Support Managed identity auth for Blob Storage checkpointing in Event Hub scaler #3569
Labels
feature-request
All issues for new features that have not been committed to
needs-discussion
stale-bot-ignore
All issues that should not be automatically closed by our stale bot
Comments
andyatwork
added
feature-request
|
I'd be happy to contribute this feature to the project. |
tomkerkhove
changed the title
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed in 7 days if no further activity occurs. Thank you for your contributions. |
JorTurFer
added
the
stale-bot-ignore
stale
bot
removed
the
stale
|
Completed in #3573. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Proposal
Accessing the blob storage for Event Hubs requires a connection string to be supplied by means of
triggers.metadata.storageConnectionFromEnv. azure_eventhub_checkpoint.go could be modified to pass the PodIdentity from EventHubInfo with the required account name and endpoint to enable pod identity based authentication.Suggest to pass PodIdentity to
ParseAzureStorageBlobConnectionand add fields totrigger.metadata:StorageEndpointSuffix is internally resolved from Azure's environment configuration for the specified cloud.
The fqdn blob storage uri is compiled from
https://{StorageAccountName}.blob.{StorageEndpointSuffix}/.Use-Case
Allowing pod identities to be used consistently across Event Hub and Storage Accounts enables connection string free configurations and eliminates the need to manually manage a connection credential.
Anything else?
When using the above configuration together with a
triggers.authenticationRef, the fieldstorageConnectionFromEnvis no longer required.To preserve back-compat, if
storageConnectionFromEnvis provided, it will force connection string based authN for the blob storage account.The text was updated successfully, but these errors were encountered: