jackye1995 opened a new pull request, #6530:
URL: https://github.com/apache/opendal/pull/6530
## Summary
This PR adds missing Azure authentication features to OpenDAL's Azure Blob
Storage service, bringing it closer to feature parity with arrow-rs
object_store.
### New Authentication Features Added
- **OAuth Authentication**: `client_id`, `client_secret`, `tenant_id`,
`authority_host`
- **Bearer Token**: Direct bearer token authentication
- **Managed Identity**: `msi_endpoint`, `object_id`, `msi_resource_id`
- **Workload Identity**: `federated_token_file` for Kubernetes workload
identity federation
- **Azure CLI**: `use_azure_cli` integration
- **Emulator Support**: `use_emulator` for Azurite
- **Microsoft Fabric**: `use_fabric_endpoint` support
- **Additional Options**: `skip_signature`, `disable_tagging`
### Implementation Details
- Extended `AzblobConfig` with new authentication fields
- Added builder methods for all authentication options: `.client_id()`,
`.client_secret()`, `.tenant_id()`, etc.
- Integrated with existing reqsign authentication system
- Proper Debug implementation with sensitive field redaction
- Some features require future reqsign updates for full functionality
### Backward Compatibility
✅ **No breaking changes** - all existing APIs continue to work
✅ **New features are opt-in** through builder methods
✅ **Default behavior unchanged**
### Usage Examples
```rust
// OAuth with client credentials
let builder = Azblob::default()
.container("my-container")
.endpoint("https://account.blob.core.windows.net";)
.client_id("client-id")
.client_secret("client-secret")
.tenant_id("tenant-id");
// Managed identity
let builder = Azblob::default()
.container("my-container")
.endpoint("https://account.blob.core.windows.net";)
.object_id("object-id")
.msi_resource_id("resource-id");
// Workload identity (Kubernetes)
let builder = Azblob::default()
.container("my-container")
.endpoint("https://account.blob.core.windows.net";)
.client_id("client-id")
.tenant_id("tenant-id")
.federated_token_file("/var/run/secrets/tokens/azure-identity-token");
```
## Test Plan
- [x] All existing unit tests pass
- [x] Code compiles with `cargo check --features services-azblob`
- [x] Clippy passes with `cargo clippy --all-targets
--features=services-azblob -- -D warnings`
- [x] Code formatted with `cargo fmt`
- [x] New authentication fields properly handled in Debug output
- [x] Builder methods correctly set configuration values
## Reqsign Integration Status
**Fully supported by reqsign 0.16.5:**
- ✅ `client_id`, `client_secret`, `tenant_id`, `authority_host`
- ✅ `object_id`, `msi_resource_id`, `federated_token_file`
**Configuration ready (awaiting reqsign support):**
- ⏳ `bearer_token`, `use_emulator`, `msi_endpoint`
- ⏳ `use_azure_cli`, `skip_signature`
- ⏳ `use_fabric_endpoint`, `disable_tagging`
These fields are stored in configuration for future compatibility when
reqsign is updated.
🤖 Generated with [Claude Code](https://claude.ai/code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
