def generate_sas_token()

in web-backend/getBlobsByContainer/__init__.py [0:0]

• 18 lines of code
• 5 McCabe index (conditional complexity)

def generate_sas_token(container_name, blob_name):
    delegation_key = blob_service_client.get_user_delegation_key(
        key_start_time=datetime.datetime.utcnow(),
        key_expiry_time=datetime.datetime.utcnow() + datetime.timedelta(hours=HOURS)
    )
    
    """Generate a SAS token with read & write access for a blob."""
    sas_token = generate_blob_sas(
        account_name=STORAGE_ACCOUNT_NAME,
        container_name=container_name,
        blob_name=blob_name,
        user_delegation_key=delegation_key,  # Managed Identity handles authentication
        permission=BlobSasPermissions(read=True, write=True),  # Read & Write
        expiry=datetime.datetime.utcnow() + datetime.timedelta(hours=HOURS)  # 1-hour expiry
    )

    blob_client = blob_service_client.get_blob_client(container_name, blob_name)

    if USE_SAS_TOKEN == "true" or USE_SAS_TOKEN == True:
        # Generate a SAS URL for the blob
        return f"{blob_client.url}?{sas_token}"
    else:
        # Generate a URL without SAS token for Managed Identity access
        return blob_client.url