feat: adds azure identity capability #84
Conversation
|
Hello @fardarter thank you for the PR. Do you mind adding a description to the PR. Thanks |
Is this for release notes? Do you need a specific approach/format? |
@jakeFeldman Just following up here. I'm keen to get this in so happy to adjust to your needs. |
|
@fardarter Thanks for the follow up. Yes, having a detailed description with the changes, how to test, etc.. would be good for the release notes and posterity. |
Have updated and will follow up on the other. I'm testing at the moment with a patch-package version of a |
@jakeFeldman Have had successful deployments yesterday with clientId and plain msi for days before that. |
Thanks for the merge. Looking forward to seeing it in a new release. Honestly don't know what I'd be signing up for. I'm open to chatting about it. I'm also maybe not the best candidate as I'm mainly an ops person. I stop interfacing with Strapi once it's deployed and I can use identities to access the things I need (trying to run secretless infra). I don't know much about the actual plugin interop. |
|
Hey @fardarter, I just published version yarn add strapi-provider-upload-azure-storage@betaIf you want to test the version and make sure that both authTypes are working I can publish v3.4.0. No worries wrt to maintenance. The amount of work is low/minimal, I just don't use Azure much these days. |
Thanks, I'll do it for 'msi'. I don't use secrets, which is why I wanted the DefaultCredentials code. Do you mainly just need someone to triage issues? |
Working with beta package for |
|
Great to hear. Version 3.4.0 is available now. Thanks again for the PR |
README.md
Outdated
| module.exports = ({ env }) => ({ | ||
| upload: { | ||
| config: { | ||
| provider: "strapi-provider-upload-azure-storage", | ||
| providerOptions: { | ||
| auth_type: env("STORAGE_AUTH_TYPE", "default"), |
There was a problem hiding this comment.
why wihout this line produces error ? did msoft change something?
There was a problem hiding this comment.
@Achmadrendra1 You need to include an authType now. It's so to distinguish between the two key types. If you're using the original variables, all you need to do it include that line.
There was a problem hiding this comment.
Sorry. In hindsight I should have published this as a major version since that was a breaking change.
This PR adds the ability to use an Azure Managed Identity for authentication.
auth_type,clientIdDefaultAzureCredentialfrom the '@azure/identity' packageclientIdtoDefaultAzureCredential.Addresses issue: #71
Can be tested by:
a) using a local authorised logged in user
b) deploying a working Strapi instance to an app service and using the system assigned identity permissions
c) assigning a working app service a user assigned managed identity and passing the identity id to the
clientIdconfiguration parameter.RBAC role of Storage Blob Data Contributor over either the target account or the target container should be sufficient for upload.