Allow AzureBlobHealthCheck to work with "Storage Blob Data Contributor" #806
Conversation
|
Can this get merged? We really need it |
|
Any chance you can review and merge this pull request @sungam3r its been pending for quite a while, and is a minor change. |
|
I'm OK to review/merge this one when you rebase your changes onto actual master. The reason is to run CI tests that were added some time ago into master. |
38ae9a4 to
8999056
Compare
|
@sungam3r its been rebased, but you need to run/approve the workflow. |
|
@CarlosLanderas @unaizorrilla Now all CI will fail because they use 6.0.x version and current version is 6.0.200. Options:
Honestly, I would prefer the second, I have never seen a lot of benefit in it. |
8999056 to
a55a974
Compare
|
Hi @sungam3r What about add rollForward to global.json? {
"sdk": {
"version": "3.1.102",
"rollForward": "latestPatch"
}
} |
|
Hi @unaizorrilla , i think is a good and quick option. |
|
@dependabot rebase |
What this PR does / why we need it:
This pull request allows for the AzureBlobHealthCheck to use Azure AD roles for authentication.
Specially it allows an user with the role
Storage Blob Data Contributorto run the health check.Which issue(s) this PR fixes:
This will fix the issue #783
Special notes for your reviewer:
Storage Blob Data Contributoris an Azure AD RBAC role that can read and write data to storage containers. Its typically used together with Managed Identities. TheStorage Blob Data Contributoronly have a very limited set of permissions (See image)The GetServiceProperties requires account ownership, that you generally don't wanna delegate to your account.
As a note, an Storage Account Key equals full account ownership.
Does this PR introduce a user-facing change?:
There should be no noticeable changes.
Please make sure you've completed the relevant tasks for this PR, out of the following list: