Allow using managed identity when using Azure Page Blobs

microsoft / garnet

Garnet is a remote cache-store from Microsoft Research that offers strong performance (throughput and latency), scalability, storage, recovery, cluster sharding, key migration, and replication features. Garnet can work with existing Redis clients.

https://microsoft.github.io/garnet/

MIT License

10.12k stars 499 forks source link

Allow using managed identity when using Azure Page Blobs #558

Open Meir017 opened 1 month ago

Meir017 commented 1 month ago

Feature request type

enhancement

Is your feature request related to a problem? Please describe

Using a ManagedIdentity instead of a connection-string is more secure when interacting with Azure resources.

see https://learn.microsoft.com/en-us/azure/storage/blobs/authorize-access-azure-active-directory#access-data-with-a-microsoft-entra-account

Describe the solution you'd like

Introduce a new options of "storage-managed-identity" that will be the managed-identity id.

Describe alternatives you've considered

No response

Additional context

No response

badrishc commented 1 month ago

Hi @Meir017, thanks for raising this issue. It is a good point -- we need to update AzureStorageDevice to use managed-identity. Thanks for raising it. Would this be of interest for you to contribute a PR towards?

Specifically, AzureStorageDevice takes a connection string here:

https://github.com/microsoft/garnet/blob/main/libs/storage/Tsavorite/cs/src/devices/AzureStorageDevice/AzureStorageDevice.cs#L85

It would need to be updated to use managed identity instead, and wire up that property into our configuration:

Meir017 commented 1 month ago

@badrishc I'm not sure I'll be able to get to this in a timely manner, I hope to contribute in the future once I'm more familiar with the codebase