Share via

SASQueryParameters class

  • Reference
Package:
@azure/storage-file-datalake

Represents the components that make up an Azure Storage SAS' query parameters. This type is not constructed directly by the user; it is only generated by the AccountSASSignatureValues and <xref:BlobSASSignatureValues> types. Once generated, it can be encoded into a toString() and appended to a URL directly (though caution should be taken here in case there are existing query parameters, which might affect the appropriate means of appending these query parameters).

NOTE: Instances of this class are immutable.

Constructors

SASQueryParameters(string, string, SASQueryParametersOptions)

Creates an instance of SASQueryParameters.
SASQueryParameters(string, string, string, string, string, SASProtocol, Date, Date, SasIPRange, string, string, string, string, string, string, string, UserDelegationKey, number, string, string, string, string)

Creates an instance of SASQueryParameters.

Properties

agentObjectId

Unauthorized AAD Object ID in GUID format. The AAD Object ID of a user that is assumed to be unauthorized by the owner of the User Delegation Key. The Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with <xref:signedAuthorizedUserObjectId>. This is only used for User Delegation SAS.
cacheControl

Value for cache-control header in Blob/File Service SAS.
contentDisposition

Value for content-disposition header in Blob/File Service SAS.
contentEncoding

Value for content-encoding header in Blob/File Service SAS.
contentLanguage

Value for content-length header in Blob/File Service SAS.
contentType

Value for content-type header in Blob/File Service SAS.
correlationId

A GUID value that will be logged in the storage diagnostic logs and can be used to correlate SAS generation with storage resource access. This is only used for User Delegation SAS.
directoryDepth

Indicate the depth of the directory specified in the canonicalizedresource field of the string-to-sign. The depth of the directory is the number of directories beneath the root folder.
encryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.
expiresOn

Optional only when identifier is provided. The expiry time for this SAS token.
identifier

Optional. The signed identifier (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/en-us/rest/api/storageservices/establishing-a-stored-access-policy
ipRange

Optional. IP range allowed for this SAS.
permissions

Optional only when identifier is provided. Please refer to AccountSASPermissions, <xref:BlobSASPermissions>, or <xref:ContainerSASPermissions> for more details.
preauthorizedAgentObjectId

Authorized AAD Object ID in GUID format. The AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with <xref:signedUnauthorizedUserObjectId>. This is only used for User Delegation SAS.
protocol

Optional. The allowed HTTP protocol(s).
resource

Optional. Specifies which resources are accessible via the SAS (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/rest/api/storageservices/create-service-sas#specifying-the-signed-resource-blob-service-only
resourceTypes

Optional. The storage resource types being accessed (only for Account SAS). Please refer to AccountSASResourceTypes for more details.
services

Optional. The storage services being accessed (only for Account SAS). Please refer to AccountSASServices for more details.
signature

The signature for the SAS token.
startsOn

Optional. The start time for this SAS token.
version

The storage API version.

Methods

toString()

Encodes all SAS query parameters into a string that can be appended to a URL.

Constructor Details

SASQueryParameters(string, string, SASQueryParametersOptions)

Creates an instance of SASQueryParameters.

new SASQueryParameters(version: string, signature: string, options?: SASQueryParametersOptions)

Parameters

version

string

Representing the storage version

signature

string

Representing the signature for the SAS token

options
SASQueryParametersOptions

Optional. Options to construct the SASQueryParameters.

SASQueryParameters(string, string, string, string, string, SASProtocol, Date, Date, SasIPRange, string, string, string, string, string, string, string, UserDelegationKey, number, string, string, string, string)

Creates an instance of SASQueryParameters.

new SASQueryParameters(version: string, signature: string, permissions?: string, services?: string, resourceTypes?: string, protocol?: SASProtocol, startsOn?: Date, expiresOn?: Date, ipRange?: SasIPRange, identifier?: string, resource?: string, cacheControl?: string, contentDisposition?: string, contentEncoding?: string, contentLanguage?: string, contentType?: string, userDelegationKey?: UserDelegationKey, directoryDepth?: number, preauthorizedAgentObjectId?: string, agentObjectId?: string, correlationId?: string, encryptionScope?: string)

Parameters

version

string

Representing the storage version

signature

string

Representing the signature for the SAS token

permissions

string

Representing the storage permissions

services

string

Representing the storage services being accessed (only for Account SAS)

resourceTypes

string

Representing the storage resource types being accessed (only for Account SAS)

protocol
SASProtocol

Representing the allowed HTTP protocol(s)

startsOn

Date

Representing the start time for this SAS token

expiresOn

Date

Representing the expiry time for this SAS token

ipRange
SasIPRange

Representing the range of valid IP addresses for this SAS token

identifier

string

Representing the signed identifier (only for Service SAS)

resource

string

Representing the storage container or blob (only for Service SAS)

cacheControl

string

Representing the cache-control header (only for Blob/File Service SAS)

contentDisposition

string

Representing the content-disposition header (only for Blob/File Service SAS)

contentEncoding

string

Representing the content-encoding header (only for Blob/File Service SAS)

contentLanguage

string

Representing the content-language header (only for Blob/File Service SAS)

contentType

string

Representing the content-type header (only for Blob/File Service SAS)

userDelegationKey
UserDelegationKey

Representing the user delegation key properties

directoryDepth

number

preauthorizedAgentObjectId

string

Representing the authorized AAD Object ID (only for User Delegation SAS)

agentObjectId

string

Representing the unauthorized AAD Object ID (only for User Delegation SAS)

correlationId

string

Representing the correlation ID (only for User Delegation SAS)

encryptionScope

string

Property Details

agentObjectId

Unauthorized AAD Object ID in GUID format. The AAD Object ID of a user that is assumed to be unauthorized by the owner of the User Delegation Key. The Azure Storage Service will perform an additional POSIX ACL check to determine if the user is authorized to perform the requested operation. This cannot be used in conjuction with <xref:signedAuthorizedUserObjectId>. This is only used for User Delegation SAS.

agentObjectId?: string

Property Value

string

cacheControl

Value for cache-control header in Blob/File Service SAS.

cacheControl?: string

Property Value

string

contentDisposition

Value for content-disposition header in Blob/File Service SAS.

contentDisposition?: string

Property Value

string

contentEncoding

Value for content-encoding header in Blob/File Service SAS.

contentEncoding?: string

Property Value

string

contentLanguage

Value for content-length header in Blob/File Service SAS.

contentLanguage?: string

Property Value

string

contentType

Value for content-type header in Blob/File Service SAS.

contentType?: string

Property Value

string

correlationId

A GUID value that will be logged in the storage diagnostic logs and can be used to correlate SAS generation with storage resource access. This is only used for User Delegation SAS.

correlationId?: string

Property Value

string

directoryDepth

Indicate the depth of the directory specified in the canonicalizedresource field of the string-to-sign. The depth of the directory is the number of directories beneath the root folder.

directoryDepth?: number

Property Value

number

encryptionScope

Optional. Encryption scope to use when sending requests authorized with this SAS URI.

encryptionScope?: string

Property Value

string

expiresOn

Optional only when identifier is provided. The expiry time for this SAS token.

expiresOn?: Date

Property Value

Date

identifier

Optional. The signed identifier (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/en-us/rest/api/storageservices/establishing-a-stored-access-policy

identifier?: string

Property Value

string

ipRange

Optional. IP range allowed for this SAS.

undefined | SasIPRange ipRange

Property Value

undefined | SasIPRange

permissions

Optional only when identifier is provided. Please refer to AccountSASPermissions, <xref:BlobSASPermissions>, or <xref:ContainerSASPermissions> for more details.

permissions?: string

Property Value

string

preauthorizedAgentObjectId

Authorized AAD Object ID in GUID format. The AAD Object ID of a user authorized by the owner of the User Delegation Key to perform the action granted by the SAS. The Azure Storage service will ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the user specified in this value will be performed. This cannot be used in conjuction with <xref:signedUnauthorizedUserObjectId>. This is only used for User Delegation SAS.

preauthorizedAgentObjectId?: string

Property Value

string

protocol

Optional. The allowed HTTP protocol(s).

protocol?: SASProtocol

Property Value

SASProtocol

resource

Optional. Specifies which resources are accessible via the SAS (only for <xref:BlobSASSignatureValues>).

See https://docs.microsoft.com/rest/api/storageservices/create-service-sas#specifying-the-signed-resource-blob-service-only

resource?: string

Property Value

string

resourceTypes

Optional. The storage resource types being accessed (only for Account SAS). Please refer to AccountSASResourceTypes for more details.

resourceTypes?: string

Property Value

string

services

Optional. The storage services being accessed (only for Account SAS). Please refer to AccountSASServices for more details.

services?: string

Property Value

string

signature

The signature for the SAS token.

signature: string

Property Value

string

startsOn

Optional. The start time for this SAS token.

startsOn?: Date

Property Value

Date

version

The storage API version.

version: string

Property Value

string

Method Details

toString()

Encodes all SAS query parameters into a string that can be appended to a URL.

function toString(): string

Returns

string