grafana · joe-elliott · Jun 2, 2022 · May 31, 2022 · Jun 1, 2022 · Jun 2, 2022
@@ -5,6 +5,7 @@
 * [FEATURE] metrics-generator: support per-tenant processor configuration [#1434](https:/grafana/tempo/pull/1434) (@kvrhdn)
 * [ENHANCEMENT] Added the ability to have a per tenant max search duration. [#1421](https:/grafana/tempo/pull/1421) (@joe-elliott)
 * [BUGFIX] Fix nil pointer panic when the trace by id path errors. [#1441](https:/grafana/tempo/pull/1441) (@joe-elliott)
+* [ENHANCEMENT] Azure Backend: Add support for authentication with Managed Identities.
 
 ## v1.4.1 / 2022-05-05
 

@@ -137,7 +137,9 @@ github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3
 github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.3/go.mod h1:4bJZhUhcq8LB20TruwHbAQsmUs2Xh+QR7utuJpLXX3A=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.8 h1:TzPg6B6fTZ0G1zBf3T54aI7p3cAT6u//TOXGPmFMOXg=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
@@ -147,6 +149,7 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
 github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
 github.com/Azure/go-autorest/autorest/to v0.3.1-0.20191028180845-3492b2aff503/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
@@ -593,6 +596,7 @@ github.com/digitalocean/godo v1.71.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm
 github.com/digitalocean/godo v1.72.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs=
 github.com/digitalocean/godo v1.75.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=

@@ -131,7 +131,9 @@ github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3
 github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.3/go.mod h1:4bJZhUhcq8LB20TruwHbAQsmUs2Xh+QR7utuJpLXX3A=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.8 h1:TzPg6B6fTZ0G1zBf3T54aI7p3cAT6u//TOXGPmFMOXg=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
@@ -141,6 +143,7 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
 github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
 github.com/Azure/go-autorest/autorest/to v0.3.1-0.20191028180845-3492b2aff503/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
@@ -585,6 +588,7 @@ github.com/digitalocean/godo v1.71.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm
 github.com/digitalocean/godo v1.72.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs=
 github.com/digitalocean/godo v1.75.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=

@@ -572,6 +572,14 @@ storage:
  # access key when using access key credentials.
  [storage-account-key: <string>]
 
+ # optional.
+ # use Azure Managed Identity to access Azure storage.
+ [use-managed-identity: <bool>]
+
+ # optional.
+ # The Client ID for the user-assigned Azure Managed Identity used to access Azure storage.
+ [user-assigned-id: <bool>]
+
  # Optional. Default is 0 (disabled)
  # Example: "hedge-requests-at: 500ms"
  # If set to a non-zero value a second request will be issued at the provided duration. Recommended to

@@ -5,15 +5,16 @@ weight: 3
 
 # Azure Blob Storage Permissions and Management
 
-In order for Tempo to authenticate to Azure blob storage, the following is
-required to access the container.
+In order for Tempo to authenticate to and access Azure blob storage, the following configuration is required:
 
-* Storage account
-* Storage account access key
-* Storage account management policy
+- Storage Account name specified in the configuration file as `storage-account-name` or in the environment variable `AZURE_STORAGE_ACCOUNT`
+- Credentials for accessing the Storage Account; can be one of the following
+ - Storage Account access key specified in the configuration file as `storage-account-key` or in the environment variable `AZURE_STORAGE_KEY`
+ - An Azure Managed Identity; either system or user assigned. To use Azure Managed Identities, you'll need to set `use-managed-identity` to `true` in the configuration file or set `user-assigned-id` to the client ID for the managed identity you'd like to use. 
+ - For a system-assigned managed identity, no additional configuration is required.
+ - For a user-assigned managed identity, you'll need to set `user-assigned-id` to the client ID for the managed identity in the configuration file.
 
-The `AZURE_STORAGE_ACCOUNT` and `AZURE_STORAGE_KEY` environment variables can
-be used instead of setting the credentials in the Tempo configuration file.
+## (Optional) Storage Account Management Policy for Cleaning Up the Storage Container
 
 The following storage account management policy shows an example of cleaning up
 files from the container after they have been deleted for a period of time.

@@ -7,6 +7,8 @@ require (
  contrib.go.opencensus.io/exporter/prometheus v0.4.0
  github.com/Azure/azure-pipeline-go v0.2.3
  github.com/Azure/azure-storage-blob-go v0.14.0
+ github.com/Azure/go-autorest/autorest/adal v0.9.18
+ github.com/Azure/go-autorest/autorest/azure/auth v0.5.8
  github.com/alecthomas/kong v0.2.11
  github.com/alicebob/miniredis/v2 v2.14.3
  github.com/aws/aws-sdk-go v1.43.8
@@ -94,6 +96,12 @@ require (
  cloud.google.com/go v0.100.2 // indirect
  cloud.google.com/go/compute v1.5.0 // indirect
  cloud.google.com/go/iam v0.3.0 // indirect
+ github.com/Azure/go-autorest v14.2.0+incompatible // indirect
+ github.com/Azure/go-autorest/autorest v0.11.24 // indirect
+ github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 // indirect
+ github.com/Azure/go-autorest/autorest/date v0.3.0 // indirect
+ github.com/Azure/go-autorest/logger v0.2.1 // indirect
+ github.com/Azure/go-autorest/tracing v0.6.0 // indirect
  github.com/Shopify/sarama v1.32.0 // indirect
  github.com/VividCortex/gohistogram v1.0.0 // indirect
  github.com/alecthomas/units v0.0.0-20211218093645-b94a6e3cc137 // indirect
@@ -111,6 +119,7 @@ require (
  github.com/davecgh/go-spew v1.1.1 // indirect
  github.com/dennwc/varint v1.0.0 // indirect
  github.com/dgryski/go-rendezvous v0.0.0-20200823014737-9f7001d12a5f // indirect
+ github.com/dimchansky/utfbom v1.1.1 // indirect
  github.com/eapache/go-resiliency v1.2.0 // indirect
  github.com/eapache/go-xerial-snappy v0.0.0-20180814174437-776d5712da21 // indirect
  github.com/eapache/queue v1.1.0 // indirect
@@ -121,6 +130,7 @@ require (
  github.com/go-logr/logr v1.2.2 // indirect
  github.com/go-logr/stdr v1.2.2 // indirect
  github.com/gogo/googleapis v1.4.1 // indirect
+ github.com/golang-jwt/jwt/v4 v4.2.0 // indirect
  github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
  github.com/google/btree v1.0.1 // indirect
  github.com/googleapis/gax-go/v2 v2.1.1 // indirect

@@ -133,7 +133,9 @@ github.com/Azure/go-autorest/autorest/adal v0.9.17/go.mod h1:XVVeme+LZwABT8K5Lc3
 github.com/Azure/go-autorest/autorest/adal v0.9.18 h1:kLnPsRjzZZUF3K5REu/Kc+qMQrvuza2bwSnNdhmzLfQ=
 github.com/Azure/go-autorest/autorest/adal v0.9.18/go.mod h1:XVVeme+LZwABT8K5Lc3hA4nAe8LDBVle26gTrguhhPQ=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.3/go.mod h1:4bJZhUhcq8LB20TruwHbAQsmUs2Xh+QR7utuJpLXX3A=
+github.com/Azure/go-autorest/autorest/azure/auth v0.5.8 h1:TzPg6B6fTZ0G1zBf3T54aI7p3cAT6u//TOXGPmFMOXg=
 github.com/Azure/go-autorest/autorest/azure/auth v0.5.8/go.mod h1:kxyKZTSfKh8OVFWPAgOgQ/frrJgeYQJPyR5fLFmXko4=
+github.com/Azure/go-autorest/autorest/azure/cli v0.4.2 h1:dMOmEJfkLKW/7JsokJqkyoYSgmR08hi9KrhjZb+JALY=
 github.com/Azure/go-autorest/autorest/azure/cli v0.4.2/go.mod h1:7qkJkT+j6b+hIpzMOwPChJhTqS8VbsqqgULzMNRugoM=
 github.com/Azure/go-autorest/autorest/date v0.1.0/go.mod h1:plvfp3oPSKwf2DNjlBjWF/7vwR+cUD/ELuzDCXwHUVA=
 github.com/Azure/go-autorest/autorest/date v0.2.0/go.mod h1:vcORJHLJEh643/Ioh9+vPmf1Ij9AEBM5FuBIXLmIy0g=
@@ -143,6 +145,7 @@ github.com/Azure/go-autorest/autorest/mocks v0.1.0/go.mod h1:OTyCOPRA2IgIlWxVYxB
 github.com/Azure/go-autorest/autorest/mocks v0.2.0/go.mod h1:OTyCOPRA2IgIlWxVYxBee2F5Gr4kF2zd2J5cFRaIDN0=
 github.com/Azure/go-autorest/autorest/mocks v0.3.0/go.mod h1:a8FDP3DYzQ4RYfVAxAN3SVSiiO77gL2j2ronKKP0syM=
 github.com/Azure/go-autorest/autorest/mocks v0.4.0/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
+github.com/Azure/go-autorest/autorest/mocks v0.4.1 h1:K0laFcLE6VLTOwNgSxaGbUcLPuGXlNkbVvq4cW4nIHk=
 github.com/Azure/go-autorest/autorest/mocks v0.4.1/go.mod h1:LTp+uSrOhSkaKrUy935gNZuuIPPVsHlr9DSOxSayd+k=
 github.com/Azure/go-autorest/autorest/to v0.3.0/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
 github.com/Azure/go-autorest/autorest/to v0.3.1-0.20191028180845-3492b2aff503/go.mod h1:MgwOyqaIuKdG4TL/2ywSsIWKAfJfgHDo8ObuUk3t5sA=
@@ -606,6 +609,7 @@ github.com/digitalocean/godo v1.72.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm
 github.com/digitalocean/godo v1.75.0 h1:UijUv60I095CqJqGKdjY2RTPnnIa4iFddmq+1wfyS4Y=
 github.com/digitalocean/godo v1.75.0/go.mod h1:GBmu8MkjZmNARE7IXRPmkbbnocNN8+uBm0xbEVw2LCs=
 github.com/dimchansky/utfbom v1.1.0/go.mod h1:rO41eb7gLfo8SF1jd9F8HplJm1Fewwi4mQvIirEdv+8=
+github.com/dimchansky/utfbom v1.1.1 h1:vV6w1AhK4VMnhBno/TPVCoK9U/LP0PkLCS9tbxHdi/U=
 github.com/dimchansky/utfbom v1.1.1/go.mod h1:SxdoEBH5qIqFocHMyGOXVAybYJdr71b1Q/j0mACtrfE=
 github.com/dnaeon/go-vcr v1.0.1/go.mod h1:aBB1+wY4s93YsC3HHjMBMrwTj2R9FHDzUr9KyGc8n1E=
 github.com/dnaeon/go-vcr v1.2.0/go.mod h1:R4UdLID7HZT3taECzJs4YgbbH6PIGXB6W/sc5OLb6RQ=

@@ -13,6 +13,8 @@ import (
 
  "github.com/Azure/azure-pipeline-go/pipeline"
  blob "github.com/Azure/azure-storage-blob-go/azblob"
+ "github.com/Azure/go-autorest/autorest/adal"
+ "github.com/Azure/go-autorest/autorest/azure/auth"
  "github.com/cristalhq/hedgedhttp"
 )
 
@@ -21,21 +23,8 @@ const (
 )
 
 func GetContainerURL(ctx context.Context, cfg *Config, hedge bool) (blob.ContainerURL, error) {
- accountName := cfg.StorageAccountName
- accountKey := cfg.StorageAccountKey.String()
-
- if accountName == "" {
- accountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
- }
-
- if accountKey == "" {
- accountKey = os.Getenv("AZURE_STORAGE_KEY")
- }
-
- c, err := blob.NewSharedKeyCredential(accountName, accountKey)
- if err != nil {
- return blob.ContainerURL{}, err
- }
+ var err error
+ var p pipeline.Pipeline
 
  retryOptions := blob.RetryOptions{
  MaxTries: int32(maxRetries),
@@ -72,12 +61,29 @@ func GetContainerURL(ctx context.Context, cfg *Config, hedge bool) (blob.Contain
  }
  })
 
- p := blob.NewPipeline(c, blob.PipelineOptions{
+ opts := blob.PipelineOptions{
  Retry: retryOptions,
  Telemetry: blob.TelemetryOptions{Value: "Tempo"},
  HTTPSender: httpSender,
- })
+ }
 
+ if !cfg.UseManagedIdentity && cfg.UserAssignedID == "" {
+ credential, err := blob.NewSharedKeyCredential(getStorageAccountName(cfg), getStorageAccountKey(cfg))
+ if err != nil {
+ return blob.ContainerURL{}, err
+ }
+
+ p = blob.NewPipeline(credential, opts)
+ } else {
+ credential, err := getOAuthToken(cfg)
+ if err != nil {
+ return blob.ContainerURL{}, err
+ }
+
+ p = blob.NewPipeline(*credential, opts)
+ }
+
+ accountName := getStorageAccountName(cfg)
  u, err := url.Parse(fmt.Sprintf("https://%s.%s", accountName, cfg.Endpoint))
 
  // If the endpoint doesn't start with blob.core we can assume Azurite is being used
@@ -122,3 +128,66 @@ func CreateContainer(ctx context.Context, conf *Config) (blob.ContainerURL, erro
  blob.PublicAccessNone)
  return c, err
 }
+
+func getStorageAccountName(cfg *Config) string {
+ accountName := cfg.StorageAccountName
+ if accountName == "" {
+ accountName = os.Getenv("AZURE_STORAGE_ACCOUNT")
+ }
+
+ return accountName
+}
+
+func getStorageAccountKey(cfg *Config) string {
+ accountKey := cfg.StorageAccountKey.String()
+ if accountKey == "" {
+ accountKey = os.Getenv("AZURE_STORAGE_KEY")
+ }
+
+ return accountKey
+}
+
+func getOAuthToken(cfg *Config) (*blob.TokenCredential, error) {
+ spt, err := getServicePrincipalToken(cfg)
+ if err != nil {
+ return nil, err
+ }
+
+ // Refresh obtains a fresh token
+ err = spt.Refresh()
+ if err != nil {
+ return nil, err
+ }
+
+ tc := blob.NewTokenCredential(spt.Token().AccessToken, func(tc blob.TokenCredential) time.Duration {
+ err := spt.Refresh()
+ if err != nil {
+ // something went wrong, prevent the refresher from being triggered again
+ return 0
+ }
+
+ // set the new token value
+ tc.SetToken(spt.Token().AccessToken)
+
+ // get the next token slightly before the current one expires
+ return time.Until(spt.Token().Expires()) - 10*time.Second
+ })
+
+ return &tc, nil
+}
+
+func getServicePrincipalToken(cfg *Config) (*adal.ServicePrincipalToken, error) {
+ endpoint := cfg.Endpoint
+
+ resource := fmt.Sprintf("https://%s.%s", cfg.StorageAccountName, endpoint)
+
+ msiConfig := auth.MSIConfig{
+ Resource: resource,
+ }
+
+ if cfg.UserAssignedID != "" {
+ msiConfig.ClientID = cfg.UserAssignedID
+ }
+
+ return msiConfig.ServicePrincipalToken()
+}
@@ -0,0 +1,62 @@
+package azure
+
+import (
+ "testing"
+
+ "github.com/grafana/dskit/flagext"
+ "github.com/stretchr/testify/assert"
+)
+
+const (
+ TestStorageAccountName = "foobar"
+ TestStorageAccountKey = "abc123"
+)
+
+// TestGetStorageAccountName* explicitly broken out into
+// separate tests instead of table-driven due to usage of t.SetEnv
+func TestGetStorageAccountNameInConfig(t *testing.T) {
+ cfg := Config{StorageAccountName: TestStorageAccountName}
+
+ actual := getStorageAccountName(&cfg)
+ assert.Equal(t, TestStorageAccountName, actual)
+}
+
+func TestGetStorageAccountNameInEnv(t *testing.T) {
+ cfg := Config{}
+ t.Setenv("AZURE_STORAGE_ACCOUNT", TestStorageAccountName)
+
+ actual := getStorageAccountName(&cfg)
+ assert.Equal(t, TestStorageAccountName, actual)
+}
+
+func TestGetStorageAccountNameNotSet(t *testing.T) {
+ cfg := Config{}
+
+ actual := getStorageAccountName(&cfg)
+ assert.Equal(t, "", actual)
+}
+
+// TestGetStorageAccountKey* explicitly broken out into
+// separate tests instead of table-driven due to usage of t.SetEnv
+func TestGetStorageAccountKeyInConfig(t *testing.T) {
+ storageAccountKeySecret := flagext.SecretWithValue(TestStorageAccountKey)
+ cfg := Config{StorageAccountKey: storageAccountKeySecret}
+
+ actual := getStorageAccountKey(&cfg)
+ assert.Equal(t, TestStorageAccountKey, actual)
+}
+
+func TestGetStorageAccountKeyInEnv(t *testing.T) {
+ cfg := Config{}
+ t.Setenv("AZURE_STORAGE_KEY", TestStorageAccountKey)
+
+ actual := getStorageAccountKey(&cfg)
+ assert.Equal(t, TestStorageAccountKey, actual)
+}
+
+func TestGetStorageAccountKeyNotSet(t *testing.T) {
+ cfg := Config{}
+
+ actual := getStorageAccountKey(&cfg)
+ assert.Equal(t, "", actual)
+}
@@ -9,6 +9,8 @@ import (
 type Config struct {
  StorageAccountName string `yaml:"storage-account-name"`
  StorageAccountKey flagext.Secret `yaml:"storage-account-key"`
+ UseManagedIdentity bool `yaml:"use-managed-identity"`
+ UserAssignedID string `yaml:"user-assigned-id"`
  ContainerName string `yaml:"container-name"`
  Endpoint string `yaml:"endpoint-suffix"`
  MaxBuffers int `yaml:"max-buffers"`