feat: adds support for azure client id parameter for identity usage

.eslintrc.js

@@ -27,7 +27,6 @@ module.exports = {
         'simple-import-sort/exports': 'error',
         'no-unused-vars': 'off',
         'unused-imports/no-unused-imports': 'error',
-        'no-case-declarations': 'off',
         'unused-imports/no-unused-vars': [
             'error',
             { vars: 'all', varsIgnorePattern: '^_', args: 'after-used', argsIgnorePattern: '^_' },

README.md

@@ -40,7 +40,7 @@ module.exports = ({ env }) => ({
     config: {
       provider: "strapi-provider-upload-azure-storage",
       providerOptions: {
-        auth_type: env("STORAGE_AUTH_TYPE", "default"),
+        authType: env("STORAGE_AUTH_TYPE", "default"),
         account: env("STORAGE_ACCOUNT"),
         accountKey: env("STORAGE_ACCOUNT_KEY"),//either account key or sas token is enough to make authentication 
         sasToken: env("STORAGE_ACCOUNT_SAS_TOKEN"),
@@ -55,15 +55,16 @@ module.exports = ({ env }) => ({
   },
 });
 
-// For using azure identities, the correct auth_type is 'msi' or (provide it in the environment variable)
+// For using azure identities, the correct authType is 'msi' or (provide it in the environment variable)
 
 module.exports = ({ env }) => ({
   upload: {
     config: {
       provider: "strapi-provider-upload-azure-storage",
       providerOptions: {
-        auth_type: 'msi',
+        authType: 'msi',
         account: env("STORAGE_ACCOUNT"),
+        clientId: env("STORAGE_AZURE_CLIENT_ID"), // optional
         serviceBaseURL: env("STORAGE_URL"), // optional
         containerName: env("STORAGE_CONTAINER_NAME"),
         defaultPath: "assets",
@@ -77,18 +78,19 @@ module.exports = ({ env }) => ({
 
 ```
 
-| Property | Required | Description |
-| -------- | -------- | -------- |
-| auth_type | true | Whether to use a SAS key ("default") or an identity ("msi") |
-| account | true | Azure account name |
-| accountKey | if 'auth_type 'default' | Secret access key |
-| sasToken   | false | SAS Token, either accountKey or SASToken is required if 'auth_type is 'default' |
-| serviceBaseURL  | false     | Base service URL to be used, optional. Defaults to `https://${account}.blob.core.windows.net` |
-| containerName  | true     | Container name |
-| defaultPath  | true     | The path to use when there is none being specified. Defaults to `assets` |
-| cdnBaseURL  | false     | CDN base url |
-| defaultCacheControl  | false     | Cache-Control header value for all uploaded files |
-| removeCN  | false     | Set to true, to remove container name from azure URL |
+| Property            | Required                            | Description                                                                                   |
+| ------------------- | ----------------------------------- | --------------------------------------------------------------------------------------------- |
+| authType            | true                                | Whether to use a SAS key ("default") or an identity ("msi")                                   |
+| account             | true                                | Azure account name                                                                            |
+| accountKey          | if 'authType 'default'              | Secret access key                                                                             |
+| clientId            | false (consumed if 'authType 'msi') | Azure Identity Client ID                                                                      |
+| sasToken            | false                               | SAS Token, either accountKey or SASToken is required if 'authType is 'default'                |
+| serviceBaseURL      | false                               | Base service URL to be used, optional. Defaults to `https://${account}.blob.core.windows.net` |
+| containerName       | true                                | Container name                                                                                |
+| defaultPath         | true                                | The path to use when there is none being specified. Defaults to `assets`                      |
+| cdnBaseURL          | false                               | CDN base url                                                                                  |
+| defaultCacheControl | false                               | Cache-Control header value for all uploaded files                                             |
+| removeCN            | false                               | Set to true, to remove container name from azure URL                                          |
 
 ### Security Middleware Configuration
 

src/index.ts

@@ -10,7 +10,7 @@ import internal from 'stream';
 type Config = DefaultConfig | ManagedIdentityConfig;
 
 type DefaultConfig = {
-    auth_type: 'default';
+    authType: 'default';
     accountKey: string;
     sasToken: string;
     account: string;
@@ -23,7 +23,8 @@ type DefaultConfig = {
 };
 
 type ManagedIdentityConfig = {
-    auth_type: 'msi';
+    authType: 'msi';
+    clientId?: string;
     account: string;
     serviceBaseURL?: string;
     containerName: string;
@@ -60,8 +61,8 @@ function getFileName(path: string, file: StrapiFile) {
 function makeBlobServiceClient(config: Config) {
     const serviceBaseURL = getServiceBaseUrl(config);
 
-    switch (config.auth_type) {
-        case 'default':
+    switch (config.authType) {
+        case 'default': {
             const account = trimParam(config.account);
             const accountKey = trimParam(config.accountKey);
             const sasToken = trimParam(config.sasToken);
@@ -72,9 +73,17 @@ function makeBlobServiceClient(config: Config) {
             const sharedKeyCredential = new StorageSharedKeyCredential(account, accountKey);
             const pipeline = newPipeline(sharedKeyCredential);
             return new BlobServiceClient(serviceBaseURL, pipeline);
-
-        case 'msi':
+        }
+        case 'msi': {
+            const clientId = trimParam(config.clientId);
+            if (clientId != null && clientId != '') {
+                return new BlobServiceClient(
+                    serviceBaseURL,
+                    new DefaultAzureCredential({ managedIdentityClientId: clientId })
+                );
+            }
             return new BlobServiceClient(serviceBaseURL, new DefaultAzureCredential());
+        }
     }
 }
 
@@ -130,16 +139,20 @@ async function handleDelete(
 module.exports = {
     provider: 'azure',
     auth: {
-        auth_type: {
+        authType: {
             label: 'Authentication type (required, either "msi" or "default")',
             type: 'text',
         },
+        clientId: {
+            label: 'Azure Identity ClientId (consumed if authType is "msi" and passed as DefaultAzureCredential({ managedIdentityClientId: clientId }))',
+            type: 'text',
+        },
         account: {
             label: 'Account name (required)',
             type: 'text',
         },
         accountKey: {
-            label: 'Secret access key (required if auth_type is "default")',
+            label: 'Secret access key (required if authType is "default")',
             type: 'text',
         },
         serviceBaseURL: {