-
Notifications
You must be signed in to change notification settings - Fork 834
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
azblob - implement UserDelegationCredential #16916
Comments
Hey @alexg-axis, Thanks for reaching out! |
@mohsha-msft Is it still planned for release in March? |
Hey @alexg-axis , Yes I am planning to add it in the next release. Timeline for next release has been shifted due to some important changes we need to make. |
I also need this functionality. We are trying to obey the "principle of least privilege" here, but not being able to (easily) work with service principals makes this really difficult. Having to use a very privileged access key to create signed URLs seems totally backward. |
I implemented a version of user delegation sas for the azure velero plugin here: https://github.com/vmware-tanzu/velero-plugin-for-microsoft-azure/pull/111/files#diff-1d780eb4040da13fa413bf2491ee1595a92a19977f6aeb27e66cb8a668377042 It would be nice if the SDK would provide this functionality directly! |
Hi. Is there any update on this? |
@mohsha-msft Hi! Is there any timeline on when this will be fixed? |
Update: this feature is being actively worked on here -> #19141 |
Hi @alexg-axis ! We have released the User Delegation feature (https://github.com/Azure/azure-sdk-for-go/releases/tag/sdk%2Fstorage%2Fazblob%2Fv0.5.0) today. Please give it a try and let us know if you have any questions! Examples can be found here:
|
Feature Request
This feature request is for the "new"
azblob
package.Background
In order to create a SAS token, one uses the
azblob.BlobSASSignatureValues.NewSASQueryParameters
function:azure-sdk-for-go/sdk/storage/azblob/zc_sas_service.go
Lines 33 to 36 in 8c965f7
It specifies that it is compatible with
UserDelegationCredential
. This seems to be left from before the SDK was imported. There seems to be noUserDelegationCredential
anywhere in this repository, in fact.Request
It's quite the hassle to fetch a user delegation key and then manually create the final SAS token.
I request a feature to easily create a
UserDelegationCredential
for use withNewSASQueryParameters
so that a delegated SAS token can be created using the SDK.The text was updated successfully, but these errors were encountered: