feat(batch-exports): Add Azure Blob Storage as batch export destination

[buildwithmalik]

Problem

Customers using Azure infrastructure currently can't export PostHog data directly to Azure Blob Storage. This adds Azure Blob as a new batch export destination.

Addresses #41383

This is PR 1 of 2 (backend only). Frontend changes will be in a follow-up PR. Gated behind a feature flag until frontend is ready.

Changes

Adds AzureBlob as a new batch export destination type with a Temporal workflow (azure-blob-export) that uses the existing internal S3 staging pipeline, so no new ClickHouse query logic needed.

Credentials are stored via a new AzureBlobIntegration class (connection string auth). Added Azurite emulator to docker-compose for local dev.

Test suite covers end-to-end tests for format/compression combinations, error handling, and file splitting.

How did you test this code?

# Run Azure Blob tests (requires Azurite)
docker-compose up -d objectstorage-azure
pytest products/batch_exports/backend/tests/temporal/destinations/azure_blob/ -v

# Verify API blocks creation until frontend is ready
pytest posthog/api/test/batch_exports/test_create.py::test_cannot_create_azure_blob_batch_export_yet -v

Manual testing: Ran full workflow with Temporal workers, created exports via Django shell, verified blobs appear in Azurite with correct format/compression.

Test Coverage

Test File	Coverage
test_activity_data_export.py	Activity-level exports for all model types (events/persons/sessions), format/compression combinations, empty data handling, file splitting.
test_workflow_execution.py	End-to-end workflow execution for all models, formats, compressions, graceful handling of no data.
test_workflow_error_states.py	Transient errors, container not found, invalid credentials, cancellation.
test_workflow_with_azure_account.py	Real Azure account tests (skipped in CI, for manual validation).
test_utils.py	Unit tests for blob key generation, file extensions, compression extensions, template variable substitution, unsupported format errors

Parametrized combinations tested:

• Models: events, persons, sessions
• Formats: JSONLines, Parquet
• Compression: None, gzip, brotli, zstd (where supported)
• Intervals: hour, day

Changelog: Is this feature complete?

No - backend only. Frontend changes coming in a fast-follow PR.

[greptile-apps]

Greptile's behavior is changing!

From now on, if a review finishes with no comments, we will not post an additional "statistics" comment to confirm that our review found nothing to comment on. However, you can confirm that we reviewed your changes in the status check section.

_{This feature can be toggled off in your Code Review Settings by deselecting "Create a status check for each PR".}

[cubic-dev-ai]

4 issues found across 24 files

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="docker-compose.base.yml">

<violation number="1" location="docker-compose.base.yml:193">
P2: Named volume `azurite-data` is used but not defined in the top-level `volumes:` section. Add `azurite-data:` to the volumes section at the bottom of the file.</violation>
</file>

<file name="products/batch_exports/backend/tests/temporal/destinations/azure_blob/test_workflow_with_azure_account.py">

<violation number="1" location="products/batch_exports/backend/tests/temporal/destinations/azure_blob/test_workflow_with_azure_account.py:69">
P2: The `client.close()` call won&#39;t execute if `delete_blob` raises an exception during cleanup, causing a resource leak. Wrap cleanup in try/finally to ensure the client is always closed.</violation>
</file>

<file name="products/batch_exports/backend/tests/temporal/destinations/azure_blob/utils.py">

<violation number="1" location="products/batch_exports/backend/tests/temporal/destinations/azure_blob/utils.py:163">
P2: Weak test assertion: if `expected_session_ids` is empty (no events have properties with `$session_id`), this assertion will always pass since an empty set is a subset of any set. Consider adding a check that `expected_session_ids` is non-empty, or using a stricter equality check if that&#39;s the intended behavior.</violation>
</file>

<file name="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py">

<violation number="1" location="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py:145">
P2: Accessing `COMPRESSION_EXTENSIONS[compression]` without validation will raise a cryptic `KeyError` if an unsupported compression type is passed. Consider adding error handling similar to the file format check above.</violation>
</file>

---

Since this is your first cubic review, here's how it works:

• cubic automatically reviews your code and comments on bugs and improvements
• Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
• Ask questions if you need clarification on any suggestion

_{Reply to cubic to teach it or ask questions. Re-run a review with @cubic-dev-ai review this PR}

[buildwithmalik]

Matches batch size used by S3 and BigQuery (60MB).

[buildwithmalik]

No default file size limit since Azure blob limits (190 TiB) far exceed realistic export sizes. Matches S3 behavior.

[buildwithmalik]

The Azure SDK's upload_blob() handles what we manually implemented for S3:

• Automatically chunks large blobs into blocks (configurable via max_block_size, default is 4MB)
• Uploads blocks in parallel (configurable via max_concurrency)
• Retries with exponential backoff by default (ExponentialRetry policy)
• Commits the block list atomically after all uploads complete

Refs:
Upload Blob API
Upload with configuration options
Retry policy configuration

[tomasfarias]

For the future: Does this mean that we cannot call upload_blob concurrently and upload parts out of order? This is possible with S3, and it is something we have been testing.

[buildwithmalik]

Yes Azure supports the same pattern. stage_block() + commit_block_list() is Azure's equivalent of S3's multipart upload (upload_part() + complete_multipart_upload()). You can stage blocks concurrently and out of order, then commit them at the end.

Currently upload_blob() handles this internally, but we can switch to the primitives if we need manual control.

Refs:

• Stage block + commit pattern
• Block blob concepts

[tomasfarias]

Thanks, not needed at the moment. I was curious as it may be an optimization we explore in the future.

[buildwithmalik]

Defaulting to 5 concurrent uploads, matching S3.

[buildwithmalik]

Note: I'm assuming PostHog has internal Azure creds here. Please let me know if this isn't the case :) happy to update.

[buildwithmalik]

This fixture mocks the Kafka producer for internal telemetry (try_produce_app_metrics), not Kafka as a destination. Without this, I saw tests fail trying to connect to kafka:9092 (Docker hostname) from my host machine, even when the actual export succeeds. Kafka destination tests are unaffected since they manage their own connections.

[tomasfarias]

This has not been an issue for me (nor has anybody in the team mentioned it). I think the issue may be local to your machine. Is kafka somewhere in your /etc/hosts?

[tomasfarias]

Ok, this one is not on you, for some reason we have tagged that step as deprecated (see: https://posthog.com/handbook/engineering/manual-dev-setup).

I'm having a chat with the team about this, but if I had to guess I would say kafka not being in your /etc/hosts is likely the error and we don't need this fixture.

[tomasfarias]

Checked: flox activate should do this for you now.

[buildwithmalik]

While I've kept Azure SDK defaults (or followed patterns from other destinations), I wanted to get the team's input on how we approach export performance tuning for this new destination.

Parameters that affect performance:

• max_single_put_size (64 MiB): Files smaller than this upload in one request. Tradeoff: Lower values → more block uploads and latency; higher values → more memory per request. Currently hardcoded.

• max_block_size (4 MiB): Size of each block in multi-part uploads. Tradeoff: Smaller blocks → more API calls and overhead; larger blocks → more wasted progress on retries. Currently hardcoded.

• max_concurrent_uploads (5): Number of parallel upload connections. Tradeoff: Fewer connections → underutilized bandwidth; more connections → memory/resource pressure. Currently configurable via env var.

• max_record_batch_size_bytes (60 MB): Batch size in the Producer. Tradeoff: Smaller batches → more slice() calls and CPU overhead; larger batches → more memory. @rossgray's work in perf(batch-exports): Read larger chunks of data from S3 at a time #34277 showed ~60% improvement for S3 by tuning this from 10MB to 60MB. Since Azure uses the same staging pipeline, we'd benefit from similar tuning.

Questions for the team:

• Should we ship with these defaults and tune based on production metrics? Or profile first with a parameter sweep to find optimal values before launch?
• For the hardcoded SDK params (max_single_put_size, max_block_size), should I add setting overrides to enable runtime tuning? Other destinations seem to vary on this.
• A more long term question: Any thoughts on automated performance testing to catch regressions as the codebase evolves?

Just wanted to touch on this before we merge since it could affect throughput at scale.

[buildwithmalik]

Another question, do we want to have this under a feature flag for gradual rollout? Or do we think internal testing (with a real Azure account) should be sufficient? I'm leaning toward internal testing being sufficient since the implementation follows the same patterns as S3 and the blast radius is limited to users who explicitly configure this destination. We can monitor early usage closely after rollout to catch any issues.

[tomasfarias]

Not sure why team devex was tagged as reviewer here, we can take it.

[tomasfarias]

Will review in the next coming days.

[tomasfarias]

I lied, reviewing this now.

Overall, a pretty good work, There are a few things I'd like to discuss before giving this the green light though, see my comments below.

[tomasfarias]

This PR is pretty large, so it will take a while to review, and with the rate at which we merge stuff to master there is a pretty good chance this migration will raise conflicts constantly.

Do you mind me pushing commits to bump the migration so that we can get it deployed when there is an opening? @buildwithmalik

[buildwithmalik]

Sure! go ahead.

[tomasfarias]

This has not been an issue for me (nor has anybody in the team mentioned it). I think the issue may be local to your machine. Is kafka somewhere in your /etc/hosts?

[tomasfarias]

Ok, this one is not on you, for some reason we have tagged that step as deprecated (see: https://posthog.com/handbook/engineering/manual-dev-setup).

I'm having a chat with the team about this, but if I had to guess I would say kafka not being in your /etc/hosts is likely the error and we don't need this fixture.

[tomasfarias]

@buildwithmalik

Should we ship with these defaults and tune based on production metrics? Or profile first with a parameter sweep to find optimal values before launch?

I am of the opinion that any performance work not based on production data is pointless. Let's ship and adjust over time. We regularly look at performance interally.

showed ~60% improvement for S3 by tuning this from 10MB to 60MB

It was local testing so take this with a big grain of salt.

For the hardcoded SDK params (max_single_put_size, max_block_size), should I add setting overrides to enable runtime tuning? Other destinations seem to vary on this.

Fine to leave it as it is. We can add more configuration settings over time.

A more long term question: Any thoughts on automated performance testing to catch regressions as the codebase evolves?

Some discussions internally about this are ongoing, but nothing concrete yet. So, nothing to be concerned about in this PR.

[tomasfarias]

Another question, do we want to have this under a feature flag for gradual rollout? Or do we think internal testing (with a real Azure account) should be sufficient? I'm leaning toward internal testing being sufficient since the implementation follows the same patterns as S3 and the blast radius is limited to users who explicitly configure this destination. We can monitor early usage closely after rollout to catch any issues

I think it's better to include a feature flag. I do agree with you that internal testing is sufficient, and that is generally what we do, but a feature flag gives us a cleaner and straight-forward way to enable the destination once testing is done. This is specially relevant given we'll have multiple PRs for this, so a feature flag helps coordinate everything.

In the most likely scenario, the feature flag will be disabled until we the day flip it on for everyone, and then promptly delete it. This process doesn't take long though. I just purely like the coordination aspect of having a feature flag.

[buildwithmalik]

@tomasfarias

Changes in latest commits:

• Added a feature flag (azure-blob-batch-exports)
• Extracted get_key_prefix and get_manifest_key to the common utils.py file
• Consolidated get_s3_key and get_blob_key into shared get_object_key function
• Moved Azurite to dedicated docker-compose.batch-exports.yml
• Switched tests to assert_clickhouse_records_in_azure_blob pattern that generates expected data using the same Producer the export uses, so both go through identical transformations (matching S3/BigQuery/Postgres).
• Some more minor refactoring

[cubic-dev-ai]

3 issues found across 7 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py">

<violation number="1" location="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py:190">
P3: `include_file_number` should be based on whether splitting is enabled (truthy `max_file_size_mb`), not just `is not None`; otherwise `max_file_size_mb=0` produces `-0` filenames without actually splitting.</violation>

<violation number="2" location="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py:233">
P1: Compression validation should also enforce `SUPPORTED_COMPRESSIONS` for the chosen file format (and ideally normalize file format casing), otherwise some format/compression combinations can pass validation but fail later with a retryable exception.</violation>
</file>

<file name="products/batch_exports/backend/temporal/destinations/s3_batch_export.py">

<violation number="1" location="products/batch_exports/backend/temporal/destinations/s3_batch_export.py:307">
P1: Compression validation is too permissive: it checks only that the compression string exists in `COMPRESSION_EXTENSIONS`, not that it’s supported for the selected `file_format` (e.g., JSONLines+zstd will fail later with a retryable `ValueError`). Validate against `SUPPORTED_COMPRESSIONS[file_format]` (or equivalent) and raise `UnsupportedCompressionError` early.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[rossgray]

would probably make sense to move this to products/batch_exports/backend/tests/temporal/destinations/test_utils.py since the function being tested is now in utils.py

[rossgray]

think this needs updating now Azurite has been moving into its own docker compose file, maybe:

Suggested change

	docker compose -f docker-compose.dev.yml up -d
	docker compose -f docker-compose.dev.yml -f docker-compose.batch-exports.yml up -d

[buildwithmalik]

@rossgray
Addressed your comments in latest commit:

• Moved get_object_key tests to products/batch_exports/backend/tests/temporal/destinations/test_utils.py
• Updated README to include docker-compose.batch-exports.yml in the docker compose command

Also waiting on feedback for the CI changes discussion: #43977 (comment)

[tomasfarias]

I don't have anything more to add. I'll test this locally, update the migration, and get it merged. Great work here

[rossgray]

Happy with the changes here too. Really good work, especially for a first PR 🎉

[buildwithmalik]

Great news, thanks a lot team! @tomasfarias @rossgray

Thanks for the thorough reviews and quick feedback, I've learned a lot through this PR. I'm also super happy to add value for PostHog customers. I found PostHog when I was looking for a cheap way to measure analytics for my side project and can't believe that I might merge code here.

In other news, the latest commit (502c498) includes the docker-compose.batch-exports.yml file in CI so tests needing Azurite run smoothly.

[tomasfarias]

Rebased to bump migration numbers + add a few small changes:

• Moved docker-compose.batch-exports.yml to products/batch-exports/backend/tests/docker-compose.yml. I thought about it a bit more and I didn't like polluting the top level directory.
• Pinned the Azurite image version to the latest currently available for consistency.

Tested this locally. Both local tests (w/ Azurite) and tests with a real azure account are working. I've approved CI to run and will merge as soon as it's green.

[tomasfarias]

oof, lots of typing stuff is red, I'll take care of that...

[cubic-dev-ai]

1 issue found across 7 files (changes from recent commits).

Prompt for AI agents (all issues)

Check if these issues are valid — if so, understand the root cause of each and fix them.


<file name="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py">

<violation number="1" location="products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py:354">
P2: The `integration_id` validation occurs after `start_batch_export_run` has already executed. If `integration_id` is `None`, a batch export run record will be created but the workflow will immediately fail, potentially leaving an orphaned run record. Consider moving this validation before `start_batch_export_run` is called.</violation>
</file>

_{Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.}

[cubic-dev-ai]

P2: The integration_id validation occurs after start_batch_export_run has already executed. If integration_id is None, a batch export run record will be created but the workflow will immediately fail, potentially leaving an orphaned run record. Consider moving this validation before start_batch_export_run is called.

Prompt for AI agents

Check if this issue is valid — if so, understand the root cause and fix it. At products/batch_exports/backend/temporal/destinations/azure_blob_batch_export.py, line 354:

<comment>The `integration_id` validation occurs after `start_batch_export_run` has already executed. If `integration_id` is `None`, a batch export run record will be created but the workflow will immediately fail, potentially leaving an orphaned run record. Consider moving this validation before `start_batch_export_run` is called.</comment>

<file context>
@@ -348,6 +351,9 @@ async def run(self, inputs: AzureBlobBatchExportInputs):
         except OverBillingLimitError:
             return
 
+        if inputs.integration_id is None:
+            raise AzureBlobIntegrationNotFoundError(inputs.integration_id, inputs.team_id)
+
</file context>

[tomasfarias]

no, I don't think I will

[tomasfarias]

Should have fixed all Python typing in latest commit. Frontend CI will fail as Azure is missing an Icon. I'll add that too.

[tomasfarias]

I need to open my own version of this PR to get one of our bots to do its magic. Will cherry pick commits here.

[buildwithmalik]

@tomasfarias Let me know if I can help with the failing tests or if you need me to push any fixes 🙂

[tomasfarias]

@buildwithmalik All good, just need our bots to do their thing. I will get this merged today.

[tomasfarias]

@buildwithmalik aaand shipped! Thanks for your contribution!

Let me know if you wish to take on the last frontend bits to enable this, otherwise we can also pick it up from here. You have already done most of the work.

The plan is to turn the feature flag on for everyone very quickly after the frontend work is finished.

[buildwithmalik]

@tomasfarias

@buildwithmalik aaand shipped! Thanks for your contribution!

Yayy! 🎉

Let me know if you wish to take on the last frontend bits to enable this

Yup! I have some of the front-end changes ready, I should have a PR out soon! 🙂