This is an automated email from the ASF dual-hosted git repository. nacx pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/jclouds-site.git
The following commit(s) were added to refs/heads/master by this push: new b4539db Document Azure Blob with Azure Active Directory (#19) b4539db is described below commit b4539dbb635bb0b60ab2d6a650b4a706a8dac5d2 Author: Timur Alperovich <ti...@timuralp.com> AuthorDate: Sun Sep 12 01:08:16 2021 -0700 Document Azure Blob with Azure Active Directory (#19) Added information on the required settings to use Azure Blob with Azure Active Directory. --- guides/azure-storage.md | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/guides/azure-storage.md b/guides/azure-storage.md index 12b098f..01d3e3a 100644 --- a/guides/azure-storage.md +++ b/guides/azure-storage.md @@ -66,3 +66,22 @@ Object object = azureBlobClient.getBlobProperties(containerName, blobName); System.out.println("Object: " + object); context.close(); {% endhighlight %} + +To use Azure Active Directory with Azure Blob storage, follow these steps: + +1. Setup [Azure CLI](https://docs.microsoft.com/en-us/cli/azure/install-azure-cli) +2. Create a new Azure App: `az ad app create --display-name <name> --password <password>` +3. Create a new service principal: `az ad sp create --id <Application-id>` +4. Assign a Storage Blob Data Contributor role to the app: `az role assignment create --role "Storage Blob Data Contributor" --assignee <service principal ID>` +5. Lookup the tenant ID: `az account show` + +In step 2, note the Azure Application ID returned. It will be used to create the service principal. +In step 3, note the service principal ID returned -- it is required in step 4 to assign the role so that the service principal can access the storage account. + +Now you can use Azure Blob using Azure AD authentication. The required properties are: + +* `jclouds.azureblob.auth=azureAd` +* `jclouds.identity=<service principal ID>` +* `jclouds.credential=<service principal password>` +* `jclouds.azureblob.tenantId=<tenant ID>` +* `jclouds.azureblob.account=<Azure Blob storage account>`