Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Authentication examples for Azure Blob Storage #2634

Merged
merged 10 commits into from
Jul 28, 2021
Merged

Authentication examples for Azure Blob Storage #2634

Changes from 2 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
dc79a10
Authentication examples for Azure Blob Storage
Jul 14, 2021
eb3c5ce
Update modify.md
Jul 15, 2021
aa00fbf
ref: mystorageaccountname -> myaccount in `remote modify`
jorgeorpinel Jul 19, 2021
8f1c355
ref: std value samples in remote modify
jorgeorpinel Jul 19, 2021
2655da0
Update modify.md
Jul 23, 2021
df5c515
Update modify.md
Jul 23, 2021
f6a9184
Merge branch 'master' into pr/meierale/2634
jorgeorpinel Jul 28, 2021
f151302
ref: clarify account_name param in remote modify
jorgeorpinel Jul 28, 2021
3904abb
ref: move Azure examples to the bottom of remote modify
jorgeorpinel Jul 28, 2021
c80e768
ref: link to Azure auth examples from remote add/modify
jorgeorpinel Jul 28, 2021
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
41 changes: 38 additions & 3 deletions content/docs/command-reference/remote/modify.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,7 +334,7 @@ storage. Whether they're effective depends on each storage platform.
- `account_name` (required) - storage account name

```dvc
$ dvc remote modify myremote account_name 'myuser'
$ dvc remote modify myremote account_name 'mystorageaccountname'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
```

By default, DVC authenticates using an `account_name` and its
Expand All @@ -344,7 +344,7 @@ application. To use a custom authentication method, use the following parameters
(listed in order of precedence):

1. `connection_string` is used for authentication if given (all others params
are ignored).
are ignored / should be removed from the config).
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
2. If `tenant_id` and `client_id` or `client_secret` are given, Active Directory
(AD)
[service principal](https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal)
Expand Down Expand Up @@ -406,7 +406,42 @@ application. To use a custom authentication method, use the following parameters
```dvc
$ dvc remote modify myremote allow_anonymous_login true
```
**Authentication examples:**

Authentication example with `connection_string`:

```dvc
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
$ dvc remote add -d myremote azure://mycontainer/object
$ dvc remote modify --local myremote connection_string 'storageaccountaccesskeyconnectionstring'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
$ dvc remote push
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wait... We already have these examples under each config option. E.g.

image

The hope is that the remote add and push/pull commands are obvious to people reading this section.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My point (and thus I included the dvc remote push command) is that I wanted to provide examples of correctly working combinations of authentication settings.

The already existing examples only show what parameters can be added, but not in which way they should be combined.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not in which way they should be combined

The ways in which they should be combined is there, pretty close to the beginning of this section:

image

```

Authentication example with currently logged in az cli user/identity:

```dvc
$ dvc remote add -d myremote azure://mycontainer/object
$ dvc remote modify myremote account_name 'mystorageaccountname'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
$ dvc remote push
```

Authentication example with `account_key`:
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved

```dvc
$ dvc remote add -d myremote azure://mycontainer/object
$ dvc remote modify --local myremote account_name 'mystorageaccountname'
$ dvc remote modify --local myremote account_key 'mystorageaccountaccesskey'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
$ dvc remote push
```

Authentication example with `sas_token`:

```dvc
$ dvc remote add -d myremote azure://mycontainer/object
$ dvc remote modify --local myremote account_name 'mystorageaccountname'
$ dvc remote modify --local myremote sas_token 'mysastoken'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
$ dvc remote push
```

Note that Azure remotes can also authenticate via environment variables (instead
of `dvc remote modify`). These are tried if none of the params above are set.

Expand All @@ -419,7 +454,7 @@ $ export AZURE_STORAGE_CONNECTION_STRING='mysecret'
For account name and key/token auth:

```dvc
$ export AZURE_STORAGE_ACCOUNT='myuser'
$ export AZURE_STORAGE_ACCOUNT='mystorageaccount'
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
jorgeorpinel marked this conversation as resolved.
Show resolved Hide resolved
# and
$ export AZURE_STORAGE_KEY='mysecret'
# or
Expand Down