Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat(fs/azure): add support for Azure Blob Storage (FS Object Backend) #2538

Merged
merged 13 commits into from
Dec 20, 2023
Merged

feat(fs/azure): add support for Azure Blob Storage (FS Object Backend) #2538

merged 13 commits into from
Dec 20, 2023

Conversation

erka
Copy link
Collaborator

@erka erka commented Dec 13, 2023
edited
Loading

This is a good description of the auth for Azure Blob Storage https://github.com/moby/buildkit?tab=readme-ov-file#azure-blob-storage-cache-experimental

fixes #2289

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Dec 13, 2023
edited
Loading

Uffizzi Ephemeral Environment deployment-43121

☁️ https://app.uffizzi.com/github.com/flipt-io/flipt/pull/2538

📄 View Application Logs etc.

⏰ This Preview will be destroyed in 1 hours at: Mon Dec 18 20:04:37 UTC 2023

What is Uffizzi? Learn more!

@GeorgeMac GeorgeMac mentioned this pull request Dec 14, 2023
Merged
@erka erka force-pushed the azblob branch 2 times, most recently from 412990d to 3029d5d Compare December 16, 2023 18:35
@codecov Codecov
Copy link

codecov bot commented Dec 16, 2023
edited
Loading

Codecov Report

Attention: 33 lines in your changes are missing coverage. Please review.

Comparison is base (3665590) 71.62% compared to head (03c03b4) 71.74%.

Files Patch % Lines
internal/storage/fs/azblob/azblob_fs.go 70.83% 17 Missing and 4 partials ⚠️
internal/storage/fs/azblob/store.go 77.35% 8 Missing and 4 partials ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #2538      +/-   ##
==========================================
+ Coverage   71.62%   71.74%   +0.12%     
==========================================
  Files          85       87       +2     
  Lines        8066     8197     +131     
==========================================
+ Hits         5777     5881     +104     
- Misses       1940     1961      +21     
- Partials      349      355       +6

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@erka erka force-pushed the azblob branch 4 times, most recently from 2aac4ca to 3850813 Compare December 18, 2023 17:31
@erka erka marked this pull request as ready for review December 18, 2023 18:37
@erka erka requested a review from a team as a code owner December 18, 2023 18:37
@markphelps
Copy link
Collaborator

Will give this a thorough 👁️ in the morning @erka ! Apologies was out of town this weekend/today. Looks great at a glance though! much appreciated!

GeorgeMac
GeorgeMac requested changes Dec 19, 2023
View reviewed changes
Copy link
Member

@GeorgeMac GeorgeMac left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One minor tidy up comment, otherwise, this is super awesome. Thanks for putting this together @erka 💪 Solid.

internal/storage/fs/azblob/azblob_fs.go Outdated Show resolved Hide resolved
@erka erka mentioned this pull request Dec 19, 2023
Merged
markphelps
markphelps requested changes Dec 19, 2023
View reviewed changes
Copy link
Collaborator

@markphelps markphelps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Minor JSON config changes

Thank you @erka!!

internal/config/storage.go Outdated Show resolved Hide resolved
internal/config/storage.go Outdated Show resolved Hide resolved
@markphelps
Copy link
Collaborator

I was looking at how our AWS S3 bucket config is authenticated and it seems it supports the default ENV vars supported by the AWS S3 go client:

AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...

Actually, I think it uses the aws s3 client default access credentials chain: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials

I think we should do the same here for azure blob, and not pass access credentials via FLIPT_ env vars, but instead rely on the azure blob default credential chain: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential

@erka
Copy link
Collaborator Author

erka commented Dec 19, 2023

I was looking at how our AWS S3 bucket config is authenticated and it seems it supports the default ENV vars supported by the AWS S3 go client:

AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...

Actually, I think it uses the aws s3 client default access credentials chain: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials

I think we should do the same here for azure blob, and not pass access credentials via FLIPT_ env vars, but instead rely on the azure blob default credential chain: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential

Azure Blob Storage is a bit more complex and provides few ways to auth. There is a default which you mentioned above but there are few others. Please read https://pkg.go.dev/[email protected]/blob/azureblob#hdr-URLs about it.

I have no objectives with dropping FLIPT_ env vars and rely on ENV defined on go-cloud.

@markphelps
Copy link
Collaborator

I was looking at how our AWS S3 bucket config is authenticated and it seems it supports the default ENV vars supported by the AWS S3 go client:

AWS_ACCESS_KEY_ID=...
AWS_SECRET_ACCESS_KEY=...

Actually, I think it uses the aws s3 client default access credentials chain: https://docs.aws.amazon.com/sdk-for-go/v1/developer-guide/configuring-sdk.html#specifying-credentials
I think we should do the same here for azure blob, and not pass access credentials via FLIPT_ env vars, but instead rely on the azure blob default credential chain: https://pkg.go.dev/github.com/Azure/azure-sdk-for-go/sdk/azidentity#DefaultAzureCredential

Azure Blob Storage is a bit more complex and provides few ways to auth. There is a default which you mentioned above but there are few others. Please read https://pkg.go.dev/[email protected]/blob/azureblob#hdr-URLs about it.

I have no objectives with dropping FLIPT_ env vars and rely on ENV defined on go-cloud.

👍🏻 so then we would remove the configuration options FLIPT_STORAGE_OBJECT_AZBLOB_ACCOUNT and FLIPT_STORAGE_OBJECT_AZBLOB_SHARED_KEY and instead check for AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY, matching the behavior of go cloud?

@erka
Copy link
Collaborator Author

erka commented Dec 20, 2023
edited
Loading

@markphelps FLIPT_..._AZBLOB_ACCOUNT and FLIPT_..._SHARED_KEY should be removed and replaced with AZURE_STORAGE_ACCOUNT and AZURE_STORAGE_KEY.

I have excluded endpoint from json as it may leak account name if endpoint is explicitly defined.

BTW maybe s3 bucket should be excluded as well as it's globally unique.

markphelps
markphelps reviewed Dec 20, 2023
View reviewed changes
Copy link
Collaborator

@markphelps markphelps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

amazing!! thank you @erka . one minor suggestion.

BTW maybe s3 bucket should be excluded as well as it's globally unique.

I agree, if you dont want to do this in this pr we can do it in another

internal/storage/fs/azblob/azblob_fs.go Outdated Show resolved Hide resolved
erka and others added 3 commits December 20, 2023 21:34
@erka @markphelps
Update internal/storage/fs/azblob/azblob_fs.go
da9f615 
Co-authored-by: Mark Phelps <[email protected]>
@erka
Merge branch 'main' into azblob
cdde48a
@erka
reorder ctx and cleanups.
03c03b4 
There is a strange error `Log in goroutine after Test_Store has completed` occurs randomly.
@markphelps markphelps added the needs docs Requires documentation updates label Dec 20, 2023
markphelps
markphelps approved these changes Dec 20, 2023
View reviewed changes
Copy link
Collaborator

@markphelps markphelps left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

looks great!! Thank you @erka ! I will update docs and this will go out in next release 🎉

@markphelps markphelps merged commit 2a10724 into flipt-io:main Dec 20, 2023
29 checks passed
@erka erka deleted the azblob branch December 20, 2023 21:51
@markphelps markphelps mentioned this pull request Dec 22, 2023
Merged
@markphelps markphelps removed the needs docs Requires documentation updates label Jan 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GeorgeMac GeorgeMac GeorgeMac approved these changes

@markphelps markphelps markphelps approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Add support for Azure Blob Storage (FS Object Backend)
3 participants
@erka @markphelps @GeorgeMac