Support managed identity for connecting to storage

[wi-y]

This PR uses managed identity to connect to storage rather than connection strings.

[namalu]

Do we need to use the preview API? #Resolved

[dustinburson]

Can you try 2020-04-08? That seems like the latest GA version.

---

In reply to: 564892943 [](ancestors = 564892943)

[wi-y]

I tried 2020-04-08 but it said that version didn't support role assignments, so will instead go with the latest non-preview version which is 2018-07-01

Status Message: No registered resource provider found for location 'northcentralus' and API version '2020-04-08' for
type 'roleAssignments'. The supported api-versions are '2014-04-01-preview, 2014-07-01-preview, 2014-10-01-preview,
2015-05-01-preview, 2015-06-01, 2015-07-01, 2016-07-01, 2017-05-01, 2017-09-01, 2017-10-01-preview,
2018-01-01-preview, 2018-07-01, 2018-09-01-preview, 2018-12-01-preview, 2019-04-01-preview, 2020-03-01-preview,
2020-04-01-preview'. #Resolved

[dustinburson]

Thanks for checking Will. We should probably follow up with the Azure Storage team. We don't want to take a dependency on an API in preview if we can avoid it. Would you be able to create a work item for tracking?

---

In reply to: 567489805 [](ancestors = 567489805)

[dustinburson]

Nevermind I misread, it looks like 2018-07-01 works, thanks for the update.

---

In reply to: 569032564 [](ancestors = 569032564,567489805)

[dustinburson]

🕐

[dustinburson]

Can this be internalized into the credential provider itself? I.E. creating a storage client for the provider should be a responsibility outside the StorageCheckpointClient and this class should just ask for the provider. This refactor is a large improvement though! #Closed

[wi-y]

Thanks for the feedback. Went with a factory approach and now pass a storage client in as an argument. #Closed

[namalu]

I wonder is there is a pattern here that would provide more flexibility in the future. What about creating an interface IStorageCheckpointClientProvider that has a GetClient(IConfiguration config). This would allow for different implementations of IStorageCheckpointClientProvider, the default could be for MI, but a consumer could provide an implementation that still uses a connection string.

This will provide flexibility by allowing consumers to create their own appsettings.json schema that works with their own implementation of IStorageCheckpointClientProvider

This pattern could be used for other clients.

[wi-y]

Yeah, that is a good idea. I ended up moving things around which should allow the customer to have more flexibility. I decided to create a BlobContainerClientFactory which can take an overload of IAzureCredentialProvider which can construct to blob client with some custom credentials implementation.

BlobContainerClientFactory will also by default support default azure credential and connection string, and the user can toggle between those by changing the config environment variables.

[dustinburson]