queue Package

Packages

aio

Classes

AccessPolicy

Access Policy class used by the set and get access policy methods.

A stored access policy can specify the start time, expiry time, and permissions for the Shared Access Signatures with which it's associated. Depending on how you want to control access to your resource, you can specify all of these parameters within the stored access policy, and omit them from the URL for the Shared Access Signature. Doing so permits you to modify the associated signature's behavior at any time, as well as to revoke it. Or you can specify one or more of the access policy parameters within the stored access policy, and the others on the URL. Finally, you can specify all of the parameters on the URL. In this case, you can use the stored access policy to revoke the signature, but not to modify its behavior.

Together the Shared Access Signature and the stored access policy must include all fields required to authenticate the signature. If any required fields are missing, the request will fail. Likewise, if a field is specified both in the Shared Access Signature URL and in the stored access policy, the request will fail with status code 400 (Bad Request).

AccountSasPermissions

ResourceTypes class to be used with generate_account_sas function and for the AccessPolicies used with set_*_acl. There are two types of SAS which may be used to grant resource access. One is to grant access to a specific resource (resource-specific). Another is to grant access to the entire service for a specific account and allow certain operations based on perms found here.

BinaryBase64DecodePolicy

Message decoding policy for base 64-encoded messages into bytes.

Decodes base64-encoded messages to bytes. If the input content is not valid base 64, a DecodeError will be raised.

BinaryBase64EncodePolicy

Base 64 message encoding policy for binary messages.

Encodes binary messages to base 64. If the input content is not bytes, a TypeError will be raised.

CorsRule

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.

All required parameters must be populated in order to send to Azure.

ExponentialRetry

Exponential retry.

Constructs an Exponential retry object. The initial_backoff is used for the first retry. Subsequent retries are retried after initial_backoff + increment_power^retry_count seconds.

LinearRetry

Linear retry.

Constructs a Linear retry object.

LocationMode

Specifies the location the request should be sent to. This mode only applies for RA-GRS accounts which allow secondary read access. All other account types must use PRIMARY.

Metrics

A summary of request statistics grouped by API in hour or minute aggregates.

All required parameters must be populated in order to send to Azure.

QueueAnalyticsLogging

Azure Analytics Logging settings.

All required parameters must be populated in order to send to Azure.

QueueClient

A client to interact with a specific Queue.

For more optional configuration, please click here.

QueueMessage

Represents a queue message.

QueueProperties

Queue Properties.

QueueSasPermissions

QueueSasPermissions class to be used with the generate_queue_sas function and for the AccessPolicies used with set_queue_access_policy.

QueueServiceClient

A client to interact with the Queue Service at the account level.

This client provides operations to retrieve and configure the account properties as well as list, create and delete queues within the account. For operations relating to a specific queue, a client for this entity can be retrieved using the get_queue_client function.

For more optional configuration, please click here.

ResourceTypes

Specifies the resource types that are accessible with the account SAS.

RetentionPolicy

The retention policy which determines how long the associated data should persist.

All required parameters must be populated in order to send to Azure.

Services

Specifies the services accessible with the account SAS.

TextBase64DecodePolicy

Message decoding policy for base 64-encoded messages into text.

Decodes base64-encoded messages to text (unicode). If the input content is not valid base 64, a DecodeError will be raised. Message data must support UTF-8.

TextBase64EncodePolicy

Base 64 message encoding policy for text messages.

Encodes text (unicode) messages to base 64. If the input content is not text, a TypeError will be raised. Input text must support UTF-8.

Enums

StorageErrorCode

Functions

generate_account_sas

Generates a shared access signature for the queue service.

Use the returned signature with the credential parameter of any Queue Service.

generate_account_sas(account_name: str, account_key: str, resource_types: ResourceTypes | str, permission: AccountSasPermissions | str, expiry: datetime | str, start: datetime | str | None = None, ip: str | None = None, *, services: ~azure.storage.queue._shared.models.Services | str = <azure.storage.queue._shared.models.Services object>, sts_hook: ~typing.Callable[[str], None] | None = None, **kwargs: ~typing.Any) -> str

Parameters

Name Description
account_name
Required
str

The storage account name used to generate the shared access signature.

account_key
Required
str

The account key, also called shared key or access key, to generate the shared access signature.

resource_types
Required

Specifies the resource types that are accessible with the account SAS.

permission
Required

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions.

expiry
Required

The time at which the shared access signature becomes invalid. The provided datetime will always be interpreted as UTC.

start

The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC.

Default value: None
ip
str

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip=168.1.5.65 or sip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.

Default value: None

Keyword-Only Parameters

Name Description
services

Specifies the services that the Shared Access Signature (sas) token will be able to be utilized with. Will default to only this package (i.e. queue) if not provided.

Default value: q
protocol
str

Specifies the protocol permitted for a request made. The default value is https.

sts_hook

For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS.

Returns

Type Description
str

A Shared Access Signature (sas) token.

generate_queue_sas

Generates a shared access signature for a queue.

Use the returned signature with the credential parameter of any Queue Service.

generate_queue_sas(account_name: str, queue_name: str, account_key: str, permission: QueueSasPermissions | str | None = None, expiry: datetime | str | None = None, start: datetime | str | None = None, policy_id: str | None = None, ip: str | None = None, *, sts_hook: Callable[[str], None] | None = None, **kwargs: Any) -> str

Parameters

Name Description
account_name
Required
str

The storage account name used to generate the shared access signature.

queue_name
Required
str

The name of the queue.

account_key
Required
str

The account key, also called shared key or access key, to generate the shared access signature.

permission

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless a policy_id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.

Default value: None
expiry

The time at which the shared access signature becomes invalid. Required unless a policy_id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

Default value: None
start

The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. The provided datetime will always be interpreted as UTC.

Default value: None
policy_id
str

A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_queue_access_policy.

Default value: None
ip
str

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying sip='168.1.5.65' or sip='168.1.5.60-168.1.5.70' on the SAS restricts the request to those IP addresses.

Default value: None

Keyword-Only Parameters

Name Description
protocol
str

Specifies the protocol permitted for a request made. The default value is https.

sts_hook

For debugging purposes only. If provided, the hook is called with the string to sign that was used to generate the SAS.

Returns

Type Description
str

A Shared Access Signature (sas) token.

Examples

Generate a sas token.


   from azure.storage.queue import generate_queue_sas
   sas_token = generate_queue_sas(
       queue.account_name,
       queue.queue_name,
       queue.credential.account_key,
       policy_id='my-access-policy-id'
   )