Public access to images

[josecelano]

We have been using Azure Blog Storage with SAS tokens for authentication so far. That's ok for maintainers but how we can give read access to everybody. I think we should have a basic installation like this:

git clone [email protected]:Nautilus-Cyberneering/chinese-ideographs.git
export AZURE_STORAGE_ACCOUNT='nautiluscyberneering'
export AZURE_STORAGE_SAS_TOKEN='?sv=2020-08-04&ss=bfqt&srt=sco&sp=rwdlacuptfx&se=2021-12-31T19:15:33Z&st=2021-10-01T10:15:33Z&spr=https&sig=PUBLIC_READ_ONLY_TOKEN'
dvc pull

I tried to generate a read-only SAS token:

but it does not work. I was able to push new images with dvc push.

I have opened a topic on the DVC community: https://discuss.dvc.org/t/read-only-access-using-azure-blog-storage/910

I think it should be possible.

Official docs: https://docs.microsoft.com/en-us/rest/api/storageservices/create-service-sas#ad-hoc-sas-versus-stored-access-policy

[josecelano]

It seems you can change the access level of the container:

but I would prefer to create a token with read-only permissions if possible because that way we could even control who has read access. People could ask for a read-only token. But anyway it seems once you generate one SAS token there is no way to revoke it: https://docs.microsoft.com/en-us/azure/storage/common/storage-sas-overview#best-practices-when-using-sas or I least, I do not find any option to list them and revoke them manually.