in src/azure/credential.rs [329:372]
fn string_to_sign_sas(
u: &Url,
method: &Method,
account: &str,
start: &DateTime<Utc>,
end: &DateTime<Utc>,
) -> (String, String, String, String, String) {
// NOTE: for now only blob signing is supported.
let signed_resource = "b".to_string();
// https://learn.microsoft.com/en-us/rest/api/storageservices/create-service-sas#permissions-for-a-directory-container-or-blob
let signed_permissions = match *method {
// read and list permissions
Method::GET => match signed_resource.as_str() {
"c" => "rl",
"b" => "r",
_ => unreachable!(),
},
// write permissions (also allows crating a new blob in a sub-key)
Method::PUT => "w",
// delete permissions
Method::DELETE => "d",
// other methods are not used in any of the current operations
_ => "",
}
.to_string();
let signed_start = start.to_rfc3339_opts(SecondsFormat::Secs, true);
let signed_expiry = end.to_rfc3339_opts(SecondsFormat::Secs, true);
let canonicalized_resource = if u.host_str().unwrap_or_default().contains(account) {
format!("/blob/{}{}", account, u.path())
} else {
// NOTE: in case of the emulator, the account name is not part of the host
// but the path starts with the account name
format!("/blob{}", u.path())
};
(
signed_resource,
signed_permissions,
signed_start,
signed_expiry,
canonicalized_resource,
)
}