azure: Support using connection string authentication #51
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nholik
force-pushed
the
allow-az-conn-strings
branch
from
d09908f
to
af059d5
Compare
nholik
changed the title
kakkoyun
approved these changes
Aug 4, 2023
Signed-off-by: Nick Holik <nholik@gmail.com>
nholik
force-pushed
the
allow-az-conn-strings
branch
from
5c0b716
to
ea9928f
Compare
|
7 tasks
Signed-off-by: Kemal Akkoyun <kakkoyun@users.noreply.github.com>
MichelHollands
pushed a commit
to grafana/loki
that referenced
this pull request
Sep 21, 2023
**What this PR does / why we need it**: Adds a connection-string option to the azure blob storage config. So the [Azurite](https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azurite) emulator can be used in local test environments (my use case). But also to support the use of a SAS token. See the (future) addition of this option to the Thanos object storage client: thanos-io/objstore#51 **Which issue(s) this PR fixes**: n/a **Special notes for your reviewer**: thanos-io/objstore#51 isn't merged yet. But I'm already creating this PR to see what others think. **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [x] Documentation added - [x] Tests updated - [x] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [x] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](d10549e)
rhnasc
pushed a commit
to inloco/loki
that referenced
this pull request
Apr 12, 2024
**What this PR does / why we need it**: Adds a connection-string option to the azure blob storage config. So the [Azurite](https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azurite) emulator can be used in local test environments (my use case). But also to support the use of a SAS token. See the (future) addition of this option to the Thanos object storage client: thanos-io/objstore#51 **Which issue(s) this PR fixes**: n/a **Special notes for your reviewer**: thanos-io/objstore#51 isn't merged yet. But I'm already creating this PR to see what others think. **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [x] Documentation added - [x] Tests updated - [x] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [x] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](grafana@d10549e)
| { | ||
| name: "Valid User Assigned and Connection String set", | ||
| config: []byte(`storage_account: "myAccount" | ||
| storage_account_key: "" |
There was a problem hiding this comment.
how is this valid since storage_account_key and storage_connection_string cannot both be set?
mraboosk
pushed a commit
to mraboosk/loki
that referenced
this pull request
Oct 7, 2024
**What this PR does / why we need it**: Adds a connection-string option to the azure blob storage config. So the [Azurite](https://learn.microsoft.com/en-us/azure/storage/common/storage-use-azurite) emulator can be used in local test environments (my use case). But also to support the use of a SAS token. See the (future) addition of this option to the Thanos object storage client: thanos-io/objstore#51 **Which issue(s) this PR fixes**: n/a **Special notes for your reviewer**: thanos-io/objstore#51 isn't merged yet. But I'm already creating this PR to see what others think. **Checklist** - [x] Reviewed the [`CONTRIBUTING.md`](https://github.com/grafana/loki/blob/main/CONTRIBUTING.md) guide (**required**) - [x] Documentation added - [x] Tests updated - [x] `CHANGELOG.md` updated - [ ] If the change is worth mentioning in the release notes, add `add-to-release-notes` label - [ ] Changes that require user attention or interaction to upgrade are documented in `docs/sources/setup/upgrade/_index.md` - [x] For Helm chart changes bump the Helm chart version in `production/helm/loki/Chart.yaml` and update `production/helm/loki/CHANGELOG.md` and `production/helm/loki/README.md`. [Example PR](grafana@2cef71e)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Changes
Added an additional option
storage_connection_stringto Azure config to use a connection string rather than a key. This is needed in limited privilege scenarios where only a SAS token is available and not full access key. When provided, the value is forwarded on to the Azure SDK method for creating a client that accepts a connection string.Existing consumers will be unaffected as using this new path must be opted into with a non-empty value for the new config option.
Verification
Using a connection string with a SAS token creates a client successfully. Further verified that running a patched version of loki consuming this library passing through SAS tokens as the authentication method works.