Authentication with azidentityĪmong many other supported authentication patterns, we can use the NewAzureCLICredential function of azidentity to get a credential set re-using existing authentication material from Azure CLI. In the following paragraphs, we will implement two authentication patterns and hide the authentication strategy behind a simple boolean useAzureCliAuth to easily swap the procedure. Implement AuthenticationĪs mentioned at the article’s beginning, we can consult azidentity or the service module ( azblob) to authenticate. If you want to interact with other Azure services using Go, consult the list of all modules available as part of the Azure SDK for Go. # install Go-module for common Azure authentication patterns go get /Azure/azure-sdk-for-go/sdk/azidentity # install Go-module to interact with Azure Storage Account go get /Azure/azure-sdk-for-go/sdk/storage/azblob To interact with Azure Storage Account and implement different authentication patterns within a Go application, we have to install the necessary Go module ( azblob) with go get: With the storage account and the uploads container (folder) in place, we can use the Azure Storage Account from within Go. # print storage account name echo $storageAccountName echo $storageAccountKey assignee $currentUserId # grab primary Storage Account Key storageAccountKey = $(az storage account keys list -n $storageAccountName -g $rgName -query ".value" -otsv ) az storage container create -n uploads -g $rgName \ otsv ) # Make the current user a "Storage Blob Data Contributor" currentUserId = $(az ad signed-in-user show -query "id" -otsv ) az role assignment create -scope $saId \ # create a Resource Group az group create -n $rgName -l $location # create a Storage Account saId = $(az storage account create -n $storageAccountName \ # Select desired Azure Subscription az account set -subscription storageAccountName and storageAccountKey, we will use those variables later to pass the necessary information to our Go application: In the following snippet, two important variables are defined. If you’re unfamiliar with Azure CLI, you can use Azure Portal or other management interfaces to create the Azure Storage Account. Additionally, the script will create a new role assignment that assigns the Storage Blob Data Contributor role to the user currently signed in with Azure CLI. For demonstration purposes, let’s quickly spin up a new Azure Storage Account and a container (folder) inside of that Storage Account using Azure CLI. We must have access to an Azure Storage Account. Provision an Azure Storage Account for testing purposes You can find azb on GitHub at ThorstenHans/azb. Delete a blob from the uploads container.List all blobs in the uploads container.Download previously uploaded blobs from that particular Azure Storage Account.Upload files to a configurable Azure Storage Account.Samples shown here are taken from azb, a simple CLI I built to easily backup files to an Azure Storage Account. In real-world scenarios, you should always use techniques like MSIs or Role-Based-Access Control (RBAC) for authentication. Those authentication capabilities are typically part of the service module ( azblob here). In contrast, Azure services like Azure Storage Accounts support built-in authentication mechanisms like connection strings or access keys. General authentication patterns like re-using Azure CLI credentials (or leveraging Managed Service Identities MSIs) can be implemented using Go’s azidentity module. Authentication using Azure Storage account access keys.Authentication by re-using Azure CLI credentials.For demonstration purposes and to keep things simple, we’ll address two different authentication approaches as part of this article: The Azure SDK for Go supports different authentication patterns and flows. When interacting with Azure services, we must authenticate. In this post, we will take a closer look at the Go-modules for interacting with blob storage capabilities offered by Azure Storage Account. The Azure SDK team reworked the SDK for Go and released a bunch of Go modules to interact with popular cloud services - not just from a management perspective.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |