Enable MSI authentication for BlockBlobService

Azure / azure-storage-python

Microsoft Azure Storage Library for Python

https://azure-storage.readthedocs.io

MIT License

338 stars 240 forks source link

Enable MSI authentication for BlockBlobService #636

Closed unloadedroe closed 4 years ago

unloadedroe commented 4 years ago

Which service(blob, file, queue) does this issue concern?

Blob

Which version of the SDK was used? Please provide the output of `pip freeze`.

2.1.0

What problem was encountered?

The constructor for the BlockBlobService does not allow the usage of MSI authentication. It was also requested in here.

Have you found a mitigation/solution?

Note: for table service, please post the issue here instead: https://github.com/Azure/azure-cosmosdb-python.

zezha-msft commented 4 years ago

Hi @unloadedroe, thanks for reaching out!

What you are looking for is here.

An OAuth sample is here, you could modify it to use MSI instead.

jorgecarleitao commented 4 years ago

To be explicit about this, use

def get_token():
    # this url is hard-code and only available to services with identity.
    oauth_token = requests.get(
        'http://169.254.169.254/metadata/identity/oauth2/token?api-version=2018-02-01&resource=https%3A%2F%2Fmanagement.azure.com%2F',
        headers={'Metadata': True}
    ).json()

    return oauth_token['access_token']

service = BlockBlobService(account, token_credential=get_token())

this can be integrated to a "AutoUpdatedTokenCredential", like @zezha-msft suggested.