blob Package

Packages

aio

Classes

BlobServiceClient

A client to interact with the Blob Service at the account level.

This client provides operations to retrieve and configure the account properties as well as list, create and delete containers within the account. For operations relating to a specific container or blob, clients for those entities can also be retrieved using the get_client functions.

For more optional configuration, please click here.

ContainerClient

A client to interact with a specific container, although that container may not yet exist.

For operations relating to a specific blob within this container, a blob client can be retrieved using the get_blob_client function.

For more optional configuration, please click here.

BlobClient

A client to interact with a specific blob, although that blob may not yet exist.

For more optional configuration, please click here.

BlobLeaseClient

Creates a new BlobLeaseClient.

This client provides lease operations on a BlobClient or ContainerClient.

UserDelegationKey

Represents a user delegation key, provided to the user by Azure Storage based on their Azure Active Directory access token.

The fields are saved as simple strings since the user does not have to interact with this object; to generate an identify SAS, the user can simply pass it to the right API.

ExponentialRetry

Exponential retry.

LinearRetry

Linear retry.

LocationMode

Specifies the location the request should be sent to. This mode only applies for RA-GRS accounts which allow secondary read access. All other account types must use PRIMARY.

ImmutabilityPolicy

Optional parameters for setting the immutability policy of a blob, blob snapshot or blob version.

New in version 12.10.0: This was introduced in API version '2020-10-02'.

BlobAnalyticsLogging

Azure Analytics Logging settings.

Metrics

A summary of request statistics grouped by API in hour or minute aggregates for blobs.

RetentionPolicy

The retention policy which determines how long the associated data should persist.

StaticWebsite

The properties that enable an account to host a static website.

CorsRule

CORS is an HTTP feature that enables a web application running under one domain to access resources in another domain. Web browsers implement a security restriction known as same-origin policy that prevents a web page from calling APIs in a different domain; CORS provides a secure way to allow one domain (the origin domain) to call APIs in another domain.

ContainerProperties

Blob container's properties class.

Returned ContainerProperties instances expose these values through a dictionary interface, for example: container_props["last_modified"]. Additionally, the container name is available as container_props["name"].

BlobProperties

Blob Properties.

BlobPrefix

An Iterable of Blob properties.

Returned from walk_blobs when a delimiter is used. Can be thought of as a virtual blob directory.

FilteredBlob

Blob info from a Filter Blobs API call.

LeaseProperties

Blob Lease Properties.

ContentSettings

The content settings of a blob.

CopyProperties

Blob Copy Properties.

These properties will be None if this blob has never been the destination in a Copy Blob operation, or if this blob has been modified after a concluded Copy Blob operation, for example, using Set Blob Properties, Upload Blob, or Commit Block List.

BlobBlock

BlockBlob Block class.

PageRange

Page Range for page blob.

AccessPolicy

Access Policy class used by the set and get access policy methods in each service.

A stored access policy can specify the start time, expiry time, and permissions for the Shared Access Signatures with which it's associated. Depending on how you want to control access to your resource, you can specify all of these parameters within the stored access policy, and omit them from the URL for the Shared Access Signature. Doing so permits you to modify the associated signature's behavior at any time, as well as to revoke it. Or you can specify one or more of the access policy parameters within the stored access policy, and the others on the URL. Finally, you can specify all of the parameters on the URL. In this case, you can use the stored access policy to revoke the signature, but not to modify its behavior.

Together the Shared Access Signature and the stored access policy must include all fields required to authenticate the signature. If any required fields are missing, the request will fail. Likewise, if a field is specified both in the Shared Access Signature URL and in the stored access policy, the request will fail with status code 400 (Bad Request).

ContainerSasPermissions

ContainerSasPermissions class to be used with the generate_container_sas function and for the AccessPolicies used with set_container_access_policy.

BlobSasPermissions

BlobSasPermissions class to be used with the generate_blob_sas function.

ResourceTypes

Specifies the resource types that are accessible with the account SAS.

AccountSasPermissions

ResourceTypes class to be used with generate_account_sas function and for the AccessPolicies used with set_*_acl. There are two types of SAS which may be used to grant resource access. One is to grant access to a specific resource (resource-specific). Another is to grant access to the entire service for a specific account and allow certain operations based on perms found here.

StorageStreamDownloader

A streaming object to download from Azure Storage.

CustomerProvidedEncryptionKey

All data in Azure Storage is encrypted at-rest using an account-level encryption key. In versions 2018-06-17 and newer, you can manage the key used to encrypt blob contents and application metadata per-blob by providing an AES-256 encryption key in requests to the storage service.

When you use a customer-provided key, Azure Storage does not manage or persist your key. When writing data to a blob, the provided key is used to encrypt your data before writing it to disk. A SHA-256 hash of the encryption key is written alongside the blob contents, and is used to verify that all subsequent operations against the blob use the same encryption key. This hash cannot be used to retrieve the encryption key or decrypt the contents of the blob. When reading a blob, the provided key is used to decrypt your data after reading it from disk. In both cases, the provided encryption key is securely discarded as soon as the encryption or decryption process completes.

PartialBatchErrorException

There is a partial failure in batch operations.

ContainerEncryptionScope

The default encryption scope configuration for a container.

This scope is used implicitly for all future writes within the container, but can be overridden per blob operation.

New in version 12.2.0.

BlobQueryError

The error happened during quick query operation.

DelimitedJsonDialect

Defines the input or output JSON serialization for a blob data query.

keyword str delimiter: The line separator character, default value is '

'

DelimitedTextDialect

Defines the input or output delimited (CSV) serialization for a blob query request.

keyword str delimiter: Column separator, defaults to ','.

keyword str quotechar: Field quote, defaults to '"'.

keyword str lineterminator: Record separator, defaults to '

'. keyword str escapechar: Escape char, defaults to empty.

keyword bool has_header: Whether the blob data includes headers in the first line. The default value is False, meaning that the data will be returned inclusive of the first line. If set to True, the data will be returned exclusive of the first line.

ArrowDialect

field of an arrow schema.

All required parameters must be populated in order to send to Azure.

BlobQueryReader

A streaming object to read query results.

ObjectReplicationPolicy

Policy id and rule ids applied to a blob.

ObjectReplicationRule

Policy id and rule ids applied to a blob.

Enums

BlobType

An enumeration.

StorageErrorCode

An enumeration.

BlockState

Block blob block types.

StandardBlobTier

Specifies the blob tier to set the blob to. This is only applicable for block blobs on standard storage accounts.

PremiumPageBlobTier

Specifies the page blob tier to set the blob to. This is only applicable to page blobs on premium storage accounts. Please take a look at: https://docs.microsoft.com/en-us/azure/storage/storage-premium-storage#scalability-and-performance-targets for detailed information on the corresponding IOPS and throughput per PageBlobTier.

SequenceNumberAction

Sequence number actions.

BlobImmutabilityPolicyMode

Specifies the immutability policy mode to set on the blob. "Mutable" can only be returned by service, don't set to "Mutable".

PublicAccess

Specifies whether data in the container may be accessed publicly and the level of access.

QuickQueryDialect

Specifies the quick query input/output dialect.

RehydratePriority

If an object is in rehydrate pending state then this header is returned with priority of rehydrate. Valid values are High and Standard.

ArrowType

An enumeration.

Functions

upload_blob_to_url

Upload data to a given URL

The data will be uploaded as a block blob.

upload_blob_to_url(blob_url, data, credential=None, **kwargs)

Parameters

blob_url
str
Required

The full URI to the blob. This can also include a SAS token.

data
bytes or str or <xref:Iterable>
Required

The data to upload. This can be bytes, text, an iterable or a file-like object.

credential
default value: None

The credentials with which to authenticate. This is optional if the blob URL already has a SAS token. The value can be a SAS token string, an instance of a AzureSasCredential from azure.core.credentials, an account shared access key, or an instance of a TokenCredentials class from azure.identity. If the resource URI already contains a SAS token, this will be ignored in favor of an explicit credential

  • except in the case of AzureSasCredential, where the conflicting SAS tokens will raise a ValueError.
overwrite
bool

Whether the blob to be uploaded should overwrite the current data. If True, upload_blob_to_url will overwrite any existing data. If set to False, the operation will fail with a ResourceExistsError.

max_concurrency
int

The number of parallel connections with which to download.

length
int

Number of bytes to read from the stream. This is optional, but should be supplied for optimal performance.

metadata
dict(<xref:str,str>)

Name-value pairs associated with the blob as metadata.

validate_content
bool

If true, calculates an MD5 hash for each chunk of the blob. The storage service checks the hash of the content that has arrived with the hash that was sent. This is primarily valuable for detecting bitflips on the wire if using http instead of https as https (the default) will already validate. Note that this MD5 hash is not stored with the blob. Also note that if enabled, the memory-efficient upload algorithm will not be used, because computing the MD5 hash requires buffering entire blocks, and doing so defeats the purpose of the memory-efficient algorithm.

encoding
str

Encoding to use if text is supplied as input. Defaults to UTF-8.

Returns

Blob-updated property dict (Etag and last modified)

Return type

dict(str, <xref:Any>)

download_blob_from_url

Download the contents of a blob to a local file or stream.

download_blob_from_url(blob_url, output, credential=None, **kwargs)

Parameters

blob_url
str
Required

The full URI to the blob. This can also include a SAS token.

output
str or <xref:writable stream.>
Required

Where the data should be downloaded to. This could be either a file path to write to, or an open IO handle to write to.

credential
default value: None

The credentials with which to authenticate. This is optional if the blob URL already has a SAS token or the blob is public. The value can be a SAS token string, an instance of a AzureSasCredential from azure.core.credentials, an account shared access key, or an instance of a TokenCredentials class from azure.identity. If the resource URI already contains a SAS token, this will be ignored in favor of an explicit credential

  • except in the case of AzureSasCredential, where the conflicting SAS tokens will raise a ValueError.
overwrite
bool

Whether the local file should be overwritten if it already exists. The default value is False - in which case a ValueError will be raised if the file already exists. If set to True, an attempt will be made to write to the existing file. If a stream handle is passed in, this value is ignored.

max_concurrency
int

The number of parallel connections with which to download.

offset
int

Start of byte range to use for downloading a section of the blob. Must be set if length is provided.

length
int

Number of bytes to read from the stream. This is optional, but should be supplied for optimal performance.

validate_content
bool

If true, calculates an MD5 hash for each chunk of the blob. The storage service checks the hash of the content that has arrived with the hash that was sent. This is primarily valuable for detecting bitflips on the wire if using http instead of https as https (the default) will already validate. Note that this MD5 hash is not stored with the blob. Also note that if enabled, the memory-efficient upload algorithm will not be used, because computing the MD5 hash requires buffering entire blocks, and doing so defeats the purpose of the memory-efficient algorithm.

Return type

generate_account_sas

Generates a shared access signature for the blob service.

Use the returned signature with the credential parameter of any BlobServiceClient, ContainerClient or BlobClient.

generate_account_sas(account_name, account_key, resource_types, permission, expiry, start=None, ip=None, **kwargs)

Parameters

account_name
str
Required

The storage account name used to generate the shared access signature.

account_key
str
Required

The account key, also called shared key or access key, to generate the shared access signature.

resource_types
str or ResourceTypes
Required

Specifies the resource types that are accessible with the account SAS.

permission
str or AccountSasPermissions
Required

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.

expiry
datetime or str
Required

The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

start
datetime or str
default value: None

The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

ip
str
default value: None

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.

protocol
str

Specifies the protocol permitted for a request made. The default value is https.

Returns

A Shared Access Signature (sas) token.

Return type

str

Examples

Generating a shared access signature.


   # Create a SAS token to use to authenticate a new client
   from datetime import datetime, timedelta
   from azure.storage.blob import ResourceTypes, AccountSasPermissions, generate_account_sas

   sas_token = generate_account_sas(
       blob_service_client.account_name,
       account_key=blob_service_client.credential.account_key,
       resource_types=ResourceTypes(object=True),
       permission=AccountSasPermissions(read=True),
       expiry=datetime.utcnow() + timedelta(hours=1)
   )

generate_container_sas

Generates a shared access signature for a container.

Use the returned signature with the credential parameter of any BlobServiceClient, ContainerClient or BlobClient.

generate_container_sas(account_name, container_name, account_key=None, user_delegation_key=None, permission=None, expiry=None, start=None, policy_id=None, ip=None, **kwargs)

Parameters

account_name
str
Required

The storage account name used to generate the shared access signature.

container_name
str
Required

The name of the container.

account_key
str
default value: None

The account key, also called shared key or access key, to generate the shared access signature. Either account_key or user_delegation_key must be specified.

user_delegation_key
UserDelegationKey
default value: None

Instead of an account shared key, the user could pass in a user delegation key. A user delegation key can be obtained from the service by authenticating with an AAD identity; this can be accomplished by calling get_user_delegation_key. When present, the SAS is signed with the user delegation key instead.

permission
str or ContainerSasPermissions
default value: None

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.

expiry
datetime or str
default value: None

The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

start
datetime or str
default value: None

The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

policy_id
str
default value: None

A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_container_access_policy.

ip
str
default value: None

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.

protocol
str

Specifies the protocol permitted for a request made. The default value is https.

cache_control
str

Response header value for Cache-Control when resource is accessed using this shared access signature.

content_disposition
str

Response header value for Content-Disposition when resource is accessed using this shared access signature.

content_encoding
str

Response header value for Content-Encoding when resource is accessed using this shared access signature.

content_language
str

Response header value for Content-Language when resource is accessed using this shared access signature.

content_type
str

Response header value for Content-Type when resource is accessed using this shared access signature.

Returns

A Shared Access Signature (sas) token.

Return type

str

Examples

Generating a sas token.


   # Use access policy to generate a sas token
   from azure.storage.blob import generate_container_sas

   sas_token = generate_container_sas(
       container_client.account_name,
       container_client.container_name,
       account_key=container_client.credential.account_key,
       policy_id='my-access-policy-id'
   )

generate_blob_sas

Generates a shared access signature for a blob.

Use the returned signature with the credential parameter of any BlobServiceClient, ContainerClient or BlobClient.

generate_blob_sas(account_name, container_name, blob_name, snapshot=None, account_key=None, user_delegation_key=None, permission=None, expiry=None, start=None, policy_id=None, ip=None, **kwargs)

Parameters

account_name
str
Required

The storage account name used to generate the shared access signature.

container_name
str
Required

The name of the container.

blob_name
str
Required

The name of the blob.

snapshot
str
default value: None

An optional blob snapshot ID.

account_key
str
default value: None

The account key, also called shared key or access key, to generate the shared access signature. Either account_key or user_delegation_key must be specified.

user_delegation_key
UserDelegationKey
default value: None

Instead of an account shared key, the user could pass in a user delegation key. A user delegation key can be obtained from the service by authenticating with an AAD identity; this can be accomplished by calling get_user_delegation_key. When present, the SAS is signed with the user delegation key instead.

permission
str or BlobSasPermissions
default value: None

The permissions associated with the shared access signature. The user is restricted to operations allowed by the permissions. Permissions must be ordered read, write, delete, list. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy.

expiry
datetime or str
default value: None

The time at which the shared access signature becomes invalid. Required unless an id is given referencing a stored access policy which contains this field. This field must be omitted if it has been specified in an associated stored access policy. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

start
datetime or str
default value: None

The time at which the shared access signature becomes valid. If omitted, start time for this call is assumed to be the time when the storage service receives the request. Azure will always convert values to UTC. If a date is passed in without timezone info, it is assumed to be UTC.

policy_id
str
default value: None

A unique value up to 64 characters in length that correlates to a stored access policy. To create a stored access policy, use set_container_access_policy.

ip
str
default value: None

Specifies an IP address or a range of IP addresses from which to accept requests. If the IP address from which the request originates does not match the IP address or address range specified on the SAS token, the request is not authenticated. For example, specifying ip=168.1.5.65 or ip=168.1.5.60-168.1.5.70 on the SAS restricts the request to those IP addresses.

version_id
str

An optional blob version ID. This parameter is only for versioning enabled account

New in version 12.4.0: This keyword argument was introduced in API version '2019-12-12'.

protocol
str

Specifies the protocol permitted for a request made. The default value is https.

cache_control
str

Response header value for Cache-Control when resource is accessed using this shared access signature.

content_disposition
str

Response header value for Content-Disposition when resource is accessed using this shared access signature.

content_encoding
str

Response header value for Content-Encoding when resource is accessed using this shared access signature.

content_language
str

Response header value for Content-Language when resource is accessed using this shared access signature.

content_type
str

Response header value for Content-Type when resource is accessed using this shared access signature.

Returns

A Shared Access Signature (sas) token.

Return type

str