Consider separating container public access from get/set_container_acl

[tjprescott]

Currently if you want to know the public access level of a container, you have to use the get_container_acl call. One would reasonably expect that get_container_acl would return the ACL only, not the ACL and maybe some other properties too. Public access seems like it would logically be returned by the get_container_properties call since it is a property of the container itself, whereas the ACL is a list of stored settings for use in generating SAS tokens.

Another scenario in which this conflation of the two concepts is painful is when you just want to update the public access policy for a container. This can easily be done in the portal, but if you try:

set_container_acl(container, access_policy='blob')

This will result in wiping out your container's ACL, which almost certainly wasn't your intent. Instead, you have to do a call to get_container_acl (even though you don't want to change anything) and then pass the signed identifiers back in to the call to set_container_acl to perserve them.

There isn't a call for set_container_properties but it might be good from a usability standpoint to consider creating one and splitting out that functionality.

[hasonmsft]

@tjprescott , the backend API for changing public access level and ACL is shared. Refer to https://msdn.microsoft.com/en-us/library/azure/dd179391.aspx.

[troydai]

@pemari-msft can we know the reason why this issue was closed? Was it won't fix or already fixed or by design?

[pemari-msft]

Please see @hasonmsft 's comment: the backend API for changing public access level and ACL is shared.

[pemari-msft]

As an aside, GetContainerProperties will soon return the public access value, to simplify this scenario :)

[troydai]

Thank you for the response.

[troydai]

@pemari-msft @hasonmsft we implemented a workaround on our side: https://github.com/Azure/azure-cli/blob/master/src/command_modules/azure-cli-storage/azure/cli/command_modules/storage/custom.py#L237

I'd like to have you guys reconsider to integrate this approach in the SDK instead. Otherwise, every API usage on clients would have to set the ACL in this approach.

[paragsalgaonkar]

How can I get the container Public Access value? I can't seem to get it from the GetContainerProperties call.

[zezha-msft]

Hi @paragsalgaonkar, please use the get_container_acl call.

[paragsalgaonkar]

Thank you for your reply @zezha-msft
I tried doing that, but whenever I use the get_container_acl call, I get an empty dictionary in response.

I want to get the access level of a blob or a container, so I need to get programmatically in python whether the access level is set to either 'blob', 'container and blob' or 'private'. Is there a way to get this information?

[zezha-msft]

hi @paragsalgaonkar, please refer to the sample

[paragsalgaonkar]

Hey, thank you so much @zezha-msft.
This thing was bugging me for so long.

[zezha-msft]

Hi @paragsalgaonkar, glad to help! 👍