Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add support for client assertion based authentication #1620

Merged
merged 29 commits into from
Feb 24, 2025
Merged

Add support for client assertion based authentication #1620

merged 29 commits into from
Feb 24, 2025

Conversation

vibhansa-msft
Copy link
Member

@vibhansa-msft vibhansa-msft commented Jan 30, 2025
edited
Loading

βœ… What

Adding client assertion based authentication mode.

πŸ€” Why

Client and user assertion based authentication where SPN/MSI based auth does not work.

πŸ‘©β€πŸ”¬ How to validate if applicable

Configure your storage account and environment to use this mod of authentication.

πŸ”– Related links

NA

How to use

  • To use this mode of authentication use below config in your azstorage section
        mode: clientassertion

        #  TenantID
        tenantid: <Tenant ID where storage resides>

        #  ClientID in CORP
        clientid: <Client id>

        #  MI Client ID in CORP
        appid: <MSI application id>

         #aadendpoint: <If you wish to use non default AAD endpoint>

         #auth-resource: <default is : api://AzureADTokenExchange>

cvvz and others added 15 commits December 5, 2024 22:28
@cvvz
feat: support workload identity token (#1556)
3b14949 
* feat: support workload identity token
@souravgupta-msft
Create block pool only once in child process (#1581)
dc504f6 
* create block pool in child only
@JanJaguschQC
Update golang.org/x/crypto to v0.31.0 (#1594)
c4e57ef 
* Update golang.org/x/crypto to v0.31.0
@ashruti-msft
sync with main (#1603)
622e3d7 
* updated year in copyright message (#1601)
@vibhansa-msft
Synch with main
dab05d9
@ashruti-msft
Use ListBlob for hns accounts (#1555)
75de959 
* Optimize HNS listing
@ashruti-msft
Added statfs for block-cache (#1470)
c16d3d2 
* Added statfs for block_cache
@vibhansa-msft
Add strong consistency check for data on disk (#1604)
37149a5 
* Add strong consistency check for data on disk
@syeleti-msft
bug in block cache open call (#1580)
cdd48de 
* current implementation of open file when opened in O_WRONLY will truncate the file to zero. This is incorrect behaviour.
We don't see it in the normal scenario as write-back cache is on by default. Hence all the open calls with O_WRONLY will be redirected O_RDWR.
To simulate this turn of the write-back cache and then open file in O_WRONLY.
@vibhansa-msft
Feature: Blob filter (#1595)
6c4cf2e 
* Integrating blob filter in azstorage
@vibhansa-msft
Cleanup on start shall be set to cleanup temp cache (#1613)
76b69ad
@ashruti-msft
Automate blobfuse2 setup for new VM (#1575)
c576f39 
added script for blobfuse setup and azsecpack setup in VM
@vibhansa-msft
Downgrade go version to 1.22.7 due to memory issues in 1.23 (#1619)
bf1e726
@vibhansa-msft
Enable ETAG based validation on every block download to provide highe…
c71ea55 
…r consistency (#1608)

* Make etag validation a defualt option
@vibhansa-msft
Adding Client assertion based authentication mode
0090d83
@vibhansa-msft vibhansa-msft added this to the v2-2.5.0 milestone Jan 30, 2025
@vibhansa-msft vibhansa-msft changed the base branch from main to blobfuse/2.4.1 January 30, 2025 10:29
@vibhansa-msft vibhansa-msft changed the base branch from blobfuse/2.4.1 to main February 4, 2025 09:31
@vibhansa-msft vibhansa-msft marked this pull request as ready for review February 4, 2025 09:33
@vibhansa-msft vibhansa-msft merged commit 62584ff into main Feb 24, 2025
10 checks passed
@vibhansa-msft vibhansa-msft deleted the vibhansa/clientAssertion branch February 24, 2025 05:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ashruti-msft ashruti-msft ashruti-msft approved these changes

@syeleti-msft syeleti-msft syeleti-msft approved these changes

@souravgupta-msft souravgupta-msft Awaiting requested review from souravgupta-msft souravgupta-msft is a code owner

@jainakanksha-msft jainakanksha-msft Awaiting requested review from jainakanksha-msft jainakanksha-msft is a code owner

Assignees
No one assigned
Labels
feature request V2
Projects
None yet
Milestone
v2-2.5.0
Development

Successfully merging this pull request may close these issues.
6 participants
@vibhansa-msft @ashruti-msft @syeleti-msft @cvvz @souravgupta-msft @JanJaguschQC