Breaking Changes - Permission models (#7517)

* Rename Permission related models to SasPermissions

* Rewrite Permission Models

* refactor tests

* some tests

* comment changes

* remove length checks

* QueuePermissions

* File Permissions

* blobs minor tweaks

* minor fix

* pylint fix

* pylint

sdk/storage/azure-storage-blob/azure/storage/blob/__init__.py

@@ -17,7 +17,7 @@
 from ._shared.models import(
     LocationMode,
     ResourceTypes,
-    AccountPermissions,
+    AccountSasPermissions,
     StorageErrorCode
 )
 from .models import (
@@ -43,8 +43,8 @@
     BlobBlock,
     PageRange,
     AccessPolicy,
-    ContainerPermissions,
-    BlobPermissions,
+    ContainerSasPermissions,
+    BlobSasPermissions,
 )
 
 __version__ = VERSION
@@ -82,10 +82,10 @@
     'BlobBlock',
     'PageRange',
     'AccessPolicy',
-    'ContainerPermissions',
-    'BlobPermissions',
+    'ContainerSasPermissions',
+    'BlobSasPermissions',
     'ResourceTypes',
-    'AccountPermissions',
+    'AccountSasPermissions',
     'StorageStreamDownloader',
 ]
 

sdk/storage/azure-storage-blob/azure/storage/blob/_shared/models.py

@@ -277,7 +277,7 @@ def __str__(self):
 ResourceTypes.OBJECT = ResourceTypes(object=True)
 
 
-class AccountPermissions(object):
+class AccountSasPermissions(object):
     """
     :class:`~ResourceTypes` class to be used with generate_shared_access_signature
     method and for the AccessPolicies used with set_*_acl. There are two types of
@@ -286,25 +286,6 @@ class AccountPermissions(object):
     entire service for a specific account and allow certain operations based on
     perms found here.
 
-    :cvar AccountPermissions AccountPermissions.ADD:
-        Valid for the following Object resource types only: queue messages and append blobs.
-    :cvar AccountPermissions AccountPermissions.CREATE:
-        Valid for the following Object resource types only: blobs and files. Users
-        can create new blobs or files, but may not overwrite existing blobs or files.
-    :cvar AccountPermissions AccountPermissions.DELETE:
-        Valid for Container and Object resource types, except for queue messages.
-    :cvar AccountPermissions AccountPermissions.LIST:
-        Valid for Service and Container resource types only.
-    :cvar AccountPermissions AccountPermissions.PROCESS:
-        Valid for the following Object resource type only: queue messages.
-    :cvar AccountPermissions AccountPermissions.READ:
-        Valid for all signed resources types (Service, Container, and Object).
-        Permits read permissions to the specified resource type.
-    :cvar AccountPermissions AccountPermissions.UPDATE:
-        Valid for the following Object resource types only: queue messages.
-    :cvar AccountPermissions AccountPermissions.WRITE:
-        Valid for all signed resources types (Service, Container, and Object).
-        Permits write permissions to the specified resource type.
     :param bool read:
         Valid for all signed resources types (Service, Container, and Object).
         Permits read permissions to the specified resource type.
@@ -325,57 +306,43 @@ class AccountPermissions(object):
         Valid for the following Object resource types only: queue messages.
     :param bool process:
         Valid for the following Object resource type only: queue messages.
-    :param str _str:
-        A string representing the permissions.
     """
-
-    READ = None  # type: AccountPermissions
-    WRITE = None  # type: AccountPermissions
-    DELETE = None  # type: AccountPermissions
-    LIST = None  # type: AccountPermissions
-    ADD = None  # type: AccountPermissions
-    CREATE = None  # type: AccountPermissions
-    UPDATE = None  # type: AccountPermissions
-    PROCESS = None  # type: AccountPermissions
-
     def __init__(self, read=False, write=False, delete=False, list=False,  # pylint: disable=redefined-builtin
-                 add=False, create=False, update=False, process=False, _str=None):
-        if not _str:
-            _str = ''
-        self.read = read or ('r' in _str)
-        self.write = write or ('w' in _str)
-        self.delete = delete or ('d' in _str)
-        self.list = list or ('l' in _str)
-        self.add = add or ('a' in _str)
-        self.create = create or ('c' in _str)
-        self.update = update or ('u' in _str)
-        self.process = process or ('p' in _str)
-
-    def __or__(self, other):
-        return AccountPermissions(_str=str(self) + str(other))
-
-    def __add__(self, other):
-        return AccountPermissions(_str=str(self) + str(other))
+                 add=False, create=False, update=False, process=False):
+        self.read = read
+        self.write = write
+        self.delete = delete
+        self.list = list
+        self.add = add
+        self.create = create
+        self.update = update
+        self.process = process
+        self._str = (('r' if self.read else '') +
+                     ('w' if  self.write else '') +
+                     ('d' if self.delete else '') +
+                     ('l' if self.list else '') +
+                     ('a' if self.add else '') +
+                     ('c' if self.create else '') +
+                     ('u' if self.update else '') +
+                     ('p' if self.process else ''))
 
     def __str__(self):
-        return (('r' if self.read else '') +
-                ('w' if self.write else '') +
-                ('d' if self.delete else '') +
-                ('l' if self.list else '') +
-                ('a' if self.add else '') +
-                ('c' if self.create else '') +
-                ('u' if self.update else '') +
-                ('p' if self.process else ''))
-
-
-AccountPermissions.READ = AccountPermissions(read=True)
-AccountPermissions.WRITE = AccountPermissions(write=True)
-AccountPermissions.DELETE = AccountPermissions(delete=True)
-AccountPermissions.LIST = AccountPermissions(list=True)
-AccountPermissions.ADD = AccountPermissions(add=True)
-AccountPermissions.CREATE = AccountPermissions(create=True)
-AccountPermissions.UPDATE = AccountPermissions(update=True)
-AccountPermissions.PROCESS = AccountPermissions(process=True)
+        return self._str
+
+    @classmethod
+    def from_string(cls, permission):
+        p_read = 'r' in permission
+        p_write = 'w' in permission
+        p_delete = 'd' in permission
+        p_list = 'l' in permission
+        p_add = 'a' in permission
+        p_create = 'c' in permission
+        p_update = 'u' in permission
+        p_process = 'p' in permission
+
+        parsed = cls(p_read, p_write, p_delete, p_list, p_add, p_create, p_update, p_process)
+        parsed._str = permission # pylint: disable = protected-access
+        return parsed
 
 
 class Services(object):

sdk/storage/azure-storage-blob/azure/storage/blob/_shared/shared_access_signature.py

@@ -103,7 +103,7 @@ def generate_account(self, services, resource_types, permission, expiry, start=N
             Specifies the resource types that are accessible with the account
             SAS. You can combine values to provide access to more than one
             resource type.
-        :param AccountPermissions permission:
+        :param AccountSasPermissions permission:
             The permissions associated with the shared access signature. The
             user is restricted to operations allowed by the permissions.
             Required unless an id is given referencing a stored access policy

sdk/storage/azure-storage-blob/azure/storage/blob/_shared_access_signature.py

@@ -52,7 +52,7 @@ def generate_blob(self, container_name, blob_name, snapshot=None, permission=Non
         :param str snapshot:
             The snapshot parameter is an opaque DateTime value that,
             when present, specifies the blob snapshot to grant permission.
-        :param BlobPermissions permission:
+        :param BlobSasPermissions permission:
             The permissions associated with the shared access signature. The
             user is restricted to operations allowed by the permissions.
             Permissions must be ordered read, write, delete, list.
@@ -129,7 +129,7 @@ def generate_container(self, container_name, permission=None, expiry=None,
 
         :param str container_name:
             Name of container.
-        :param ContainerPermissions permission:
+        :param ContainerSasPermissions permission:
             The permissions associated with the shared access signature. The
             user is restricted to operations allowed by the permissions.
             Permissions must be ordered read, write, delete, list.

sdk/storage/azure-storage-blob/azure/storage/blob/aio/__init__.py

@@ -8,7 +8,7 @@
 from .._shared.models import(
     LocationMode,
     ResourceTypes,
-    AccountPermissions,
+    AccountSasPermissions,
     StorageErrorCode
 )
 from ..models import (
@@ -31,8 +31,8 @@
     BlobBlock,
     PageRange,
     AccessPolicy,
-    ContainerPermissions,
-    BlobPermissions,
+    ContainerSasPermissions,
+    BlobSasPermissions,
 )
 from .models import (
     ContainerPropertiesPaged,
@@ -78,9 +78,9 @@
     'BlobBlock',
     'PageRange',
     'AccessPolicy',
-    'ContainerPermissions',
-    'BlobPermissions',
+    'ContainerSasPermissions',
+    'BlobSasPermissions',
     'ResourceTypes',
-    'AccountPermissions',
+    'AccountSasPermissions',
     'StorageStreamDownloader',
 ]

sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_client_async.py

@@ -35,7 +35,7 @@
     from ..models import (  # pylint: disable=unused-import
         ContainerProperties,
         BlobProperties,
-        BlobPermissions,
+        BlobSasPermissions,
         ContentSettings,
         PremiumPageBlobTier,
         StandardBlobTier,

sdk/storage/azure-storage-blob/azure/storage/blob/aio/blob_service_client_async.py

@@ -31,7 +31,7 @@
     from datetime import datetime
     from azure.core.pipeline.transport import HttpTransport
     from azure.core.pipeline.policies import HTTPPolicy
-    from .._shared.models import AccountPermissions, ResourceTypes
+    from .._shared.models import AccountSasPermissions, ResourceTypes
     from .lease_async import LeaseClient
     from ..models import (
         BlobProperties,

sdk/storage/azure-storage-blob/azure/storage/blob/aio/container_client_async.py

@@ -39,7 +39,7 @@
 if TYPE_CHECKING:
     from azure.core.pipeline.transport import HttpTransport
     from azure.core.pipeline.policies import HTTPPolicy
-    from ..models import ContainerPermissions, PublicAccess
+    from ..models import ContainerSasPermissions, PublicAccess
     from datetime import datetime
     from ..models import ( # pylint: disable=unused-import
         AccessPolicy,

sdk/storage/azure-storage-blob/azure/storage/blob/blob_client.py

@@ -57,7 +57,7 @@
     from .models import (  # pylint: disable=unused-import
         ContainerProperties,
         BlobProperties,
-        BlobPermissions,
+        BlobSasPermissions,
         ContentSettings,
         PremiumPageBlobTier,
         StandardBlobTier,
@@ -227,7 +227,7 @@ def from_connection_string(
             account_url, container=container, blob=blob, snapshot=snapshot, credential=credential, **kwargs)
 
     def generate_shared_access_signature(
-            self, permission=None,  # type: Optional[Union[BlobPermissions, str]]
+            self, permission=None,  # type: Optional[Union[BlobSasPermissions, str]]
             expiry=None,  # type: Optional[Union[datetime, str]]
             start=None,  # type: Optional[Union[datetime, str]]
             policy_id=None,  # type: Optional[str]
@@ -254,7 +254,7 @@ def generate_shared_access_signature(
             Required unless an id is given referencing a stored access policy
             which contains this field. This field must be omitted if it has been
             specified in an associated stored access policy.
-        :type permission: str or ~azure.storage.blob.models.BlobPermissions
+        :type permission: str or ~azure.storage.blob.models.BlobSasPermissions
         :param expiry:
             The time at which the shared access signature becomes invalid.
             Required unless an id is given referencing a stored access policy

sdk/storage/azure-storage-blob/azure/storage/blob/blob_service_client.py

@@ -34,7 +34,7 @@
     from datetime import datetime
     from azure.core.pipeline.transport import HttpTransport
     from azure.core.pipeline.policies import HTTPPolicy
-    from ._shared.models import AccountPermissions, ResourceTypes
+    from ._shared.models import AccountSasPermissions, ResourceTypes
     from .lease import LeaseClient
     from .models import (
         BlobProperties,
@@ -159,7 +159,7 @@ def from_connection_string(
 
     def generate_shared_access_signature(
             self, resource_types,  # type: Union[ResourceTypes, str]
-            permission,  # type: Union[AccountPermissions, str]
+            permission,  # type: Union[AccountSasPermissions, str]
             expiry,  # type: Optional[Union[datetime, str]]
             start=None,  # type: Optional[Union[datetime, str]]
             ip=None,  # type: Optional[str]
@@ -179,7 +179,7 @@ def generate_shared_access_signature(
             Required unless an id is given referencing a stored access policy
             which contains this field. This field must be omitted if it has been
             specified in an associated stored access policy.
-        :type permission: str or ~azure.storage.blob.models.AccountPermissions
+        :type permission: str or ~azure.storage.blob.models.AccountSasPermissions
         :param expiry:
             The time at which the shared access signature becomes invalid.
             Required unless an id is given referencing a stored access policy

sdk/storage/azure-storage-blob/azure/storage/blob/container_client.py

@@ -48,7 +48,7 @@
 if TYPE_CHECKING:
     from azure.core.pipeline.transport import HttpTransport  # pylint: disable=ungrouped-imports
     from azure.core.pipeline.policies import HTTPPolicy # pylint: disable=ungrouped-imports
-    from .models import ContainerPermissions, PublicAccess
+    from .models import ContainerSasPermissions, PublicAccess
     from datetime import datetime
     from .models import ( # pylint: disable=unused-import
         AccessPolicy,
@@ -187,7 +187,7 @@ def from_connection_string(
             account_url, container=container, credential=credential, **kwargs)
 
     def generate_shared_access_signature(
-            self, permission=None,  # type: Optional[Union[ContainerPermissions, str]]
+            self, permission=None,  # type: Optional[Union[ContainerSasPermissions, str]]
             expiry=None,  # type: Optional[Union[datetime, str]]
             start=None,  # type: Optional[Union[datetime, str]]
             policy_id=None,  # type: Optional[str]
@@ -213,7 +213,7 @@ def generate_shared_access_signature(
             Required unless an id is given referencing a stored access policy
             which contains this field. This field must be omitted if it has been
             specified in an associated stored access policy.
-        :type permission: str or ~azure.storage.blob.models.ContainerPermissions
+        :type permission: str or ~azure.storage.blob.models.ContainerSasPermissions
         :param expiry:
             The time at which the shared access signature becomes invalid.
             Required unless an id is given referencing a stored access policy