From 3643e6d1b06153e78136e002b640bbd369295693 Mon Sep 17 00:00:00 2001 From: Batuhan Taskaya Date: Wed, 18 Aug 2021 08:38:28 +0300 Subject: [PATCH] azure: mention that we search azure config (#2703) * azure: mention that we search azure config * ref: specify which options and when are taken from Azure config per https://github.com/iterative/dvc.org/pull/2703#discussion_r689458522 * ref: explain Azure auth routes from the beginning of section per https://github.com/iterative/dvc.org/pull/2703#pullrequestreview-730938574 Co-authored-by: Jorge Orpinel --- .../docs/command-reference/remote/modify.md | 27 +++++++++++++++---- 1 file changed, 22 insertions(+), 5 deletions(-) diff --git a/content/docs/command-reference/remote/modify.md b/content/docs/command-reference/remote/modify.md index 90d4a53608..3af18b853a 100644 --- a/content/docs/command-reference/remote/modify.md +++ b/content/docs/command-reference/remote/modify.md @@ -369,16 +369,22 @@ $ dvc remote modify --system myremote +To use a custom authentication method, you can either use this command to +configure the appropriate auth params, use environment variables, or rely on an +Azure config file (in that order). More details below. + > See some [Azure auth examples](#example-some-azure-authentication-methods). -To use a custom authentication method, use the following parameters (listed in -order of precedence): +#### Authenticate with DVC config parameters + +The following parameters are listed in the order they are used by DVC when +attempting to authenticate with Azure: 1. `connection_string` is used for authentication if given (`account_name` is ignored). 2. If `tenant_id` and `client_id`, `client_secret` are given, Active Directory (AD) [service principal] auth is performed. -3. DVC will try next to connect with `account_key` or `sas_token` (in this +3. DVC will next try to connect with `account_key` or `sas_token` (in this order) if either are provided. 4. If `allow_anonymous_login` is set to `True`, then DVC will try to connect [anonymously]. @@ -442,8 +448,10 @@ order of precedence): $ dvc remote modify myremote allow_anonymous_login true ``` -Note that Azure remotes can also authenticate via environment variables (instead -of `dvc remote modify`). These are tried if none of the params above are set. +#### Authenticate with environment variables + +Azure remotes can also authenticate via env vars (instead of +`dvc remote modify`). These are tried if none of the params above are set. For Azure connection string: @@ -481,6 +489,15 @@ $ export AZURE_PASSWORD='mysecret' > [env vars](https://docs.microsoft.com/en-us/python/api/azure-identity/azure.identity.environmentcredential) > available. +#### Authenticate with an Azure config file + +As a final option (if no params or env vars are set), some of the auth methods +can propagate from an Azure configuration file (typically managed with +[az config](https://docs.microsoft.com/en-us/cli/azure/config)): +`connection_string`, `account_name`, `account_key`, `sas_token` and +`container_name`. The default directory where it will be searched for is +`~/.azure` but this can be customized with the `AZURE_CONFIG_DIR` env var. +