diff --git a/scripts/azureml-assets/CHANGELOG.md b/scripts/azureml-assets/CHANGELOG.md index 99394edf9c..b05c3f0a82 100644 --- a/scripts/azureml-assets/CHANGELOG.md +++ b/scripts/azureml-assets/CHANGELOG.md @@ -1,6 +1,10 @@ ## 1.17.0 (Unreleased) ### 🚀 New Features +## 1.16.81 (2025-05-15) +### 🚀 New Features +- [#4184](https://github.com/Azure/azureml-assets/pull/4184) Generate SAS token instead of checking container access + ## 1.16.80 (2025-05-13) ### 🚀 New Features - [#4172](https://github.com/Azure/azureml-assets/pull/4172) Make asset validation work with new schema validation in ADO diff --git a/scripts/azureml-assets/azureml/assets/config.py b/scripts/azureml-assets/azureml/assets/config.py index b7f0ab2d94..c7b2557d74 100644 --- a/scripts/azureml-assets/azureml/assets/config.py +++ b/scripts/azureml-assets/azureml/assets/config.py @@ -583,16 +583,7 @@ def get_uri(self, token_expiration: timedelta = timedelta(hours=1)) -> str: # If we fail pass through to the next approach pass - # Our second approach is to use the azure python SDK to view the properties - # of the container. If the container allows for anonymous access then we can - # return the URI "as-is". - # - # This approach is slower than the first approach, which is why we - # tried the simple HTTP request approach first. - # - # It also requires Azure Credentials to be configured which may or may - # not be present depending on the execution environment. If these credentials - # do not exist then fail gracefully, return the URI "as-is", and hope for the best. + # Generate a SAS token for the container and append it to the URI try: blob_service_client = BlobServiceClient( account_url=self._account_uri, @@ -600,18 +591,9 @@ def get_uri(self, token_expiration: timedelta = timedelta(hours=1)) -> str: process_timeout=AzureBlobstoreAssetPath.AZURE_CLI_PROCESS_LOGIN_TIMEOUT ) ) - container_client = blob_service_client.get_container_client(container=self._container_name) - - # If the container allows for anonymous access then we can return the URI "as-is" - if container_client.get_container_properties().public_access is not None: - self._token = "" - return uri - # Our final approach is to generate a SAS token for the container and append - # it to the URI start_time = datetime.now(timezone.utc) expiry_time = start_time + token_expiration - key = blob_service_client.get_user_delegation_key(start_time, expiry_time) self._token = generate_container_sas( @@ -657,11 +639,11 @@ def get_files(self, strip_container_prefix: bool = True) -> List[dict]: List[dict]: List of files and their sizes. Dicts have keys `name` and `size`. """ container_client = self.get_container_client() - container_prefix = self._container_path + "/" + container_prefix = self._container_path + "/" if self._container_path else None blobs = container_client.list_blobs(name_starts_with=container_prefix) # Remove prefix if desired - starting_pos = len(container_prefix) if strip_container_prefix else 0 + starting_pos = len(container_prefix) if container_prefix and strip_container_prefix else 0 blobs = [{'name': blob.name[starting_pos:], 'size': blob.size} for blob in blobs] return blobs diff --git a/scripts/azureml-assets/setup.py b/scripts/azureml-assets/setup.py index 41c9b06b09..790aaa6f71 100644 --- a/scripts/azureml-assets/setup.py +++ b/scripts/azureml-assets/setup.py @@ -7,7 +7,7 @@ setup( name="azureml-assets", - version="1.16.80", + version="1.16.81", description="Utilities for publishing assets to Azure Machine Learning system registries.", author="Microsoft Corp", packages=find_packages(),