Allow authentication using connection string when targeting Azure Blob Storage (#383)

* Allow authentication using connection string when targeting Azure Blob Storage

* Bail on ambiguous configuration
This commit is contained in:
Frederik Ring 2024-03-08 20:23:30 +01:00 committed by GitHub
parent e8562b1785
commit baf34ec1f7
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 22 additions and 3 deletions

View File

@ -72,6 +72,7 @@ type Config struct {
LockTimeout time.Duration `split_words:"true" default:"60m"` LockTimeout time.Duration `split_words:"true" default:"60m"`
AzureStorageAccountName string `split_words:"true"` AzureStorageAccountName string `split_words:"true"`
AzureStoragePrimaryAccountKey string `split_words:"true"` AzureStoragePrimaryAccountKey string `split_words:"true"`
AzureStorageConnectionString string `split_words:"true"`
AzureStorageContainerName string `split_words:"true"` AzureStorageContainerName string `split_words:"true"`
AzureStoragePath string `split_words:"true"` AzureStoragePath string `split_words:"true"`
AzureStorageEndpoint string `split_words:"true" default:"https://{{ .AccountName }}.blob.core.windows.net/"` AzureStorageEndpoint string `split_words:"true" default:"https://{{ .AccountName }}.blob.core.windows.net/"`

View File

@ -193,6 +193,7 @@ func (s *script) init() error {
PrimaryAccountKey: s.c.AzureStoragePrimaryAccountKey, PrimaryAccountKey: s.c.AzureStoragePrimaryAccountKey,
Endpoint: s.c.AzureStorageEndpoint, Endpoint: s.c.AzureStorageEndpoint,
RemotePath: s.c.AzureStoragePath, RemotePath: s.c.AzureStoragePath,
ConnectionString: s.c.AzureStorageConnectionString,
} }
azureBackend, err := azure.NewStorageBackend(azureConfig, logFunc) azureBackend, err := azure.NewStorageBackend(azureConfig, logFunc)
if err != nil { if err != nil {

View File

@ -245,10 +245,17 @@ You can populate below template according to your requirements and use it as you
# AZURE_STORAGE_ACCOUNT_NAME="account-name" # AZURE_STORAGE_ACCOUNT_NAME="account-name"
# The credential's primary account key when using Azure Blob Storage. If this # The credential's primary account key when using Azure Blob Storage. If this
# is not given, the command tries to fall back to using a managed identity. # is not given, the command tries to fall back to using a connection string
# (if given) or a managed identity (if nothing is given).
# AZURE_STORAGE_PRIMARY_ACCOUNT_KEY="<xxx>" # AZURE_STORAGE_PRIMARY_ACCOUNT_KEY="<xxx>"
# A connection string for accessing Azure Blob Storage. If this
# is not given, the command tries to fall back to using a primary account key
# (if given) or a managed identity (if nothing is given).
# AZURE_STORAGE_CONNECTION_STRING="<xxx>"
# The container name when using Azure Blob Storage. # The container name when using Azure Blob Storage.
# AZURE_STORAGE_CONTAINER_NAME="container-name" # AZURE_STORAGE_CONTAINER_NAME="container-name"

View File

@ -33,12 +33,17 @@ type Config struct {
AccountName string AccountName string
ContainerName string ContainerName string
PrimaryAccountKey string PrimaryAccountKey string
ConnectionString string
Endpoint string Endpoint string
RemotePath string RemotePath string
} }
// NewStorageBackend creates and initializes a new Azure Blob Storage backend. // NewStorageBackend creates and initializes a new Azure Blob Storage backend.
func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) { func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error) {
if opts.PrimaryAccountKey != "" && opts.ConnectionString != "" {
return nil, errwrap.Wrap(nil, "using primary account key and connection string are mutually exclusive")
}
endpointTemplate, err := template.New("endpoint").Parse(opts.Endpoint) endpointTemplate, err := template.New("endpoint").Parse(opts.Endpoint)
if err != nil { if err != nil {
return nil, errwrap.Wrap(err, "error parsing endpoint template") return nil, errwrap.Wrap(err, "error parsing endpoint template")
@ -58,7 +63,12 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
client, err = azblob.NewClientWithSharedKeyCredential(normalizedEndpoint, cred, nil) client, err = azblob.NewClientWithSharedKeyCredential(normalizedEndpoint, cred, nil)
if err != nil { if err != nil {
return nil, errwrap.Wrap(err, "error creating Azure client") return nil, errwrap.Wrap(err, "error creating azure client from primary account key")
}
} else if opts.ConnectionString != "" {
client, err = azblob.NewClientFromConnectionString(opts.ConnectionString, nil)
if err != nil {
return nil, errwrap.Wrap(err, "error creating azure client from connection string")
} }
} else { } else {
cred, err := azidentity.NewManagedIdentityCredential(nil) cred, err := azidentity.NewManagedIdentityCredential(nil)
@ -67,7 +77,7 @@ func NewStorageBackend(opts Config, logFunc storage.Log) (storage.Backend, error
} }
client, err = azblob.NewClient(normalizedEndpoint, cred, nil) client, err = azblob.NewClient(normalizedEndpoint, cred, nil)
if err != nil { if err != nil {
return nil, errwrap.Wrap(err, "error creating Azure client") return nil, errwrap.Wrap(err, "error creating azure client from managed identity")
} }
} }