Create Azure Storage Blob with `--auth-mode login`

[hisuwh]

Hello!

• Vote on this issue by adding a 👍 reaction
• If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

We have disabled Key based authentication on our storage accounts as a security measure. Our services authenticate through a Service Principal.

I can upload a blob through the Azure cli by setting --auth-mode login:

$ az storage blob upload --file path/to/file.html --container-name mycontainer --name file.htm --account-name myaccount --auth-mode login
Finished[#############################################################]  100.0000%

The Pulumi Azure Native API for creating blobs does not seem to expose this as a parameter and it would seem it is trying to use Key based authentication as I'm getting a 403 on trying to create Blobs with pulumi.

Affected area/feature

https://www.pulumi.com/registry/packages/azure-native/api-docs/storage/blob/

[mjeffryes]

Thanks for reporting this @hisuwh.

[hisuwh]

@mjeffryes no problem. I assume you're not aware of any workarounds?

[MatteoCalabro-TomTom]

Hello @hisuwh, have you tried setting AZURE_STORAGE_AUTH_MODE=login environment variable? Pulumi might not expose a setting for it, but the Azure MSAL library should honor the setting.

[hisuwh]

@MatteoCalabro-TomTom thanks I might try that. Any idea how I can set this in a way that doesn't require thinking about again? Otherwise defeats the point of IAC

[hisuwh]

@MatteoCalabro-TomTom that didn't work

[i-scott]

Did you find a solution for this, have encountered something different in that it enables Entra, but now I have a CORS issue trying to get to the blob container