@gradientedge/cdk-utils 9.52.2 → 9.52.3

package/dist/src/lib/azure/services/storage/main.d.ts

@@ -3,6 +3,7 @@ import { StorageBlob } from '@cdktf/provider-azurerm/lib/storage-blob';
 import { StorageContainer } from '@cdktf/provider-azurerm/lib/storage-container';
 import { CommonAzureConstruct } from '../../common';
 import { StorageAccountProps, StorageBlobProps, StorageContainerProps } from './types';
+import { DataAzurermStorageAccountBlobContainerSas } from '@cdktf/provider-azurerm/lib/data-azurerm-storage-account-blob-container-sas';
 /**
  * @classdesc Provides operations on Azure Storage
  * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
@@ -45,4 +46,29 @@ export declare class AzureStorageManager {
      * @see [CDKTF Storage Blob Module]{@link https://github.com/cdktf/cdktf-provider-azurerm/blob/main/docs/storageBlob.typescript.md}
      */
     createStorageBlob(id: string, scope: CommonAzureConstruct, props: StorageBlobProps): StorageBlob;
+    /**
+     * @summary Generates a container-level SAS token for an existing Azure Storage container.
+     *
+     * @description
+     * This method creates a `DataAzurermStorageAccountBlobContainerSas` resource, allowing secure access
+     * to a container via a generated Shared Access Signature (SAS) token.
+     *
+     * @param id - Unique scoped identifier for the SAS token resource
+     * @param scope - CDKTF construct scope in which the resource will be created
+     * @param props - Container details and SAS options:
+     *   - storageAccountName: The name of the existing Azure Storage Account
+     *   - storageContainerName: The name of the container within the storage account
+     *   - resourceGroupName: The name of the resource group containing the storage account
+     *   - sasExpiry: Optional expiry date in the format 'YYYY-MM-DD'. Defaults to 7 days from current date if not provided.
+     *
+     * @returns A `DataAzurermStorageAccountBlobContainerSas` instance with the generated SAS token
+     *
+     * @see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account_blob_container_sas
+     */
+    generateContainerSasToken(id: string, scope: CommonAzureConstruct, props: {
+        storageAccountName: string;
+        storageContainerName: string;
+        resourceGroupName: string;
+        sasExpiry?: string;
+    }): DataAzurermStorageAccountBlobContainerSas;
 }

package/dist/src/lib/azure/services/storage/main.js

@@ -8,6 +8,7 @@ const storage_account_1 = require("@cdktf/provider-azurerm/lib/storage-account")
 const storage_blob_1 = require("@cdktf/provider-azurerm/lib/storage-blob");
 const storage_container_1 = require("@cdktf/provider-azurerm/lib/storage-container");
 const utils_1 = require("../../utils");
+const data_azurerm_storage_account_blob_container_sas_1 = require("@cdktf/provider-azurerm/lib/data-azurerm-storage-account-blob-container-sas");
 /**
  * @classdesc Provides operations on Azure Storage
  * - A new instance of this class is injected into {@link CommonAzureConstruct} constructor.
@@ -117,5 +118,47 @@ class AzureStorageManager {
         (0, utils_1.createAzureTfOutput)(`${id}-storageBlobId`, scope, storageBlob.id);
         return storageBlob;
     }
+    /**
+     * @summary Generates a container-level SAS token for an existing Azure Storage container.
+     *
+     * @description
+     * This method creates a `DataAzurermStorageAccountBlobContainerSas` resource, allowing secure access
+     * to a container via a generated Shared Access Signature (SAS) token.
+     *
+     * @param id - Unique scoped identifier for the SAS token resource
+     * @param scope - CDKTF construct scope in which the resource will be created
+     * @param props - Container details and SAS options:
+     *   - storageAccountName: The name of the existing Azure Storage Account
+     *   - storageContainerName: The name of the container within the storage account
+     *   - resourceGroupName: The name of the resource group containing the storage account
+     *   - sasExpiry: Optional expiry date in the format 'YYYY-MM-DD'. Defaults to 7 days from current date if not provided.
+     *
+     * @returns A `DataAzurermStorageAccountBlobContainerSas` instance with the generated SAS token
+     *
+     * @see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account_blob_container_sas
+     */
+    generateContainerSasToken(id, scope, props) {
+        const storageAccountLookup = new data_azurerm_storage_account_1.DataAzurermStorageAccount(scope, `${id}-lookup-sa`, {
+            name: props.storageAccountName,
+            resourceGroupName: props.resourceGroupName,
+        });
+        const containerSas = new data_azurerm_storage_account_blob_container_sas_1.DataAzurermStorageAccountBlobContainerSas(scope, `${id}-sas`, {
+            connectionString: storageAccountLookup.primaryConnectionString,
+            containerName: props.storageContainerName,
+            httpsOnly: true,
+            start: new Date().toISOString().split('T')[0],
+            expiry: props.sasExpiry ?? new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString().split('T')[0],
+            permissions: {
+                read: true,
+                add: false,
+                create: false,
+                delete: false,
+                list: false,
+                write: false,
+            },
+        });
+        (0, utils_1.createAzureTfOutput)(`${id}-sas-token`, scope, containerSas.sas, 'output', true);
+        return containerSas;
+    }
 }
 exports.AzureStorageManager = AzureStorageManager;

package/dist/src/lib/azure/services/storage/types.d.ts

@@ -7,4 +7,9 @@ export interface StorageAccountProps extends StorageAccountConfig {
 export interface StorageContainerProps extends BaseAzureConfigProps, StorageContainerConfig {
 }
 export interface StorageBlobProps extends BaseAzureConfigProps, StorageBlobConfig {
+    /**
+     * Optional ISO date string representing the expiry date for the SAS token.
+     * Format: 'YYYY-MM-DD' (e.g., '2025-05-01')
+     */
+    sasExpiry?: string;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@gradientedge/cdk-utils",
-  "version": "9.52.2",
+  "version": "9.52.3",
   "description": "Utilities for AWS CDK provisioning",
   "main": "dist/index.js",
   "engines": {

package/src/lib/azure/services/storage/main.ts

@@ -7,6 +7,7 @@ import { StorageContainer } from '@cdktf/provider-azurerm/lib/storage-container'
 import { CommonAzureConstruct } from '../../common'
 import { createAzureTfOutput } from '../../utils'
 import { StorageAccountProps, StorageBlobProps, StorageContainerProps } from './types'
+import { DataAzurermStorageAccountBlobContainerSas } from '@cdktf/provider-azurerm/lib/data-azurerm-storage-account-blob-container-sas'
 
 /**
  * @classdesc Provides operations on Azure Storage
@@ -129,4 +130,59 @@ export class AzureStorageManager {
 
     return storageBlob
   }
+
+  /**
+   * @summary Generates a container-level SAS token for an existing Azure Storage container.
+   *
+   * @description
+   * This method creates a `DataAzurermStorageAccountBlobContainerSas` resource, allowing secure access
+   * to a container via a generated Shared Access Signature (SAS) token.
+   *
+   * @param id - Unique scoped identifier for the SAS token resource
+   * @param scope - CDKTF construct scope in which the resource will be created
+   * @param props - Container details and SAS options:
+   *   - storageAccountName: The name of the existing Azure Storage Account
+   *   - storageContainerName: The name of the container within the storage account
+   *   - resourceGroupName: The name of the resource group containing the storage account
+   *   - sasExpiry: Optional expiry date in the format 'YYYY-MM-DD'. Defaults to 7 days from current date if not provided.
+   *
+   * @returns A `DataAzurermStorageAccountBlobContainerSas` instance with the generated SAS token
+   *
+   * @see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/storage_account_blob_container_sas
+   */
+  public generateContainerSasToken(
+    id: string,
+    scope: CommonAzureConstruct,
+    props: {
+      storageAccountName: string
+      storageContainerName: string
+      resourceGroupName: string
+      sasExpiry?: string
+    }
+  ): DataAzurermStorageAccountBlobContainerSas {
+    const storageAccountLookup = new DataAzurermStorageAccount(scope, `${id}-lookup-sa`, {
+      name: props.storageAccountName,
+      resourceGroupName: props.resourceGroupName,
+    })
+
+    const containerSas = new DataAzurermStorageAccountBlobContainerSas(scope, `${id}-sas`, {
+      connectionString: storageAccountLookup.primaryConnectionString,
+      containerName: props.storageContainerName,
+      httpsOnly: true,
+      start: new Date().toISOString().split('T')[0],
+      expiry: props.sasExpiry ?? new Date(Date.now() + 7 * 24 * 60 * 60 * 1000).toISOString().split('T')[0],
+      permissions: {
+        read: true,
+        add: false,
+        create: false,
+        delete: false,
+        list: false,
+        write: false,
+      },
+    })
+
+    createAzureTfOutput(`${id}-sas-token`, scope, containerSas.sas, 'output', true)
+
+    return containerSas
+  }
 }

package/src/lib/azure/services/storage/types.ts

@@ -7,4 +7,10 @@ export interface StorageAccountProps extends StorageAccountConfig {}
 
 export interface StorageContainerProps extends BaseAzureConfigProps, StorageContainerConfig {}
 
-export interface StorageBlobProps extends BaseAzureConfigProps, StorageBlobConfig {}
+export interface StorageBlobProps extends BaseAzureConfigProps, StorageBlobConfig {
+  /**
+   * Optional ISO date string representing the expiry date for the SAS token.
+   * Format: 'YYYY-MM-DD' (e.g., '2025-05-01')
+   */
+  sasExpiry?: string
+}