azureblob: add --azureblob-use-az to force the use of the Azure CLI for auth
Setting this can be useful if you wish to use the az CLI on a host with a System Managed Identity that you do not want to use. Fixes #8078
This commit is contained in:
parent
976103d50b
commit
0b7b3cacdc
2 changed files with 31 additions and 0 deletions
|
@ -259,6 +259,20 @@ msi_client_id, or msi_mi_res_id parameters.`,
|
||||||
Help: "Uses local storage emulator if provided as 'true'.\n\nLeave blank if using real azure storage endpoint.",
|
Help: "Uses local storage emulator if provided as 'true'.\n\nLeave blank if using real azure storage endpoint.",
|
||||||
Default: false,
|
Default: false,
|
||||||
Advanced: true,
|
Advanced: true,
|
||||||
|
}, {
|
||||||
|
Name: "use_az",
|
||||||
|
Help: `Use Azure CLI tool az for authentication
|
||||||
|
|
||||||
|
Set to use the [Azure CLI tool az](https://learn.microsoft.com/en-us/cli/azure/)
|
||||||
|
as the sole means of authentication.
|
||||||
|
|
||||||
|
Setting this can be useful if you wish to use the az CLI on a host with
|
||||||
|
a System Managed Identity that you do not want to use.
|
||||||
|
|
||||||
|
Don't set env_auth at the same time.
|
||||||
|
`,
|
||||||
|
Default: false,
|
||||||
|
Advanced: true,
|
||||||
}, {
|
}, {
|
||||||
Name: "endpoint",
|
Name: "endpoint",
|
||||||
Help: "Endpoint for the service.\n\nLeave blank normally.",
|
Help: "Endpoint for the service.\n\nLeave blank normally.",
|
||||||
|
@ -459,6 +473,7 @@ type Options struct {
|
||||||
MSIObjectID string `config:"msi_object_id"`
|
MSIObjectID string `config:"msi_object_id"`
|
||||||
MSIClientID string `config:"msi_client_id"`
|
MSIClientID string `config:"msi_client_id"`
|
||||||
MSIResourceID string `config:"msi_mi_res_id"`
|
MSIResourceID string `config:"msi_mi_res_id"`
|
||||||
|
UseAZ bool `config:"use_az"`
|
||||||
Endpoint string `config:"endpoint"`
|
Endpoint string `config:"endpoint"`
|
||||||
ChunkSize fs.SizeSuffix `config:"chunk_size"`
|
ChunkSize fs.SizeSuffix `config:"chunk_size"`
|
||||||
UploadConcurrency int `config:"upload_concurrency"`
|
UploadConcurrency int `config:"upload_concurrency"`
|
||||||
|
@ -893,6 +908,12 @@ func NewFs(ctx context.Context, name, root string, m configmap.Mapper) (fs.Fs, e
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return nil, fmt.Errorf("failed to acquire MSI token: %w", err)
|
return nil, fmt.Errorf("failed to acquire MSI token: %w", err)
|
||||||
}
|
}
|
||||||
|
case opt.UseAZ:
|
||||||
|
var options = azidentity.AzureCLICredentialOptions{}
|
||||||
|
cred, err = azidentity.NewAzureCLICredential(&options)
|
||||||
|
if err != nil {
|
||||||
|
return nil, fmt.Errorf("failed to create Azure CLI credentials: %w", err)
|
||||||
|
}
|
||||||
case opt.Account != "":
|
case opt.Account != "":
|
||||||
// Anonymous access
|
// Anonymous access
|
||||||
anonymous = true
|
anonymous = true
|
||||||
|
|
|
@ -297,6 +297,16 @@ be explicitly specified using exactly one of the `msi_object_id`,
|
||||||
If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
|
If none of `msi_object_id`, `msi_client_id`, or `msi_mi_res_id` is
|
||||||
set, this is is equivalent to using `env_auth`.
|
set, this is is equivalent to using `env_auth`.
|
||||||
|
|
||||||
|
#### Azure CLI tool `az` {#use_az}
|
||||||
|
|
||||||
|
Set to use the [Azure CLI tool `az`](https://learn.microsoft.com/en-us/cli/azure/)
|
||||||
|
as the sole means of authentication.
|
||||||
|
|
||||||
|
Setting this can be useful if you wish to use the `az` CLI on a host with
|
||||||
|
a System Managed Identity that you do not want to use.
|
||||||
|
|
||||||
|
Don't set `env_auth` at the same time.
|
||||||
|
|
||||||
#### Anonymous {#anonymous}
|
#### Anonymous {#anonymous}
|
||||||
|
|
||||||
If you want to access resources with public anonymous access then set
|
If you want to access resources with public anonymous access then set
|
||||||
|
|
Loading…
Reference in a new issue