Skip to content

Commit

Permalink
Authenticate using DefaultAzureCredential enabling support for Azure …
Browse files Browse the repository at this point in the history
…Workload Identity resolves thanos-io#54

Signed-off-by: Rikhil Shah <rikhil.shah@metaswitch.com>
  • Loading branch information
rikhil-s committed Oct 19, 2023
1 parent 63a603e commit 434c07b
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions providers/azure/helpers.go
Original file line number Diff line number Diff line change
Expand Up @@ -6,12 +6,14 @@ package azure
import (
"fmt"
"net/http"
"os"
"time"

"github.com/Azure/azure-sdk-for-go/sdk/azcore"
"github.com/Azure/azure-sdk-for-go/sdk/azcore/policy"
"github.com/Azure/azure-sdk-for-go/sdk/azidentity"
"github.com/Azure/azure-sdk-for-go/sdk/storage/azblob/container"
"github.com/pkg/errors"

"github.com/thanos-io/objstore/exthttp"
)
Expand Down Expand Up @@ -64,11 +66,12 @@ func getContainerClient(conf Config) (*container.Client, error) {
}

// Use MSI for authentication.
msiOpt := &azidentity.ManagedIdentityCredentialOptions{}
if conf.UserAssignedID != "" {
msiOpt.ID = azidentity.ClientID(conf.UserAssignedID)
if err := os.Setenv("AZURE_CLIENT_ID", conf.UserAssignedID); err != nil {
return nil, errors.Wrapf(err, "unable to set environment variable for AZURE_CLIENT_ID")
}
}
cred, err := azidentity.NewManagedIdentityCredential(msiOpt)
cred, err := azidentity.NewDefaultAzureCredential(nil)
if err != nil {
return nil, err
}
Expand Down

0 comments on commit 434c07b

Please sign in to comment.