Add Azure Workload Identity authentication support #2195
Conversation
LambArchie
requested review from
knylander-grafana,
joe-elliott,
annanay25,
mdisibio,
mapno,
yvrhdn and
zalegrala
as code owners
|
|
There was a problem hiding this comment.
Thanks for the PR! I added some thoughts on cleanup. I'm also concerned about changing this functionality as its difficult to test and I am far from an Azure auth expert. We will still be willing to merge, but any testing you can do on your end to feel confident in this change would be appreciated.
I tested my original changes and it seemed to work, including token renewal as I continued to see changes on the test azure storage account 32 hours after I initially started tempo (tokens are renewed every hour but if not are valid for 24h). I will test again with these changes to ensure no regression has occurred |
* Add Azure Workload Identity authentication support * Linting * Automate getting Azure AD Endpoint * PR Feedback
|
What is the rigth configuration to have tempo working with workload identity ? I receiving failed to created store : getting storage container: open: no such file or directory. My container exist, relation between sa and manage identity also exist |
What this PR does:
Adds support for Azure Workload Identity authentication.
Partially based off the following PR grafana/loki#7540 which implemented Azure Workload Identity into Loki.
Checklist
CHANGELOG.mdupdated - the order of entries should be[CHANGE],[FEATURE],[ENHANCEMENT],[BUGFIX]This is my first time writing anything in Go, so I might have made a mistake with the syntax. If I have feel free to fix it or let me know and I'll fix it myself.
I have tested this and it seems to work so I'm hoping I haven't made a mistake but you never know.