From cf5f2cd5d438c9f549bc1bea5030062a6fab62c3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Martin=20Dz=C3=ADbela?= Date: Thu, 18 Jan 2024 16:56:27 +0100 Subject: [PATCH] allow to authenticate to Azure Storage using SAS tokens (#5382) Signed-off-by: Martin Dzibela --- .golangci.yml | 7 ++++++- CHANGELOG.md | 2 ++ pkg/scalers/azure/azure_storage.go | 22 ++++++++++++++++++++-- pkg/scalers/azure/azure_storage_test.go | 2 ++ 4 files changed, 30 insertions(+), 3 deletions(-) diff --git a/.golangci.yml b/.golangci.yml index 17b9c182e99..3ebf499edb5 100644 --- a/.golangci.yml +++ b/.golangci.yml @@ -157,7 +157,12 @@ issues: - path: pkg/scaling/resolver/scale_resolvers.go linters: - gocyclo - + # Exclude for azure_storage, reason: + # pkg/scalers/azure/azure_storage.go:91: 91-120 lines are duplicate of `pkg/scalers/azure/azure_storage.go:123-152` (dupl) + # pkg/scalers/azure/azure_storage.go:123: 123-152 lines are duplicate of `pkg/scalers/azure/azure_storage.go:91-120` (dupl) + - path: pkg/scalers/azure/azure_storage.go + linters: + - dupl linters-settings: funlen: diff --git a/CHANGELOG.md b/CHANGELOG.md index 73ae1c14a71..0b10604d825 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -110,7 +110,9 @@ Here is an overview of all new **experimental** features: - **General**: Request all ScaledObject/ScaledJob triggers in parallel ([#5276](https://github.com/kedacore/keda/issues/5276)) - **General**: Support TriggerAuthentication properties from ConfigMap ([#4830](https://github.com/kedacore/keda/issues/4830)) - **General**: Use client-side round-robin load balancing for grpc calls ([#5224](https://github.com/kedacore/keda/issues/5224)) +- **Azure Blob Storage scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393)) - **Azure Pipelines Scaler**: Add support for workload identity authentication ([#5013](https://github.com/kedacore/keda/issues/5013)) +- **Azure Storage Queue scaler**: Allow to authenticate to Azure Storage using SAS tokens ([#5393](https://github.com/kedacore/keda/issues/5393)) - **GCP pubsub scaler**: Support distribution-valued metrics and metrics from topics ([#5070](https://github.com/kedacore/keda/issues/5070)) - **GCP stackdriver scaler**: Support valueIfNull parameter ([#5345](https://github.com/kedacore/keda/pull/5345)) - **Hashicorp Vault**: Add support to get secret that needs write operation (e.g. pki) ([#5067](https://github.com/kedacore/keda/issues/5067)) diff --git a/pkg/scalers/azure/azure_storage.go b/pkg/scalers/azure/azure_storage.go index 12ac8e9f18d..d8f09d2f2ee 100644 --- a/pkg/scalers/azure/azure_storage.go +++ b/pkg/scalers/azure/azure_storage.go @@ -104,6 +104,10 @@ func ParseAzureStorageQueueConnection(ctx context.Context, httpClient util.HTTPD return nil, nil, err } + if accountName == "" && accountKey == "" { + return azqueue.NewAnonymousCredential(), endpoint, nil + } + credential, err := azqueue.NewSharedKeyCredential(accountName, accountKey) if err != nil { return nil, nil, err @@ -132,6 +136,10 @@ func ParseAzureStorageBlobConnection(ctx context.Context, httpClient util.HTTPDo return nil, nil, err } + if accountName == "" && accountKey == "" { + return azblob.NewAnonymousCredential(), endpoint, nil + } + credential, err := azblob.NewSharedKeyCredential(accountName, accountKey) if err != nil { return nil, nil, err @@ -139,7 +147,7 @@ func ParseAzureStorageBlobConnection(ctx context.Context, httpClient util.HTTPDo return credential, endpoint, nil default: - return nil, nil, fmt.Errorf("azure queues doesn't support %s pod identity type", podIdentity.Provider) + return nil, nil, fmt.Errorf("azure storage doesn't support %s pod identity type", podIdentity.Provider) } } @@ -154,7 +162,7 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto return "" } - var endpointProtocol, name, key, endpointSuffix, endpoint string + var endpointProtocol, name, key, sas, endpointSuffix, endpoint string for _, v := range parts { switch { case strings.HasPrefix(v, "DefaultEndpointsProtocol"): @@ -163,6 +171,8 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto name = getValue(v) case strings.HasPrefix(v, "AccountKey"): key = getValue(v) + case strings.HasPrefix(v, "SharedAccessSignature"): + sas = getValue(v) case strings.HasPrefix(v, "EndpointSuffix"): endpointSuffix = getValue(v) case endpointType == BlobEndpoint && strings.HasPrefix(v, endpointType.Prefix()): @@ -176,6 +186,14 @@ func parseAzureStorageConnectionString(connectionString string, endpointType Sto } } + if sas != "" && endpoint != "" { + u, err := url.Parse(fmt.Sprintf("%s?%s", endpoint, sas)) + if err != nil { + return nil, "", "", err + } + return u, "", "", nil + } + if name == "" || key == "" { return nil, "", "", ErrAzureConnectionStringKeyName } diff --git a/pkg/scalers/azure/azure_storage_test.go b/pkg/scalers/azure/azure_storage_test.go index 82cdc8f8dcf..4309cd8d6dc 100644 --- a/pkg/scalers/azure/azure_storage_test.go +++ b/pkg/scalers/azure/azure_storage_test.go @@ -22,6 +22,8 @@ var parseConnectionStringTestDataset = []parseConnectionStringTestData{ {"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;BlobEndpoint=https://blob.net", "testing", "key==", "https://blob.net", BlobEndpoint, false}, {"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;TableEndpoint=https://table.net", "testing", "key==", "https://table.net", TableEndpoint, false}, {"DefaultEndpointsProtocol=https;AccountName=testing;AccountKey=key==;EndpointSuffix=core.windows.net;FileEndpoint=https://file.net", "testing", "key==", "https://file.net", FileEndpoint, false}, + {"QueueEndpoint=https://queue.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://queue.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", QueueEndpoint, false}, + {"BlobEndpoint=https://blob.net;SharedAccessSignature=sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", "", "", "https://blob.net?sv=2012-02-12&st=2009-02-09&se=2009-02-10&sr=c&sp=r&si=YWJjZGVmZw%3d%3d&sig=dD80ihBh5jfNpymO5Hg1IdiJIEvHcJpCMiCMnN%2fRnbI%3d", BlobEndpoint, false}, } func TestParseStorageConnectionString(t *testing.T) {