ashruti-msft
commented
2 weeks ago Hello! Yes blobfuse provides the option for users to mount their account using Entra IDs. Refer the azstorage section in this yaml file : MSI/SPN yaml.
Closed Mmdixon closed 1 week ago
ashruti-msft
commented
2 weeks ago Hello! Yes blobfuse provides the option for users to mount their account using Entra IDs. Refer the azstorage section in this yaml file : MSI/SPN yaml.
souravgupta-msft
commented
2 weeks ago For authentication using user and groups with Entra ID, you can login using Azure CLI and then use the azcli auth mode in your config.
https://github.com/Azure/azure-storage-fuse/blob/main/testdata/config/azure_cli.yaml
Mmdixon
commented
1 week ago Thanks azcli is what I was looking for and works for me.
Which version of blobfuse was used?
blobfuse2-2.3.0
Which OS distribution and version are you using?
Ubuntu 22.04.4 LTS
If relevant, please share your mount command.
N/A
What was the issue encountered?
Is it possible to blobfuse2 mount with the user's Entra identity? The storage services doc https://learn.microsoft.com/en-us/rest/api/storageservices/authorize-with-azure-active-directory supports it (get a token scoped to "https://storage.azure.com/" with the user/MI/SP credential, and the appropriate data plane RBAC roles assigned). What would the yaml config look like?
Have you found a mitigation/solution?
I see blobfuse2's README.md mention Manage Identities and Service Principals, but not user & groups authorize with Microsoft Entra ID.
Please share logs if available.
N/A