Azure multi read options

[georgew5656]

Description

Currently the "azure" input source schema only supports ingesting files that are stored in the Azure Storage Account specified in druid.azure.account. To support ingesting data from different storage accounts, add a new "azureStorage" input source schema for azure with a slightly different spec.

Fixed the bug ...

Renamed the class ...

Added a forbidden-apis entry ...

1. Added AzureStorageAccountInputSource
   I would have preferred to keep using the regular AzureInputSource class but that class assumes CloudObjectLocation.bucket to be the container of the file and CloudObjectLocation.path to be the path the file within the bucket. I couldn't think of a way to keep the behavior backwards compatible with existing ingestion specs and support multiple storage accounts.

One idea i had was to introduce a "storageAccount" field directly in AzureInputSource (instead of in CloudObjectLocation), then use that field when creating AzureStorage classes. I think this would work but it also would mean that the behavior of azure ingestion is different from other types of ingestion (by having the storage account not in the ingestion uri) and this could cause problems down the line.

2. Create a new AzureStorage instance with a AzureClientFactory with credentials passed in from AzureStorageAccountInputSource.
   Since the AzureStorage instance is a abstraction over Azure Blob Storage clients, I thought it made sense to create a instance of it per Azure ingestion spec, since we do something similar with S3 (create a s3 client for each s3 ingestion spec).

It would have also been possible to pass the AzureInpuSourceConfig to the relevant functions in AzureStorage and generate different clients but I thought this would have been confusing.

3. Auth methods
   I added support for key, sas token, and app registration authentication when ingesting from storage accounts. Managed/Workload identity auth can also work by not specifying properties and making sure the identity the cluster is deployed with can access the external storage account.

Release note

Support Azure ingestion from multiple Storage Accounts.

---

Key changed/added classes in this PR

• AzureStorageAccountInputSource
• AzureInpuSourceConfig
• AzureClientFactory
• AzureStorage
• AzureEntity

---

This PR has:

• been self-reviewed.
  • using the concurrency checklist (Remove this item if the PR doesn't have any relation to concurrency.)
• added documentation for new or modified features or behaviors.
• a release note entry in the PR description.
• added Javadocs for most classes and all non-trivial methods. Linked related entities via Javadoc links.
• added or updated version, license, or notice information in licenses.yaml
• added comments explaining the "why" and the intent of the code wherever would not be obvious for an unfamiliar reader.
• added unit tests or modified existing tests to cover new code paths, ensuring the threshold for code coverage is met.
• added integration tests.
• been tested in a test Druid cluster.

[zachjsh]

ditto, do we need to verify this returned pair in anyway?

[zachjsh]

ditto about maybe the need to validate the pair returned?

[georgew5656]

what do u think we should validate about it?

[zachjsh]

What is either in the pair come back empty or null, would that cause unexpected / unhandled error elsewhere?

[georgew5656]

i added a check in the function itself so it doesn't throw a index error on a bad input spec now. basically what happens now is the task will eventually fail b/c it fails to read the bad input file which i think is okay (the error from azure is pretty clear)

[317brian]

Some small nits in the docs pages but nothing major. Thanks!

[zachjsh]

🚀