_to_sign = ""
 
     def _add_query(self, name, val):
         if val:
@@ -229,6 +246,7 @@ def get_value_to_append(query):
 
         self._add_query(QueryStringConstants.SIGNED_SIGNATURE,
                         sign_string(account_key, string_to_sign))
+        self.string_to_sign = string_to_sign
 
     def get_token(self) -> str:
         return '&'.join([f'{n}={url_quote(v)}' for n, v in self.query_dict.items() if v is not None])

sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py

@@ -5,7 +5,10 @@
 # --------------------------------------------------------------------------
 # pylint: disable=docstring-keyword-should-match-keyword-only
 
-from typing import Union, Optional, Any, TYPE_CHECKING
+from typing import (
+    Any, Callable, Optional, Union,
+    TYPE_CHECKING
+)
 from urllib.parse import parse_qs
 
 from ._shared import sign_string, url_quote
@@ -64,6 +67,7 @@ def generate_blob(
         content_encoding: Optional[str] = None,
         content_language: Optional[str] = None,
         content_type: Optional[str] = None,
+        sts_hook: Optional[Callable[[str], None]] = None,
         **kwargs: Any
     ) -> str:
         '''
@@ -132,6 +136,10 @@ def generate_blob(
         :param str content_type:
             Response header value for Content-Type when resource is accessed
             using this shared access signature.
+        :param sts_hook:
+            For debugging purposes only. If provided, the hook is called with the string to sign
+            that was used to generate the SAS.
+        :type sts_hook: Optional[Callable[[str], None]]
         :return: A Shared Access Signature (sas) token.
         :rtype: str
         '''
@@ -155,6 +163,9 @@ def generate_blob(
         sas.add_resource_signature(self.account_name, self.account_key, resource_path,
                                    user_delegation_key=self.user_delegation_key)
 
+        if sts_hook is not None:
+            sts_hook(sas.string_to_sign)
+
         return sas.get_token()
 
     def generate_container(
@@ -170,6 +181,7 @@ def generate_container(
         content_encoding: Optional[str] = None,
         content_language: Optional[str] = None,
         content_type: Optional[str] = None,
+        sts_hook: Optional[Callable[[str], None]] = None,
         **kwargs: Any
     ) -> str:
         '''
@@ -228,6 +240,10 @@ def generate_container(
         :param str content_type:
             Response header value for Content-Type when resource is accessed
             using this shared access signature.
+        :param sts_hook:
+            For debugging purposes only. If provided, the hook is called with the string to sign
+            that was used to generate the SAS.
+        :type sts_hook: Optional[Callable[[str], None]]
         :return: A Shared Access Signature (sas) token.
         :rtype: str
         '''
@@ -242,6 +258,10 @@ def generate_container(
         sas.add_info_for_hns_account(**kwargs)
         sas.add_resource_signature(self.account_name, self.account_key, container_name,
                                    user_delegation_key=self.user_delegation_key)
+
+        if sts_hook is not None:
+            sts_hook(sas.string_to_sign)
+
         return sas.get_token()
 
 
@@ -316,6 +336,7 @@ def add_resource_signature(self, account_name, account_key, path, user_delegatio
         self._add_query(QueryStringConstants.SIGNED_SIGNATURE,
                         sign_string(account_key if user_delegation_key is None else user_delegation_key.value,
                                     string_to_sign))
+        self.string_to_sign = string_to_sign
 
     def get_token(self) -> str:
         # a conscious decision was made to exclude the timestamp in the generated token
@@ -335,6 +356,7 @@ def generate_account_sas(
     ip: Optional[str] = None,
     *,
     services: Union[Services, str] = Services(blob=True),
+    sts_hook: Optional[Callable[[str], None]] = None,
     **kwargs: Any
 ) -> str:
     """Generates a shared access signature for the blob service.
@@ -376,6 +398,10 @@ def generate_account_sas(
         Specifies the protocol permitted for a request made. The default value is https.
     :keyword str encryption_scope:
         Specifies the encryption scope for a request made so that all write operations will be service encrypted.
+    :keyword sts_hook:
+        For debugging purposes only. If provided, the hook is called with the string to sign
+        that was used to generate the SAS.
+    :paramtype sts_hook: Optional[Callable[[str], None]]
     :return: A Shared Access Signature (sas) token.
     :rtype: str
 
@@ -396,6 +422,7 @@ def generate_account_sas(
         expiry=expiry,
         start=start,
         ip=ip,
+        sts_hook=sts_hook,
         **kwargs
     )
 
@@ -410,6 +437,8 @@ def generate_container_sas(
     start: Optional[Union["datetime", str]] = None,
     policy_id: Optional[str] = None,
     ip: Optional[str] = None,
+    *,
+    sts_hook: Optional[Callable[[str], None]] = None,
     **kwargs: Any
 ) -> str:
     """Generates a shared access signature for a container.
@@ -483,6 +512,10 @@ def generate_container_sas(
     :keyword str correlation_id:
         The correlation id to correlate the storage audit logs with the audit logs used by the principal
         generating and distributing the SAS. This can only be used when generating a SAS with delegation key.
+    :keyword sts_hook:
+        For debugging purposes only. If provided, the hook is called with the string to sign
+        that was used to generate the SAS.
+    :paramtype sts_hook: Optional[Callable[[str], None]]
     :return: A Shared Access Signature (sas) token.
     :rtype: str
 
@@ -515,6 +548,7 @@ def generate_container_sas(
         start=start,
         policy_id=policy_id,
         ip=ip,
+        sts_hook=sts_hook,
         **kwargs
     )
 
@@ -531,6 +565,8 @@ def generate_blob_sas(
     start: Optional[Union["datetime", str]] = None,
     policy_id: Optional[str] = None,
     ip: Optional[str] = None,
+    *,
+    sts_hook: Optional[Callable[[str], None]] = None,
     **kwargs: Any
 ) -> str:
     """Generates a shared access signature for a blob.
@@ -616,6 +652,10 @@ def generate_blob_sas(
     :keyword str correlation_id:
         The correlation id to correlate the storage audit logs with the audit logs used by the principal
         generating and distributing the SAS. This can only be used when generating a SAS with delegation key.
+    :keyword sts_hook:
+        For debugging purposes only. If provided, the hook is called with the string to sign
+        that was used to generate the SAS.
+    :paramtype sts_hook: Optional[Callable[[str], None]]
     :return: A Shared Access Signature (sas) token.
     :rtype: str
     """
@@ -645,6 +685,7 @@ def generate_blob_sas(
         start=start,
         policy_id=policy_id,
         ip=ip,
+        sts_hook=sts_hook,
         **kwargs
     )
 

sdk/storage/azure-storage-blob/setup.py

@@ -78,14 +78,14 @@
     ]),
     python_requires=">=3.8",
     install_requires=[
-        "azure-core>=1.28.0",
+        "azure-core>=1.30.0",
         "cryptography>=2.1.4",
         "typing-extensions>=4.6.0",
         "isodate>=0.6.1"
     ],
     extras_require={
         "aio": [
-            "azure-core[aio]>=1.28.0",
+            "azure-core[aio]>=1.30.0",
         ],
     },
 )

sdk/storage/azure-storage-file-datalake/CHANGELOG.md

@@ -1,9 +1,12 @@
 # Release History
 
-## 12.17.0b1 (Unreleased)
+## 12.17.0b1 (2024-08-07)
 
 ### Features Added
+- Added support for service version 2024-11-04.
 
+### Other Changes
+- Bumped minimum `azure-core` dependency to 1.30.0.
 
 ## 12.16.0 (2024-07-18)
 

sdk/storage/azure-storage-file-datalake/azure/storage/filedatalake/_serialize.py

@@ -35,6 +35,7 @@
     '2023-11-03',
     '2024-05-04',
     '2024-08-04',
+    '2024-11-04',
 ]  # This list must be in chronological order!
 
 

sdk/storage/azure-storage-file-datalake/azure/storage/filedatalake/_shared/shared_access_signature.py

@@ -107,8 +107,17 @@ def __init__(self, account_name, account_key, x_ms_version=X_MS_VERSION):
         self.account_key = account_key
         self.x_ms_version = x_ms_version
 
-    def generate_account(self, services, resource_types, permission, expiry, start=None,
-                         ip=None, protocol=None, **kwargs) -> str:
+    def generate_account(
+        self, services,
+        resource_types,
+        permission,
+        expiry,
+        start=None,
+        ip=None,
+        protocol=None,
+        sts_hook=None,
+        **kwargs
+    ) -> str:
         '''
         Generates a shared access signature for the account.
         Use the returned signature with the sas_token parameter of the service
@@ -152,6 +161,10 @@ def generate_account(self, services, resource_types, permission, expiry, start=N
         :keyword str encryption_scope:
             Optional. If specified, this is the encryption scope to use when sending requests
             authorized with this SAS URI.
+        :param sts_hook:
+            For debugging purposes only. If provided, the hook is called with the string to sign
+            that was used to generate the SAS.
+        :type sts_hook: Optional[Callable[[str], None]]
         :returns: The generated SAS token for the account.
         :rtype: str
         '''
@@ -161,12 +174,16 @@ def generate_account(self, services, resource_types, permission, expiry, start=N
         sas.add_encryption_scope(**kwargs)
         sas.add_account_signature(self.account_name, self.account_key)
 
+        if sts_hook is not None:
+            sts_hook(sas.string_to_sign)
+
         return sas.get_token()
 
 
 class _SharedAccessHelper(object):
     def __init__(self):
         self.query_dict = {}
+        self.string_to_sign = ""
 
     def _add_query(self, name, val):
         if val:
@@ -229,6 +246,7 @@ def get_value_to_append(query):
 
         self._add_query(QueryStringConstants.SIGNED_SIGNATURE,
                         sign_string(account_key, string_to_sign))
+        self.string_to_sign = string_to_sign
 
     def get_token(self) -> str:
         return '&'.join([f'{n}={url_quote(v)}' for n, v in self.query_dict.items() if v is not None])