mohsha-msft
commented
2 years ago Hey @alexg-axis,
Thanks for reaching out! We're planning to add that feature in march release most likely!
Closed alexg-axis closed 2 years ago
mohsha-msft
commented
2 years ago Hey @alexg-axis,
Thanks for reaching out! We're planning to add that feature in march release most likely!
alexg-axis
commented
2 years ago @mohsha-msft Is it still planned for release in March?
mohsha-msft
commented
2 years ago Hey @alexg-axis , Yes I am planning to add it in the next release. Timeline for next release has been shifted due to some important changes we need to make.
mt35-rs
commented
2 years ago I also need this functionality. We are trying to obey the "principle of least privilege" here, but not being able to (easily) work with service principals makes this really difficult. Having to use a very privileged access key to create signed URLs seems totally backward.
yvespp
commented
2 years ago I implemented a version of user delegation sas for the azure velero plugin here: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/pull/111/files#diff-1d780eb4040da13fa413bf2491ee1595a92a19977f6aeb27e66cb8a668377042 Pull request: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/pull/111
It would be nice if the SDK would provide this functionality directly!
abdullah-lt
commented
2 years ago Hi. Is there any update on this?
Is there a way where I can generate SAS token without SharedKeyCredential as this requires the use of storage account key. I want to use manage identity with NewDefaultAzureCredential and this can be achieved only via UserDelegationCredential
alexg-axis
commented
2 years ago @mohsha-msft Hi! Is there any timeline on when this will be fixed?
zezha-msft
commented
2 years ago Update: this feature is being actively worked on here -> https://github.com/Azure/azure-sdk-for-go/pull/19141
siminsavani-msft
commented
2 years ago Hi @alexg-axis ! We have released the User Delegation feature (https://github.com/Azure/azure-sdk-for-go/releases/tag/sdk%2Fstorage%2Fazblob%2Fv0.5.0) today. Please give it a try and let us know if you have any questions!
Examples can be found here: https://github.com/Azure/azure-sdk-for-go/blob/7a3989f70fa6c2d4376d0c72c01b5afc32b527f7/sdk/storage/azblob/service/examples_test.go#L286
Feature Request
This feature request is for the "new"
azblobpackage.Background
In order to create a SAS token, one uses the
azblob.BlobSASSignatureValues.NewSASQueryParametersfunction:https://github.com/Azure/azure-sdk-for-go/blob/8c965f7cbb93f9fdf1fec8df5416f193e0bd465e/sdk/storage/azblob/zc_sas_service.go#L33-L36
It specifies that it is compatible with
UserDelegationCredential. This seems to be left from before the SDK was imported. There seems to be noUserDelegationCredentialanywhere in this repository, in fact.Request
It's quite the hassle to fetch a user delegation key and then manually create the final SAS token.
I request a feature to easily create a
UserDelegationCredentialfor use withNewSASQueryParametersso that a delegated SAS token can be created using the SDK.