From 20a46e665743d158a853f36e04bf53ffc32ed409 Mon Sep 17 00:00:00 2001 From: Bernd Verst Date: Mon, 6 Nov 2023 14:19:40 -0800 Subject: [PATCH] Azure BlobStorage components: Add `disableEntityManagement` metadata option (#3213) Signed-off-by: Bernd Verst --- bindings/azure/blobstorage/metadata.yaml | 7 +++++- .../component/azure/blobstorage/client.go | 23 +++++++++++-------- .../component/azure/blobstorage/metadata.go | 7 +++--- state/azure/blobstorage/v1/metadata.yaml | 5 ++++ state/azure/blobstorage/v2/metadata.yaml | 5 ++++ 5 files changed, 33 insertions(+), 14 deletions(-) diff --git a/bindings/azure/blobstorage/metadata.yaml b/bindings/azure/blobstorage/metadata.yaml index 047d4fa0bb..0c436bb02e 100644 --- a/bindings/azure/blobstorage/metadata.yaml +++ b/bindings/azure/blobstorage/metadata.yaml @@ -87,4 +87,9 @@ metadata: example: '3' description: | Specifies the maximum number of HTTP requests that will be made to retry blob operations. - A value of zero means that no additional attempts will be made after a failure. \ No newline at end of file + A value of zero means that no additional attempts will be made after a failure. + - name: disableEntityManagement + description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions." + example: "true" + default: '"false"' + type: bool \ No newline at end of file diff --git a/internal/component/azure/blobstorage/client.go b/internal/component/azure/blobstorage/client.go index 858cd2b7ff..72374e3a33 100644 --- a/internal/component/azure/blobstorage/client.go +++ b/internal/component/azure/blobstorage/client.go @@ -62,16 +62,19 @@ func CreateContainerStorageClient(parentCtx context.Context, log logger.Logger, return nil, nil, err } - // Create the container if it doesn't already exist - var accessLevel *azblob.PublicAccessType - if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" { - accessLevel = &m.PublicAccessLevel - } - ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second) - defer cancel() - err = m.EnsureContainer(ctx, client, accessLevel) - if err != nil { - return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err) + // if entity management is disabled, do not attempt to create the container + if !m.DisableEntityManagement { + // Create the container if it doesn't already exist + var accessLevel *azblob.PublicAccessType + if m.PublicAccessLevel != "" && m.PublicAccessLevel != "none" { + accessLevel = &m.PublicAccessLevel + } + ctx, cancel := context.WithTimeout(parentCtx, 30*time.Second) + defer cancel() + err = m.EnsureContainer(ctx, client, accessLevel) + if err != nil { + return nil, nil, fmt.Errorf("failed to create Azure Storage container %s: %w", m.ContainerName, err) + } } return client, m, nil diff --git a/internal/component/azure/blobstorage/metadata.go b/internal/component/azure/blobstorage/metadata.go index 2f8b3132e0..ecd9c512d1 100644 --- a/internal/component/azure/blobstorage/metadata.go +++ b/internal/component/azure/blobstorage/metadata.go @@ -25,9 +25,10 @@ import ( ) type BlobStorageMetadata struct { - ContainerClientOpts `json:",inline" mapstructure:",squash"` - DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"` - PublicAccessLevel azblob.PublicAccessType + ContainerClientOpts `json:",inline" mapstructure:",squash"` + DecodeBase64 bool `json:"decodeBase64,string" mapstructure:"decodeBase64" mdonly:"bindings"` + PublicAccessLevel azblob.PublicAccessType + DisableEntityManagement bool `json:"disableEntityManagement,string" mapstructure:"disableEntityManagement"` } type ContainerClientOpts struct { diff --git a/state/azure/blobstorage/v1/metadata.yaml b/state/azure/blobstorage/v1/metadata.yaml index 0555701acb..411951fcb0 100644 --- a/state/azure/blobstorage/v1/metadata.yaml +++ b/state/azure/blobstorage/v1/metadata.yaml @@ -74,3 +74,8 @@ metadata: description: | Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure. + - name: disableEntityManagement + description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions." + example: "true" + default: '"false"' + type: bool \ No newline at end of file diff --git a/state/azure/blobstorage/v2/metadata.yaml b/state/azure/blobstorage/v2/metadata.yaml index 1135047019..ba52673110 100644 --- a/state/azure/blobstorage/v2/metadata.yaml +++ b/state/azure/blobstorage/v2/metadata.yaml @@ -74,3 +74,8 @@ metadata: description: | Specifies the maximum number of HTTP requests that will be made to retry blob operations. A value of zero means that no additional attempts will be made after a failure. + - name: disableEntityManagement + description: "Disable entity management. Skips the attempt to create the specified storage container. This is useful when operating with minimal Azure AD permissions." + example: "true" + default: '"false"' + type: bool \ No newline at end of file