Merge lp:~marix/duplicity/azure-storage-sas into lp:~duplicity-team/duplicity/0.8-series
Status: | Merged |
---|---|
Merged at revision: | 1179 |
Proposed branch: | lp:~marix/duplicity/azure-storage-sas |
Merge into: | lp:~duplicity-team/duplicity/0.8-series |
Diff against target: |
54 lines (+21/-9) 2 files modified
bin/duplicity.1 (+6/-2) duplicity/backends/azurebackend.py (+15/-7) |
To merge this branch: | bzr merge lp:~marix/duplicity/azure-storage-sas |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
duplicity-team | Pending | ||
Review via email: mp+317175@code.launchpad.net |
Description of the change
This branch adds support for Shared Access Signature to the Azure backend which allows to run Duplicity with a minimal set of permissions.
The currently supported access method, using an account key, grants Duplicity full administrative permissions on that Azure storage account. However, there is a fairly low limit on the number of storage account that can be used within a single storage subscription, thus it is not necessarily optimal to create a separate one for each single system that requires backup. In addition, this also grants a lot of unnecessary powers to the system running Duplicity.
Share Access Signatures allow to grant a specific set of permissions of permissions on a storage account, or a single container. To test you need to create a shared access signature including read, write and deletion permissions on the container. Then run duplicity passing the shared access signature in the environment variable AZURE_SHARED_