filedatalake Package
Packages
| aio |
Classes
| AccessControlChangeCounters |
AccessControlChangeCounters contains counts of operations that change Access Control Lists recursively. |
| AccessControlChangeFailure |
Represents an entry that failed to update Access Control List. |
| AccessControlChangeResult |
AccessControlChangeResult contains result of operations that change Access Control Lists recursively. |
| AccessControlChanges |
AccessControlChanges contains batch and cumulative counts of operations that change Access Control Lists recursively. Additionally it exposes path entries that failed to update while these operations progress. |
| AccessPolicy |
Access Policy class used by the set and get access policy methods in each service. A stored access policy can specify the start time, expiry time, and permissions for the Shared Access Signatures with which it's associated. Depending on how you want to control access to your resource, you can specify all of these parameters within the stored access policy, and omit them from the URL for the Shared Access Signature. Doing so permits you to modify the associated signature's behavior at any time, as well as to revoke it. Or you can specify one or more of the access policy parameters within the stored access policy, and the others on the URL. Finally, you can specify all of the parameters on the URL. In this case, you can use the stored access policy to revoke the signature, but not to modify its behavior. Together the Shared Access Signature and the stored access policy must include all fields required to authenticate the signature. If any required fields are missing, the request will fail. Likewise, if a field is specified both in the Shared Access Signature URL and in the stored access policy, the request will fail with status code 400 (Bad Request). |
| AccountSasPermissions | |
| AnalyticsLogging |
Azure Analytics Logging settings. |
| ArrowDialect |
field of an arrow schema. All required parameters must be populated in order to send to Azure. |
| ContentSettings |
The content settings of a file or directory. |
| CorsRule |
CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain. |
| CustomerProvidedEncryptionKey |
All data in Azure Storage is encrypted at-rest using an account-level encryption key. In versions 2021-06-08 and newer, you can manage the key used to encrypt file contents and application metadata per-file by providing an AES-256 encryption key in requests to the storage service. When you use a customer-provided key, Azure Storage does not manage or persist your key. When writing data to a file, the provided key is used to encrypt your data before writing it to disk. A SHA-256 hash of the encryption key is written alongside the file contents, and is used to verify that all subsequent operations against the file use the same encryption key. This hash cannot be used to retrieve the encryption key or decrypt the contents of the file. When reading a file, the provided key is used to decrypt your data after reading it from disk. In both cases, the provided encryption key is securely discarded as soon as the encryption or decryption process completes. |
| DataLakeDirectoryClient |
A client to interact with the DataLake directory, even if the directory may not yet exist. For operations relating to a specific subdirectory or file under the directory, a directory client or file client can be retrieved using the get_sub_directory_client or get_file_client functions. |
| DataLakeFileClient |
A client to interact with the DataLake file, even if the file may not yet exist. |
| DataLakeFileQueryError |
The error happened during quick query operation. |
| DataLakeLeaseClient |
Creates a new DataLakeLeaseClient. This client provides lease operations on a FileSystemClient, DataLakeDirectoryClient or DataLakeFileClient. |
| DataLakeServiceClient |
A client to interact with the DataLake Service at the account level. This client provides operations to retrieve and configure the account properties as well as list, create and delete file systems within the account. For operations relating to a specific file system, directory or file, clients for those entities can also be retrieved using the get_client functions. |
| DeletedPathProperties |
Properties populated for a deleted path. |
| DelimitedJsonDialect |
Defines the input or output JSON serialization for a datalake query. |
| DelimitedTextDialect |
Defines the input or output delimited (CSV) serialization for a datalake query request. |
| DirectoryProperties | |
| DirectorySasPermissions |
DirectorySasPermissions class to be used with the generate_directory_sas function. |
| EncryptionScopeOptions |
The default encryption scope configuration for a file system. This scope is used implicitly for all future writes within the file system, but can be overridden per blob operation. New in version 12.9.0. |
| ExponentialRetry |
Exponential retry. Constructs an Exponential retry object. The initial_backoff is used for the first retry. Subsequent retries are retried after initial_backoff + increment_power^retry_count seconds. |
| FileProperties | |
| FileSasPermissions |
FileSasPermissions class to be used with the generate_file_sas function. |
| FileSystemClient |
A client to interact with a specific file system, even if that file system may not yet exist. For operations relating to a specific directory or file within this file system, a directory client or file client can be retrieved using the get_directory_client or get_file_client functions. |
| FileSystemProperties |
File System properties class. Returned |
| FileSystemPropertiesPaged |
An Iterable of File System properties. |
| FileSystemSasPermissions |
FileSystemSasPermissions class to be used with the generate_file_system_sas function. |
| LeaseProperties |
DataLake Lease Properties. |
| LinearRetry |
Linear retry. Constructs a Linear retry object. |
| LocationMode |
Specifies the location the request should be sent to. This mode only applies for RA-GRS accounts which allow secondary read access. All other account types must use PRIMARY. |
| Metrics |
A summary of request statistics grouped by API in hour or minute aggregates. |
| PathProperties |
Path properties listed by get_paths api. |
| ResourceTypes |
Specifies the resource types that are accessible with the account SAS. |
| RetentionPolicy |
The retention policy which determines how long the associated data should persist. |
| Services |
Specifies the services accessible with the account SAS. |
| StaticWebsite |
The properties that enable an account to host a static website. |
| StorageStreamDownloader |
A streaming object to download from Azure Storage. |
| UserDelegationKey |
Represents a user delegation key, provided to the user by Azure Storage based on their Azure Active Directory access token. The fields are saved as simple strings since the user does not have to interact with this object; to generate an identify SAS, the user can simply pass it to the right API. |
Enums
| ArrowType | |
| PublicAccess |
Specifies whether data in the file system may be accessed publicly and the level of access. |
| QuickQueryDialect |
Specifies the quick query input/output dialect. |
| StorageErrorCode |
Functions
generate_account_sas
Generates a shared access signature for the DataLake service.
Use the returned signature as the credential parameter of any DataLakeServiceClient, FileSystemClient, DataLakeDirectoryClient or DataLakeFileClient.
generate_account_sas(account_name: str, account_key: str, resource_types: ResourceTypes | str, permission: AccountSasPermissions | str, expiry: datetime | str, *, services: ~azure.storage.filedatalake._shared.models.Services | str = <azure.storage.filedatalake._shared.models.Services object>, sts_hook: ~typing.Callable[[str], None] | None = None, **kwargs: ~typing.Any) -> strParameters
| Name | Description |
|---|---|
|
account_name
Required
|
The storage account name used to generate the shared access signature. |
|
account_key
Required
|
The access key to generate the shared access signature. |
|
resource_types
Required
|
str or
ResourceTypes
Specifies the resource types that are accessible with the account SAS. |
|
permission
Required
|
The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. |
|
expiry
Required
|
The time at which the shared access signature becomes invalid. The provided datetime will always be interpreted as UTC. |
Keyword-Only Parameters
| Name | Description |
|---|---|
|
start
|
The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC. |
|
ip
|
Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses. |
|
services
|
Specifies the services that the Shared Access Signature (sas) token will be able to be utilized with. Will default to only this package (i.e. blobs) if not provided. Default value: b
|
|
protocol
|
Specifies the protocol permitted for a request made. The default value is https. |
|
encryption_scope
|
Specifies the encryption scope for a request made so that all write operations will be service encrypted. |
|
sts_hook
|
For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS. |
Returns
| Type | Description |
|---|---|
|
A Shared Access Signature (sas) token. |
generate_directory_sas
Generates a shared access signature for a directory.
Use the returned signature with the credential parameter of any DataLakeServiceClient, FileSystemClient, DataLakeDirectoryClient or DataLakeFileClient.
generate_directory_sas(account_name: str, file_system_name: str, directory_name: str, credential: str | UserDelegationKey, permission: DirectorySasPermissions | str | None = None, expiry: datetime | str | None = None, *, sts_hook: Callable[[str], None] | None = None, **kwargs: Any) -> strParameters
| Name | Description |
|---|---|
|
account_name
Required
|
The storage account name used to generate the shared access signature. |
|
file_system_name
Required
|
The name of the file system. |
|
directory_name
Required
|
The name of the directory. |
|
credential
Required
|
Credential could be either account key or user delegation key. If use account key is used as credential, then the credential type should be a str. Instead of an account key, the user could also pass in a user delegation key. A user delegation key can be obtained from the service by authenticating with an AAD identity; this can be accomplished by calling get_user_delegation_key. When present, the SAS is signed with the user delegation key instead. |
|
permission
|
The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered racwdlmeop. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Default value: None
|
|
expiry
|
The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC. Default value: None
|
Keyword-Only Parameters
| Name | Description |
|---|---|
|
start
|
The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC. |
|
policy_id
|
A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_file_system_access_policy. |
|
ip
|
Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses. |
|
protocol
|
Specifies the protocol permitted for a request made. The default value is https. |
|
cache_control
|
Response header value for Cache-Control when resource is accessed using this shared access signature. |
|
content_disposition
|
Response header value for Content-Disposition when resource is accessed using this shared access signature. |
|
content_encoding
|
Response header value for Content-Encoding when resource is accessed using this shared access signature. |
|
content_language
|
Response header value for Content-Language when resource is accessed using this shared access signature. |
|
content_type
|
Response header value for Content-Type when resource is accessed using this shared access signature. |
|
preauthorized_agent_object_id
|
The AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the agent object id will be performed. |
|
agent_object_id
|
The AAD object ID of a user assumed to be unauthorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access and the service will perform an additional POSIX ACL check to determine if this user is authorized to perform the requested operation. |
|
correlation_id
|
The correlation id to correlate the storage audit logs with the audit logs used by the principal generating and distributing the SAS. |
|
encryption_scope
|
Specifies the encryption scope for a request made so that all write operations will be service encrypted. |
|
sts_hook
|
For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS. |
Returns
| Type | Description |
|---|---|
|
A Shared Access Signature (sas) token. |
generate_file_sas
Generates a shared access signature for a file.
Use the returned signature with the credential parameter of any BDataLakeServiceClient, FileSystemClient, DataLakeDirectoryClient or DataLakeFileClient.
generate_file_sas(account_name: str, file_system_name: str, directory_name: str, file_name: str, credential: str | UserDelegationKey, permission: FileSasPermissions | str | None = None, expiry: datetime | str | None = None, *, sts_hook: Callable[[str], None] | None = None, **kwargs: Any) -> strParameters
| Name | Description |
|---|---|
|
account_name
Required
|
The storage account name used to generate the shared access signature. |
|
file_system_name
Required
|
The name of the file system. |
|
directory_name
Required
|
The name of the directory. |
|
file_name
Required
|
The name of the file. |
|
credential
Required
|
Credential could be either account key or user delegation key. If use account key is used as credential, then the credential type should be a str. Instead of an account key, the user could also pass in a user delegation key. A user delegation key can be obtained from the service by authenticating with an AAD identity; this can be accomplished by calling get_user_delegation_key. When present, the SAS is signed with the user delegation key instead. |
|
permission
|
The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered racwdlmeop. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Default value: None
|
|
expiry
|
The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC. Default value: None
|
Keyword-Only Parameters
| Name | Description |
|---|---|
|
start
|
The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC. |
|
policy_id
|
A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_file_system_access_policy. |
|
ip
|
Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses. |
|
protocol
|
Specifies the protocol permitted for a request made. The default value is https. |
|
cache_control
|
Response header value for Cache-Control when resource is accessed using this shared access signature. |
|
content_disposition
|
Response header value for Content-Disposition when resource is accessed using this shared access signature. |
|
content_encoding
|
Response header value for Content-Encoding when resource is accessed using this shared access signature. |
|
content_language
|
Response header value for Content-Language when resource is accessed using this shared access signature. |
|
content_type
|
Response header value for Content-Type when resource is accessed using this shared access signature. |
|
preauthorized_agent_object_id
|
The AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the agent object id will be performed. |
|
agent_object_id
|
The AAD object ID of a user assumed to be unauthorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access and the service will perform an additional POSIX ACL check to determine if this user is authorized to perform the requested operation. |
|
correlation_id
|
The correlation id to correlate the storage audit logs with the audit logs used by the principal generating and distributing the SAS. This can only be used when generating a SAS with delegation key. |
|
encryption_scope
|
Specifies the encryption scope for a request made so that all write operations will be service encrypted. |
|
sts_hook
|
For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS. |
Returns
| Type | Description |
|---|---|
|
A Shared Access Signature (sas) token. |
generate_file_system_sas
Generates a shared access signature for a file system.
Use the returned signature with the credential parameter of any DataLakeServiceClient, FileSystemClient, DataLakeDirectoryClient or DataLakeFileClient.
generate_file_system_sas(account_name: str, file_system_name: str, credential: str | UserDelegationKey, permission: FileSystemSasPermissions | str | None = None, expiry: datetime | str | None = None, *, sts_hook: Callable[[str], None] | None = None, **kwargs: Any) -> strParameters
| Name | Description |
|---|---|
|
account_name
Required
|
The storage account name used to generate the shared access signature. |
|
file_system_name
Required
|
The name of the file system. |
|
credential
Required
|
Credential could be either account key or user delegation key. If use account key is used as credential, then the credential type should be a str. Instead of an account key, the user could also pass in a user delegation key. A user delegation key can be obtained from the service by authenticating with an AAD identity; this can be accomplished by calling get_user_delegation_key. When present, the SAS is signed with the user delegation key instead. |
|
permission
|
The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered racwdlmeop. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Default value: None
|
|
expiry
|
The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC. Default value: None
|
Keyword-Only Parameters
| Name | Description |
|---|---|
|
start
|
The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC. |
|
policy_id
|
A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_file_system_access_policy. |
|
ip
|
Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses. |
|
protocol
|
Specifies the protocol permitted for a request made. The default value is https. |
|
cache_control
|
Response header value for Cache-Control when resource is accessed using this shared access signature. |
|
content_disposition
|
Response header value for Content-Disposition when resource is accessed using this shared access signature. |
|
content_encoding
|
Response header value for Content-Encoding when resource is accessed using this shared access signature. |
|
content_language
|
Response header value for Content-Language when resource is accessed using this shared access signature. |
|
content_type
|
Response header value for Content-Type when resource is accessed using this shared access signature. |
|
preauthorized_agent_object_id
|
The AAD object ID of a user assumed to be authorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access but no additional permission check for the agent object id will be performed. |
|
agent_object_id
|
The AAD object ID of a user assumed to be unauthorized by the owner of the user delegation key to perform the action granted by the SAS token. The service will validate the SAS token and ensure that the owner of the user delegation key has the required permissions before granting access and the service will perform an additional POSIX ACL check to determine if this user is authorized to perform the requested operation. |
|
correlation_id
|
The correlation id to correlate the storage audit logs with the audit logs used by the principal generating and distributing the SAS. |
|
encryption_scope
|
Specifies the encryption scope for a request made so that all write operations will be service encrypted. |
|
sts_hook
|
For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS. |
Returns
| Type | Description |
|---|---|
|
A Shared Access Signature (sas) token. |
Azure SDK for Python