feat: supporting managed identity #45
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
hallvictoria
requested review from
vrdmr,
gavin-aguiar,
YunchuWang and
pdthummar
as code owners
gavin-aguiar
reviewed
Oct 8, 2024
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/utils.py
Show resolved
Hide resolved
...-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/storageStreamDownloader.py
Outdated
Show resolved
Hide resolved
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/blobClient.py
Outdated
Show resolved
Hide resolved
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/blobClient.py
Outdated
Show resolved
Hide resolved
azurefunctions-extensions-bindings-blob/azurefunctions/extensions/bindings/blob/blobClient.py
Outdated
Show resolved
Hide resolved
gavin-aguiar
approved these changes
Oct 8, 2024
YunchuWang
approved these changes
Oct 8, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
In order to support authentication through Managed Identity, the way the client is created needs to change. Previously it was done through the
from_connection_stringmethods. This changes the extension to instead create a BlobServiceClient first, and then use the BlobServiceClient to create the respective SDK type.When using Managed Identity, the only way to create a BlobClient is through a BlobServiceClient. There are two ways to create a BlobServiceClient:
from_connection_string: this is the only option when not using Managed IdentitySince there are two options in how we can create the BSC, we have to track if MI is being used. This is done through a flag as part of the Client object. We determine if MI is being used based on the connection string setting passed in.
When using managed identity, the connection string variable name is formatted like so:
<CONNECTION_NAME_PREFIX>__serviceUri<CONNECTION_NAME_PREFIX>__blobServiceUriThe variable received will be
<CONNECTION_NAME_PREFIX>. Therefore, we need to append the suffix to obtain the storage URI and create the client.There are four cases:
__serviceUrimust be appended__blobServiceUrimust be appended