Azure-webjobs-sdk: Feature Request: Support Managed Service Identity for Storage connections

Created on 1 Feb 2019  路  7Comments  路  Source: Azure/azure-webjobs-sdk

Please provide a succinct description of the issue.

Repro steps

Currently Azure Storage supports Managed Service Identity. But azure webjob sdk only spports connection string for storage account. It would be great that webjob sdk support MSI.

Known workarounds

I've found some workarounds by inject storage account on registering. First I need to generate the CloudStorageAccount by MSI in advance. Then, there are two services I need to inject:

var blobClient = storageAccount.CreateCloudBlobClient();
var container = blobClient.GetContainerReference("webjob-lock");

var builder = new HostBuilder()
   .ConfigureWebJobs(b =>
   {
     b.Services.AddSingleton(new DistributedLockManagerContainerProvider
     {
       InternalContainer = container
     });
     b.Services.AddSingleton<StorageAccountProvider>(new ManagedIdentityStorageAccountProvider(storageAccount));

     b.AddAzureStorageCoreServices();
     b.AddAzureStorage();
     b.AddTimers();
   })

public class ManagedIdentityStorageAccountProvider : StorageAccountProvider
{
  private readonly CloudStorageAccount storageAccount;

  public ManagedIdentityStorageAccountProvider(CloudStorageAccount storageAccount) : base(null)
  {
    this.storageAccount = storageAccount;
  }

  public override StorageAccount Get(string name)
  {
    return StorageAccount.New(this.storageAccount);
  }
}

I'm still looking for official MSI support.

picture PhoenixHe-msft
👍15

Most helpful comment

Hi, my team is still looking for official MSI support in the SDK. Has there been any update on this issue?

picture cn894 on 8 Dec 2020
👍3

All 7 comments

Any update on this one?

PhoenixHe-msft picture PhoenixHe-msft on 13 May 2019

The above code fails for me as the StorageCredentails does not have an AccountName when created with a Token Credential. This would work if we could approve Pull Request #2000

ross-p-smith picture ross-p-smith on 9 Oct 2019

A year had passed...

mmusin picture mmusin on 23 Oct 2019

I want to try out the proposed workaround of @NullMDR but I am to inexperienced to actually apply it properly. Unfortunately the information in the code snippet provided, I don't know where to actually implement it. Is this program.cs or function.cs? Sorry for the lack of knowledge..

mdddev picture mdddev on 19 Jan 2020

Nevermind the above, it appears I have not read thoroughly enough.
The way I see it, you're explicitly defining the kind of storage account (i.e. the way it is created) in the DI. I am still new to all this, so apologies.

mdddev picture mdddev on 20 Jan 2020

FYI, this is working for Service Bus and Event Hub. Jeff Hollan, principal pm on the azure functions team informed on the reason why this is on twitter

https://twitter.com/jeffhollan/status/1260600212617179137

mdddev picture mdddev on 14 May 2020

Hi, my team is still looking for official MSI support in the SDK. Has there been any update on this issue?

cn894 picture cn894 on 8 Dec 2020
👍3
Was this page helpful?
0 / 5 - 0 ratings

Related issues

TheeJamesLee picture TheeJamesLee  路  3Comments
xt0rted picture xt0rted  路  5Comments
fwd079 picture fwd079  路  5Comments
kamranayub picture kamranayub  路  4Comments
techniq picture techniq  路  3Comments