From 09641a2dc55f891e688ef9803c8ac5a202f7f262 Mon Sep 17 00:00:00 2001 From: Nils Hamerlinck Date: Tue, 20 Jul 2021 22:11:39 +0700 Subject: [PATCH 1/2] [FIX] attachment_azure: higher level of permissions needed to create container and upload blobs when using the SAS token --- attachment_azure/models/ir_attachment.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/attachment_azure/models/ir_attachment.py b/attachment_azure/models/ir_attachment.py index f0ae764..e75f1d9 100644 --- a/attachment_azure/models/ir_attachment.py +++ b/attachment_azure/models/ir_attachment.py @@ -74,8 +74,8 @@ class IrAttachment(models.Model): sas_token = generate_account_sas( account_name=account_name, account_key=account_key, - resource_types=ResourceTypes(service=True), - permission=AccountSasPermissions(read=True), + resource_types=ResourceTypes(container=True, object=True), + permission=AccountSasPermissions(read=True, write=True), expiry=datetime.utcnow() + timedelta(hours=1), ) blob_service_client = BlobServiceClient( From d82e0a9be9cc6a89518eddc19d716886d76f6a8f Mon Sep 17 00:00:00 2001 From: Nils Hamerlinck Date: Tue, 20 Jul 2021 22:04:17 +0700 Subject: [PATCH 2/2] [FIX] attachment_azure: clean dbname to fit with container naming rules --- attachment_azure/models/ir_attachment.py | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/attachment_azure/models/ir_attachment.py b/attachment_azure/models/ir_attachment.py index e75f1d9..9576d49 100644 --- a/attachment_azure/models/ir_attachment.py +++ b/attachment_azure/models/ir_attachment.py @@ -4,6 +4,7 @@ import io import logging import os +import re from datetime import datetime, timedelta from odoo import _, api, exceptions, models @@ -91,9 +92,20 @@ class IrAttachment(models.Model): return blob_service_client @api.model - def _get_azure_container(self): + def _get_container_name(self): + """ + Container naming rules: + https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names + """ running_env = os.environ.get("RUNNING_ENV", "dev") - container_name = str.lower(running_env + "-" + self.env.cr.dbname) + # replace invalid characters by _ + dbname_cleaned = re.sub(r"[\W_]+", "-", self.env.cr.dbname) + # lowercase, max 63 chars + return str.lower(running_env + "-" + dbname_cleaned)[:63] + + @api.model + def _get_azure_container(self): + container_name = self._get_container_name() blob_service_client = self._get_blob_service_client() container_client = blob_service_client.get_container_client(container_name) try: