add support for copying model artifact with sas token (#1703)

* add support for copying model artifact with sas token * move token tagging above * update comment --------- Co-authored-by: Miseon Park <[email protected]>
Azure · Nov 9, 2023 · 9187169 · 9187169
1 parent 2e782d0
commit 9187169
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 2 deletions.
diff --git a/scripts/azureml-assets/CHANGELOG.md b/scripts/azureml-assets/CHANGELOG.md
@@ -3,6 +3,10 @@
 
 ### 🐛 Bugs Fixed
 
+## 1.16.17 (2023-11-07)
+### 🐛 Bugs Fixed
+- [#1703](https://github.com/Azure/azureml-assets/pull/1703) Support for storage account access for model copy with SAS token
+
 ## 1.16.16 (2023-11-03)
 ### 🐛 Bugs Fixed
 - [#1643](https://github.com/Azure/azureml-assets/pull/1643) Optimizing SAS token generation when needed to access storage accounts

diff --git a/scripts/azureml-assets/azureml/assets/config.py b/scripts/azureml-assets/azureml/assets/config.py
@@ -512,6 +512,7 @@ def __init__(self, storage_name: str, container_name: str, container_path: str):
         self._storage_name = storage_name
         self._container_name = container_name
         self._container_path = container_path
+        self._token = None
 
         # AzureCloud, USGov, and China clouds should all pull from the same endpoint
         # associated with AzureCloud. If the cloud is not one of these, then the
@@ -546,6 +547,12 @@ def uri(self) -> str:
         # token if the account does not allow for anonymous access.
         self._uri = f"{self._account_uri}/{self._container_name}/{self._container_path}"
 
+        # If a SAS token has been explicitly set, then assume that the URI+token is valid.
+        # Simply append the token and return. If no SAS token is set, then proceed to rest of function.
+        if self.token is not None:
+            self._uri += "?" + self.token
+            return self._uri
+
         # The first test is to see if we can simply list the contents of the container
         # using a very simple and quick HTTP request. In order for this to work,
         # container must support anonymous read access. If this succeeds, we can
@@ -563,7 +570,7 @@ def uri(self) -> str:
             # If we fail pass through to the next approach
             pass
 
-        # Our second approach is to to use the azure python SDK to view the properties
+        # Our second approach is to use the azure python SDK to view the properties
         # of the container. If the container allows for anonymous access then we can
         # return the URI "as-is".
         #
@@ -609,6 +616,21 @@ def uri(self) -> str:
             # If we fail then simply return the URI "as-is" and hope for the best
             return self._uri
 
+    @property
+    def storage_name(self) -> str:
+        """Storage name."""
+        return self._storage_name
+
+    @property
+    def token(self) -> str:
+        """Sas token."""
+        return self._token
+
+    @token.setter
+    def token(self, value: str):
+        """Set sas token."""
+        self._token = value
+
 
 class GitAssetPath(AssetPath):
     """GIT asset path."""

diff --git a/scripts/azureml-assets/setup.py b/scripts/azureml-assets/setup.py
@@ -7,7 +7,7 @@
 
 setup(
    name="azureml-assets",
-   version="1.16.16",
+   version="1.16.17",
    description="Utilities for publishing assets to Azure Machine Learning system registries.",
    author="Microsoft Corp",
    packages=find_packages(),