import * as pulumi from "@pulumi/pulumi"; import * as inputs from "../types/input"; import * as outputs from "../types/output"; /** * Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account. * * Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account. * * Note that this is an [Account SAS](https://docs.microsoft.com/rest/api/storageservices/constructing-an-account-sas) * and *not* a [Service SAS](https://docs.microsoft.com/rest/api/storageservices/constructing-a-service-sas). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const exampleResourceGroup = new azure.core.ResourceGroup("example", { * name: "resourceGroupName", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "storageaccountname", * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * accountTier: "Standard", * accountReplicationType: "GRS", * tags: { * environment: "staging", * }, * }); * const example = azure.storage.getAccountSASOutput({ * connectionString: exampleAccount.primaryConnectionString, * httpsOnly: true, * signedVersion: "2022-11-02", * resourceTypes: { * service: true, * container: false, * object: false, * }, * services: { * blob: true, * queue: false, * table: false, * file: false, * }, * start: "2018-03-21T00:00:00Z", * expiry: "2020-03-21T00:00:00Z", * permissions: { * read: true, * write: true, * "delete": false, * list: false, * add: true, * create: true, * update: false, * process: false, * tag: false, * filter: false, * }, * }); * export const sasUrlQueryString = example.apply(example => example.sas); * ``` */ export declare function getAccountSAS(args: GetAccountSASArgs, opts?: pulumi.InvokeOptions): Promise; /** * A collection of arguments for invoking getAccountSAS. */ export interface GetAccountSASArgs { /** * The connection string for the storage account to which this SAS applies. Typically directly from the `primaryConnectionString` attribute of an `azure.storage.Account` resource. */ connectionString: string; /** * The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string. * * > **Note:** The [ISO-8601 Time offset from UTC](https://en.wikipedia.org/wiki/ISO_8601#Time_offsets_from_UTC) is currently not supported by the service, which will result into 409 error. */ expiry: string; /** * Only permit `https` access. If `false`, both `http` and `https` are permitted. Defaults to `true`. */ httpsOnly?: boolean; /** * IP address, or a range of IP addresses, from which to accept requests. When specifying a range, note that the range is inclusive. */ ipAddresses?: string; /** * A `permissions` block as defined below. */ permissions?: inputs.storage.GetAccountSASPermissions; /** * A `resourceTypes` block as defined below. */ resourceTypes: inputs.storage.GetAccountSASResourceTypes; /** * A `services` block as defined below. */ services: inputs.storage.GetAccountSASServices; /** * Specifies the signed storage service version to use to authorize requests made with this account SAS. Defaults to `2022-11-02`. */ signedVersion?: string; /** * The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string. */ start: string; } /** * A collection of values returned by getAccountSAS. */ export interface GetAccountSASResult { readonly connectionString: string; readonly expiry: string; readonly httpsOnly?: boolean; /** * The provider-assigned unique ID for this managed resource. */ readonly id: string; readonly ipAddresses?: string; readonly permissions?: outputs.storage.GetAccountSASPermissions; readonly resourceTypes: outputs.storage.GetAccountSASResourceTypes; /** * The computed Account Shared Access Signature (SAS). */ readonly sas: string; readonly services: outputs.storage.GetAccountSASServices; readonly signedVersion?: string; readonly start: string; } /** * Use this data source to obtain a Shared Access Signature (SAS Token) for an existing Storage Account. * * Shared access signatures allow fine-grained, ephemeral access control to various aspects of an Azure Storage Account. * * Note that this is an [Account SAS](https://docs.microsoft.com/rest/api/storageservices/constructing-an-account-sas) * and *not* a [Service SAS](https://docs.microsoft.com/rest/api/storageservices/constructing-a-service-sas). * * ## Example Usage * * ```typescript * import * as pulumi from "@pulumi/pulumi"; * import * as azure from "@pulumi/azure"; * * const exampleResourceGroup = new azure.core.ResourceGroup("example", { * name: "resourceGroupName", * location: "West Europe", * }); * const exampleAccount = new azure.storage.Account("example", { * name: "storageaccountname", * resourceGroupName: exampleResourceGroup.name, * location: exampleResourceGroup.location, * accountTier: "Standard", * accountReplicationType: "GRS", * tags: { * environment: "staging", * }, * }); * const example = azure.storage.getAccountSASOutput({ * connectionString: exampleAccount.primaryConnectionString, * httpsOnly: true, * signedVersion: "2022-11-02", * resourceTypes: { * service: true, * container: false, * object: false, * }, * services: { * blob: true, * queue: false, * table: false, * file: false, * }, * start: "2018-03-21T00:00:00Z", * expiry: "2020-03-21T00:00:00Z", * permissions: { * read: true, * write: true, * "delete": false, * list: false, * add: true, * create: true, * update: false, * process: false, * tag: false, * filter: false, * }, * }); * export const sasUrlQueryString = example.apply(example => example.sas); * ``` */ export declare function getAccountSASOutput(args: GetAccountSASOutputArgs, opts?: pulumi.InvokeOutputOptions): pulumi.Output; /** * A collection of arguments for invoking getAccountSAS. */ export interface GetAccountSASOutputArgs { /** * The connection string for the storage account to which this SAS applies. Typically directly from the `primaryConnectionString` attribute of an `azure.storage.Account` resource. */ connectionString: pulumi.Input; /** * The expiration time and date of this SAS. Must be a valid ISO-8601 format time/date string. * * > **Note:** The [ISO-8601 Time offset from UTC](https://en.wikipedia.org/wiki/ISO_8601#Time_offsets_from_UTC) is currently not supported by the service, which will result into 409 error. */ expiry: pulumi.Input; /** * Only permit `https` access. If `false`, both `http` and `https` are permitted. Defaults to `true`. */ httpsOnly?: pulumi.Input; /** * IP address, or a range of IP addresses, from which to accept requests. When specifying a range, note that the range is inclusive. */ ipAddresses?: pulumi.Input; /** * A `permissions` block as defined below. */ permissions?: pulumi.Input; /** * A `resourceTypes` block as defined below. */ resourceTypes: pulumi.Input; /** * A `services` block as defined below. */ services: pulumi.Input; /** * Specifies the signed storage service version to use to authorize requests made with this account SAS. Defaults to `2022-11-02`. */ signedVersion?: pulumi.Input; /** * The starting time and date of validity of this SAS. Must be a valid ISO-8601 format time/date string. */ start: pulumi.Input; }